[linux] 01/01: Update to 3.16.51
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Nov 27 22:14:13 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch jessie
in repository linux.
commit 3f58d236947227210c23f382148b07534cd2cb89
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Mon Nov 27 19:05:38 2017 +0000
Update to 3.16.51
Drop several patches that went upstream (and one that was obsoleted by
a better upstream fix).
Avoid or ignore ABI changes as appropriate.
---
debian/changelog | 436 ++++++++++++++++++++-
debian/config/defines | 6 +-
...remove-broken-fallback-for-missing-ctrl-a.patch | 57 ---
...roperly-check-l2cap-config-option-output-.patch | 353 -----------------
...rfs-don-t-clear-sgid-when-inheriting-acls.patch | 58 ---
...xt2-don-t-clear-sgid-when-inheriting-acls.patch | 96 -----
...xt4-don-t-clear-sgid-when-inheriting-acls.patch | 93 -----
...4-preserve-i_mode-if-__ext4_set_acl-fails.patch | 68 ----
...2fs-don-t-clear-sgid-when-inheriting-acls.patch | 30 --
...lus-don-t-clear-sgid-when-inheriting-acls.patch | 90 -----
...jfs-don-t-clear-sgid-when-inheriting-acls.patch | 64 ---
...-the-required-netlink-attributes-presence.patch | 36 --
...rfs-don-t-clear-sgid-when-inheriting-acls.patch | 56 ---
...-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch | 55 ---
...xxx-fix-an-integer-overflow-in-sysfs-code.patch | 58 ---
...-aty-do-not-leak-uninitialized-padding-in.patch | 30 --
...xfs-don-t-clear-sgid-when-inheriting-acls.patch | 79 ----
...realtime_inode-should-be-false-if-no-rt-d.patch | 68 ----
...s-host_initiated-to-functions-that-read-M.patch | 27 +-
...don-t-allow-l2-to-access-the-hardware-cr8.patch | 35 --
.../cpumask-avoid-abi-change-in-3.16.50.patch | 24 ++
.../debian/dm-avoid-abi-change-in-3.16.50.patch | 30 ++
.../debian/gpio-avoid-abi-change-in-3.16.50.patch | 27 ++
.../inet_frag-limit-abi-change-in-3.16.51.patch | 62 +++
.../ip6_fib-avoid-abi-change-in-3.16.50.patch | 23 ++
.../ip_fib-avoid-abi-change-in-3.16.50.patch | 30 ++
.../debian/mm-avoid-abi-change-in-3.16.50.patch | 41 ++
...efine-at_vector_size_arch-for-arch_dlinfo.patch | 6 +-
.../s390-mm-avoid-abi-change-in-3.16.51.patch | 74 ++++
.../debian/sched-avoid-abi-change-in-3.16.49.patch | 48 +++
.../debian/scsi-fix-abi-change-in-3.16.37.patch | 21 +-
debian/patches/debian/version.patch | 14 +-
...-Implement-change_queue_depth-for-virtscs.patch | 8 +-
debian/patches/series | 26 +-
34 files changed, 847 insertions(+), 1382 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 7a01974..24c618b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,442 @@
-linux (3.16.48-2) UNRELEASED; urgency=medium
+linux (3.16.51-1) UNRELEASED; urgency=medium
+
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.49
+ - sched/topology: Refactor function build_overlap_sched_groups()
+ - sched/topology: Fix building of overlapping sched-groups
+ - sched/topology: Fix overlapping sched_group_mask
+ - sched/topology: Fix overlapping sched_group_capacity
+ - mwifiex: fixup error cases in mwifiex_add_virtual_intf()
+ - f2fs: load inode's flag from disk
+ - f2fs: try to freeze in gc and discard threads
+ - [arm64] Preventing READ_IMPLIES_EXEC propagation
+ - [x86] drm/i915: Workaround VLV/CHV DSI scanline counter hardware fail
+ - mceusb: fix memory leaks in error path
+ - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS
+ - [x86] kvm: Guest BNDCFGS requires guest MPX support
+ - [x86] kvm: vmx: Check value written to IA32_BNDCFGS
+ - e1000e: Fix Runtime PM blocks EEE link negotiation in S5
+ - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
+ - perf/core: Correct event creation with PERF_FORMAT_GROUP
+ - Bluetooth: use constant time memory comparison for secret values
+ - vxlan: dont migrate permanent fdb entries during learn
+ - usb: usbip: set buffer pointers to NULL after free
+ - usb: Fix typo in the definition of Endpoint[out]Request
+ - PCI: Correct PCI_STD_RESOURCE_END usage
+ - md: don't use flush_signals in userspace processes
+ - udf: Fix races with i_size changes during readpage
+ - udf: Fix deadlock between writeback and udf_setsize()
+ - NFC: fix broken device allocation
+ - ASoC: compress: Derive substream from stream based on direction
+ - Btrfs: skip commit transaction if we don't have enough pinned bytes
+ - [x86] xhci: Limit USB2 port wake support for AMD Promontory hosts
+ - [x86] nmi: Fix timeout test in test_nmi_ipi()
+ - Btrfs: fix invalid extent maps due to hole punching
+ - iwlwifi: mvm: fix the recovery flow while connecting
+ - staging: comedi: fix clean-up of comedi_class in comedi_init()
+ - [s390*] af_iucv: Move sockaddr length checks to before accessing
+ sa_family in bind and connect handlers
+ - scsi: virtio_scsi: let host do exception handling
+ - scsi: bnx2i: missing error code in bnx2i_ep_connect()
+ - [mips*] Bail on unsupported module relocs
+ - [mips*] module: Ensure we always clean up r_mips_hi16_list
+ - [mips*] Fix mips_atomic_set() retry condition
+ - [mips*] Save static registers before sysmips
+ - ath9k: fix tx99 use after free
+ - ath9k: fix tx99 bus error
+ - libertas: Fix lbs_prb_rsp_limit_set()
+ - vfio: Fix group release deadlock
+ - vfio: New external user group/file match
+ - [x86] PCI: Mark Haswell Power Control Unit as having non-compliant BARs
+ - [x86] PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11
+ - PM / Domains: Fix unsafe iteration over modified list of device links
+ - [mips*] math-emu: Prevent wrong ISA mode instruction emulation
+ - [mips*] Actually decode JALX in `__compute_return_epc_for_insn'
+ - [mips*] Fix unaligned PC interpretation in `compute_return_epc'
+ - [mips*] Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
+ - Add USB quirk for HVR-950q to avoid intermittent device resets
+ - [arm64] ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails
+ - mwifiex: do not update MCS set from hostapd
+ - PCI/PM: Restore the status of PCI devices across hibernation
+ - scsi: ses: do not add a device to an enclosure if enclosure_add_links()
+ fails.
+ - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
+ - ipv6: always add flag an address that failed DAD with DADFAILED
+ - ipv6: dad: don't remove dynamic addresses if link is down
+ - [x86] xen: allow userspace access during hypercalls
+ - [x86] drm/i915: Disable MSI for all pre-gen5
+ - RDMA/uverbs: Check port number supplied by user verbs cmds
+ - net: reflect mark on tcp syn ack packets
+ - [s390*] syscalls: Fix out of bounds arguments access
+ - CIFS: fix circular locking dependency
+ - tpm: fix a kernel memory leak in tpm-sysfs.c
+ - target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
+ - cfg80211: Check if PMKID attribute is of expected size
+ - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
+ - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
+ - [x86] drm/radeon: Fix eDP for single-display iMac10,1 (v2)
+ - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
+ - fs/dcache.c: fix spin lockup issue on nlru->lock
+ - [powerpc*] asm: Mark cr0 as clobbered in mftb()
+ - [mips*] Negate error syscall return in trace
+ - iscsi-target: Add login_keys_workaround attribute for non RFC initiators
+ - [powerpc*] Fix emulation of mfocrf in emulate_step()
+ - [powerpc*/*64*] Fix atomic64_inc_not_zero() to return an int
+ - PM / QoS: return -EINVAL for bogus strings
+ - Input: i8042 - fix crash at boot time
+ - sysctl: fix lax sysctl_check_table() sanity check
+ - sunrpc: use constant time memory comparison for mac
+ - ubifs: Correctly evict xattr inodes
+ - ubifs: Don't leak kernel memory to the MTD
+ - mm: fix overflow check in expand_upwards()
+ - reiserfs: preserve i_mode if __reiserfs_set_acl() fails
+ - jfs: preserve i_mode if __jfs_set_acl() fails
+ - f2fs: preserve i_mode if __f2fs_set_acl() fails
+ - btrfs: preserve i_mode if __btrfs_set_acl() fails
+ - saa7164: fix double fetch PCIe access condition (CVE-2017-8831)
+ - l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
+ - net/route: enforce hoplimit max value
+ - ipv4/fib: don't warn when primary address is missing if in_dev is dead
+ - net_dbg_ratelimited: turn into no-op when !DEBUG
+ - net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case
+ - net: Don't forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG
+ - net sched filters: fix notification of filter delete with proper handle
+ - Revert "ACPI / EC: Add support to disallow QR_EC to be issued before
+ completing previous QR_EC"
+ - drm/irq: BUG_ON() -> WARN_ON()
+ - [x86] efi: Avoid triple faults during EFI mixed mode calls
+ - [armhf] usb: musb: cppi41: correct the macro name EP_MODE_AUTOREG_*
+ - [armhf] usb: musb: cppi41: improve rx channel abort routine
+ - v4l2-dv-timings.h: fix polarity for 4k formats
+ - Input: ads7846 - correct the value got from SPI
+ - Btrfs: don't use src fd for printk
+ - [armhf] serial: samsung: Reorder the sequence of clock control when call
+ s3c24xx_serial_set_termios()
+ - misc: ad525x_dpot: Fix the enabling of the "otpXen" attributes
+ - [x86] perf: Honor the architectural performance monitoring version
+ - [i386] perf: Fix undefined shift on 32-bit kernels
+ - [powerpc*] macintosh/therm_windtunnel: Export I2C module alias information
+ - [arm64] Rework valid_user_regs
+ - mm/swap.c: flush lru pvecs on compound page arrival
+ - [s390*] seccomp: fix error return for filtered system calls
+ - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
+ - PCI: Support PCIe devices with short cfg_size
+ - PCI: Limit config space size for Netronome NFP6000 family
+ - PCI: Limit config space size for Netronome NFP4000
+ - [x86] netvsc: fix incorrect receive checksum offloading
+ - fs/cifs: make share unaccessible at root level mountable
+ - cifs: Fix memory leaks in cifs_do_mount()
+ - cifs: Compare prepaths when comparing superblocks
+ - cifs: Move check for prefix path to within cifs_get_root()
+ - cifs: Fix regression which breaks DFS mounting
+ - cifs: Fix match_prepath()
+ - sched: move no_new_privs into new atomic flags
+ - sched: fix confusing PFA_NO_NEW_PRIVS constant
+ - sched: add macros to define bitops for task atomic flags
+ - cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags
+ - dm: flush queued bios when process blocks to avoid deadlock
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.50
+ - fuse: initialize the flock flag in fuse_file on allocation
+ - md: Raid5 should update rdev->sectors after reshape
+ - net: bridge: fix dest lookup when vlan proto doesn't match
+ - net/packet: Fix Tx queue selection for AF_PACKET
+ - usb: storage: return on error to avoid a null pointer dereference
+ - libceph: potential NULL dereference in ceph_msg_data_create()
+ - ASoC: do not close shared backend dailink
+ - [x86] drm/vmwgfx: Fix gcc-7.1.1 warning
+ - netfilter: ipt_CLUSTERIP: fix use-after-free of proc entry
+ - libata: array underflow in ata_find_dev()
+ - workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
+ - nfs: mount: copy the port field into the cloned nfs_server structure.
+ - [x86] acpi: Prevent out of bound access caused by broken ACPI tables
+ - [armel,armhf] kexec: Make .text R/W in machine_kexec
+ - [armel,armhf] kexec: fix failure to boot crash kernel
+ - xhci: Fix NULL pointer dereference when cleaning up streams for removed
+ host
+ - xhci: Bad Ethernet performance plugged in ASM1042A host
+ - xhci: fix 20000ms port resume timeout
+ - xhci: fix memleak in xhci_run()
+ - tracing: Fix kmemleak in instance_rmdir
+ - cxgb4: Fix error codes in c4iw_create_cq()
+ - IB/cxgb3: Fix error codes in iwch_alloc_mr()
+ - RDMA/ocrdma: Fix an error code in ocrdma_alloc_pd()
+ - RDMA/ocrdma: Fix error codes in ocrdma_create_srq()
+ - IB/cma: Fix a race condition in iboe_addr_get_sgid()
+ - IB/cma: Fix reference count leak when no ipv4 addresses are set
+ - RDMA/uverbs: Fix the check for port number
+ - RDMA/core: Initialize port_num in qp_attr
+ - ipv4: initialize fib_trie prior to register_netdev_notifier call.
+ - perf/core: Fix locking for children siblings group read
+ - iwlwifi: dvm: prevent an out of bounds access
+ - IB/ipoib: Prevent setting negative values to max_nonsrq_conn_qp
+ - IB/ipoib: Set IPOIB_NEIGH_TBL_FLUSH after flushed completion
+ initialization
+ - IB/ipoib: Remove double pointer assigning
+ - [powerpc*] KVM: Book3S HV: Enable TM before accessing TM registers
+ - [x86] kprobes: Release insn_slot in failure path
+ - md/raid5: add thread_group worker async_tx_issue_pending_all
+ - workqueue: implicit ordered attribute should be overridable
+ - [powerpc*] pseries: Fix of_node_put() underflow during reconfig remove
+ - media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds
+ - [x86] iommu/amd: Fix schedule-while-atomic BUG in initialization code
+ - [powerpc*] mm/hash: Free the subpage_prot_table correctly
+ - sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
+ - sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
+ - net/mlx5: Fix command bad flow on command entry allocation failure
+ - USB: hcd: Mark secondary HCD as dead if the primary one died
+ - batman-adv: fix TT sync flag inconsistencies
+ - iwlwifi: mvm: set the RTS_MIMO_PROT bit in flag mask when sending sta to
+ fw
+ - USB: serial: option: add D-Link DWM-222 device ID
+ - [x86] KVM: async_pf: make rcu irq exit if not triggered from idle task
+ - net/mlx4_en: Fix wrong indication of Wake-on-LAN (WoL) support
+ - ocfs2: don't clear SGID when inheriting ACLs
+ - ipv6: set rt6i_protocol properly in the route when it is installed
+ - RDMA/uverbs: Prevent leak of reserved field
+ - IB/uverbs: Fix device cleanup
+ - ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
+ - ext4: fix overflow caused by missing cast in ext4_resize_fs()
+ - iscsi-target: Fix iscsi_np reset hung task during parallel delete
+ - [s390*] qeth: fix L3 next-hop in xmit qeth hdr
+ - scsi: st: fix blk_get_queue usage
+ - net: reduce skb_warn_bad_offload() noise
+ - net: skb_needs_check() accepts CHECKSUM_NONE for tx
+ - net: avoid skb_warn_bad_offload false positives on UFO
+ - [x86] crypto: sha1 - Fix reads beyond the number of blocks passed
+ - [amd64] asm: Clear AC on NMI entries
+ - USB: Check for dropped connection before switching to full speed
+ - mm: migrate: prevent racy access to tlb_flush_pending
+ - xfs: fix inobt inode allocation search optimization
+ - af_key: do not use GFP_KERNEL in atomic contexts
+ - audit: Fix use after free in audit_remove_watch_rule()
+ - dst: Increase alignment of metrics to allow extra flag on pointers
+ - ipv4: add reference counting to metrics
+ - ipv4: fix NULL dereference in free_fib_info_rcu()
+ - net_sched/sfq: update hierarchical backlog when drop packet
+ - netxen: fix incorrect loop counter decrement
+ - mm/mempolicy: fix use after free when calling get_mempolicy
+ - ipv6: reset fn->rr_ptr when replacing route
+ - net_sched: fix order of queue length updates in qdisc_replace()
+ - drm: Release driver tracking before making the object available again
+ - ALSA: core: Fix unexpected error at replacing user TLV
+ - [arm64] fpsimd: Prevent registers leaking across exec
+ - [arm64] mm: abort uaccess retries upon fatal signal
+ - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
+ - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
+ - cifs: Fix df output for users with quota limits
+ - cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
+ - tracing: Fix freeing of filter in create_filter() when set_str is false
+ - qlge: avoid memcpy buffer overflow
+ - nfsd: Limit end of page list when decoding NFSv4 WRITE
+ - mtd: nandsim: remove debugfs entries in error path
+ - [x86] netvsc: fix deadlock betwen link status and removal
+ - perf/core: Fix group {cpu,task} validation
+ - PM/hibernate: touch NMI watchdog when creating snapshot
+ - ipv6: add rcu grace period before freeing fib6_node
+ - ipv6: Fix may be used uninitialized warning in rt6_check
+ - r8169: Do not increment tx_dropped in TX ring cleaning
+ - r8169: Be drop monitor friendly
+ - vfs: Clarify (and fix) MAX_LFS_FILESIZE macros
+ - xfrm_user: fix info leak in xfrm_notify_sa()
+ - xfrm_user: fix info leak in build_aevent()
+ - dm: fix printk() rate limiting code
+ - l2tp: initialise session's refcount before making it reachable
+ - l2tp: hold tunnel while looking up sessions in l2tp_netlink
+ - l2tp: hold tunnel while processing genl delete command
+ - l2tp: hold tunnel while handling genl tunnel updates
+ - l2tp: hold tunnel while handling genl TUNNEL_GET commands
+ - l2tp: hold tunnel used while creating sessions with netlink
+ - ipv6: fix sparse warning on rt6i_node
+ - [x86] ldt: Fix off by one in get_segment_base()
+ - [x86] i2c: ismt: Don't duplicate the receive length for block reads
+ - [x86] i2c: ismt: Return EMSGSIZE for block reads with bogus length
+ - CIFS: Fix maximum SMB2 header size
+ - CIFS: remove endian related sparse warning
+ - net_sched: fix error recovery at qdisc creation
+ - sch_htb: fix crash on init failure
+ - sch_multiq: fix double free on init failure
+ - sch_hhf: fix null pointer dereference on init failure
+ - sch_hfsc: fix null pointer deref and double free on init failure
+ - sch_cbq: fix null pointer dereferences on init failure
+ - sch_fq_codel: avoid double free on init failure
+ - sch_netem: avoid null pointer deref on init failure
+ - sch_tbf: fix two null pointer dereferences on init failure
+ - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/
+ ep_remove()
+ - cifs: check MaxPathNameComponentLength != 0 before using it
+ - brcmfmac: add length check in brcmf_cfg80211_escan_handler()
+ (CVE-2017-0786)
+ - fix unbalanced page refcounting in bio_map_user_iov (CVE-2017-12190)
+ - KEYS: prevent KEYCTL_READ on negative key
+ - assoc_array: Fix a buggy node-splitting case (CVE-2017-12193)
+ - mac80211: accept key reinstall without changing anything (CVE-2017-13080)
+ - ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
+ - KEYS: don't let add_key() update an uninstantiated key (CVE-2017-15299)
+ - packet: hold bind lock when rebinding to fanout hook (CVE-2017-15649)
+ - packet: in packet_do_bind, test fanout with bind_lock held
+ (CVE-2017-15649)
+ - ALSA: usb-audio: Kill stray URB at exiting (CVE-2017-16527)
+ - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
+ (CVE-2017-16529)
+ - USB: uas: fix bug in handling of alternate settings (CVE-2017-16530)
+ - USB: fix out-of-bounds in usb_set_configuration (CVE-2017-16531)
+ - usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
+ - HID: usbhid: fix out-of-bounds bug (CVE-2017-16533)
+ - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
+ (CVE-2017-16535)
+ - ALSA: seq: Enable 'use' locking in all configurations
+ - [x86] platform: samsung-laptop: Initialize loca variable
+ - mm/init: fix zone boundary creation
+ - module: fix types of device tables aliases
+ - mm/hugetlb: improve locking in dissolve_free_huge_pages()
+ - cpumask_set_cpu_local_first => cpumask_local_spread, lament
+ - [arm64] Input: joystick - use get_cycles on ARMv8
+ - [armhf] ASoC: fsl-ssi: fix do_div build warning in fsl_ssi_set_bclk()
+ - i2o: hide unsafe ioctl on 64-bit
+ - paride: fix the "verbose" module param
+ - aic94xx: Skip reading user settings if flash is not found
+ - i40e: Reduce stack in i40e_dbg_dump_desc
+ - mISDN: avoid arch specific __builtin_return_address call
+ - net: am2150: fix nmclan_cs.c shared interrupt handling
+ - am2150: Update nmclan_cs.c to use update PCMCIA API
+ - net: tulip: turn compile-time warning into dev_warn()
+ - hostap: avoid uninitialized variable use in hfa384x_get_rid
+ - Staging: lustre: missing curly braces in ll_setattr_raw()
+ - [x86] Staging: wlan-ng: fix sparse warning in prism2fw.c
+ - [x86] xen: fix upper bound of pmd loop in xen_cleanhighmap()
+ - [x86] boot: Add CONFIG_PARAVIRT_SPINLOCKS quirk to
+ arch/x86/boot/compressed/misc.h
+ - [armhf] 8296/1: cache-l2x0: clean up aurora cache handling
+ - staging: r8192ee: prorperly format warning message
+ - mtd: cfi: reduce stack size
+ - perf: Avoid horrible stack usage
+ - e1000e: fix call to do_div() to use u64 arg
+ - [x86] i2c: ismt: Separate I2C block read from SMBus block read
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.51
+ - IB/core: Fix the validations of a multicast LID in attach or detach
+ operations
+ - fcntl: Don't use ambiguous SIG_POLL si_codes
+ - printk: only unregister boot consoles when necessary
+ - printk/console: Always disable boot consoles that use init memory before
+ it is freed
+ - [x86] rtlwifi: rtl8821ae: Fix HW_VAR_NAV_UPPER operation
+ - [powerpc*] mm: Fix check of multiple 16G pages from device tree
+ - [x86] PCI: shpchp: Enable bridge bus mastering if MSI is enabled
+ - dlm: avoid double-free on error path in dlm_device_{register,unregister}
+ - media: v4l2-compat-ioctl32: Fix timespec conversion
+ - [armhf] OMAP2+: omap_device: drop broken RPM status update from
+ suspend_noirq
+ - [amd64] fsgsbase: Report FSBASE and GSBASE correctly in core dumps
+ - [s390*] scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
+ - [s390*] scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress
+ path
+ - [s390*] scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace
+ records
+ - [s390*] scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate
+ with HBA
+ - [s390*] scsi: zfcp: fix missing trace records for early returns in TMF eh
+ handlers
+ - [s390*] scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
+ - [s390*] scsi: zfcp: trace HBA FSF response by default on dismiss or
+ timedout late response
+ - [i386] cs5536: add support for IDE controller variant
+ - btrfs: resume qgroup rescan on rw remount
+ - drm/ttm: Fix accounting error when fail to get pages for pool
+ - block: Relax a check in blk_start_queue()
+ - skd: Avoid that module unloading triggers a use-after-free
+ - skd: Submit requests to firmware before triggering the doorbell
+ - net: don't decrement kobj reference count on init failure
+ - media: uvcvideo: Prevent heap overflow when accessing mapped controls
+ - [x86] media: lirc_zilog: driver only sends LIRCCODE
+ - [x86] staging/rts5208: fix incorrect shift to extract upper nybble
+ - [armhf] pwm: tiehrpwm: Fix runtime PM imbalance at unbind
+ - [armhf] pwm: tiehrpwm: fix clock imbalance in probe error path
+ - f2fs: check hot_data for roll-forward recovery
+ - RDMA/usnic: Fix remove address space warning
+ - IB/mlx5: Fix integer overflow when page_shift == 31
+ - media: em28xx: calculate left volume level correctly
+ - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails
+ - USB: core: Avoid race of async_completed() w/ usbdev_release()
+ - usb:xhci:Fix regression when ATI chipsets detected
+ - ACPI, APEI, EINJ: Subtract any matching Register Region from Trigger
+ resources
+ - IB/{qib, hfi1}: Avoid flow control testing for RDMA write operation
+ - IB/usnic: check for allocation failure
+ - [armel,armhf] 8692/1: mm: abort uaccess retries upon fatal signal
+ - net/mlx4_core: Make explicit conversion to 64bit value
+ - scsi: aacraid: Fix command send race condition
+ - iwlwifi: mvm: Avoid deferring non bufferable frames
+ - [powerpc*] Fix DAR reporting when alignment handler faults
+ - [powerpc*] Correct instruction code for xxlor instruction
+ - xen/events: events_fifo: Don't use {get,put}_cpu() in
+ xen_evtchn_fifo_init()
+ - driver core: bus: Fix a potential double free
+ - md/bitmap: disable bitmap_resize for file-backed bitmaps.
+ - xfs: fix incorrect log_flushed on fsync
+ - Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
+ - l2tp: prevent creation of sessions on terminated tunnels
+ - l2tp: pass tunnel pointer to ->session_create()
+ - [armhf] mfd: omap-usb-tll: Fix register offsets
+ - mac80211_hwsim: Use proper TX power
+ - mac80211: flush hw_roc_start work before cancelling the ROC
+ - [s390*] mm: fix race on mm->context.flush_mm
+ - bcache: Fix leak of bdev reference
+ - bcache: fix sequential large write IO bypass
+ - bcache: do not subtract sectors_to_gc for bypassed IO
+ - bcache: correct cache_dirty_target in __update_writeback_rate()
+ - bcache: Correct return value for sysfs attach errors
+ - bcache: fix crash on shutdown in passthrough mode
+ - bcache: fix for gc and write-back race
+ - bcache: fix bch_hprint crash and improve output
+ - tracing: Apply trace_clock changes to instance max buffer
+ - genirq: Make sparse_irq_lock protect what it should protect
+ - bcache: initialize dirty stripes in flash_dev_run()
+ - ipv6: fix memory leak with multiple tables during netns destruction
+ - ipv6: fix typo in fib6_net_exit()
+ - Input: xpad - don't depend on endpoint order
+ - Input: xpad - validate USB endpoint type during probe
+ - smsc95xx: Configure pause time to 0xffff when tx flow control enabled
+ - [x86] KVM: SVM: Add a missing 'break' statement
+ - IB/mlx4: fix sprintf format warning
+ - [x86] KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
+ Ready" exceptions simultaneously
+ - sctp: do not peel off an assoc from one netns to another one
+ (CVE-2017-15115)
+ - USB: serial: console: fix use-after-free after failed setup
+ (CVE-2017-16525)
+ - cx231xx-cards: fix NULL-deref on missing association descriptor
+ (CVE-2017-16536)
+ - media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
+ - Input: gtco - fix potential out-of-bound access (CVE-2017-16643)
+ - net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
+ - net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650)
+ - mac80211: use constant time comparison with keys
+ - mac80211: don't compare TKIP TX MIC key in reinstall prevention
+ (CVE-2017-13080)
+ - [x86] VSOCK: sock_put wasn't safe to call in interrupt context
+ - [x86] VSOCK: Detach QP check should filter out non matching QPs.
+ - [x86] kvm: Handle async PF in RCU read-side critical sections
+ - [x86] kvm: Avoid async PF preempting the kernel incorrectly
[ Salvatore Bonaccorso ]
* KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags (Closes: #877760)
[ Ben Hutchings ]
- * [s390x] qeth: Ignore ABI changes
+ * [s390*] qeth: Ignore ABI changes
+ * Revert "[SCSI] aic94xx: Remove broken fallback for missing 'Ctrl-A' user
+ settings", as the fallback has been fixed upstream
+ * [x86] kvm: Ignore ABI change
+ * l2tp: Ignore ABI change
+ * perf: Ignore ABI change
+ * sched: Avoid ABI change in 3.16.49
+ * cpumask: Avoid ABI change in 3.16.50
+ * dm: Avoid ABI change in 3.16.50
+ * gpio: Avoid ABI change in 3.16.50
+ * ip6_fib: Avoid ABI change in 3.16.50
+ * ip_fib: Avoid ABI change in 3.16.50
+ * mm: Avoid ABI change in 3.16.50
+ * inet_frag: Limit ABI change in 3.16.51
+ * [s390*] mm: Avoid ABI change in 3.16.51
-- Salvatore Bonaccorso <carnil at debian.org> Thu, 05 Oct 2017 21:54:27 +0200
diff --git a/debian/config/defines b/debian/config/defines
index 1fd4452..816a842 100644
--- a/debian/config/defines
+++ b/debian/config/defines
@@ -19,7 +19,7 @@ ignore-changes:
module:drivers/target/target_core_mod
module:drivers/usb/musb/*
module:net/ceph/libceph
- module:net/l2tp/l2tp_core
+ module:net/l2tp/*
module:net/rds/rds
module:sound/firewire/snd-firewire-lib
module:sound/i2c/other/snd-ak4113
@@ -32,8 +32,12 @@ ignore-changes:
azx_send_cmd
can_rx_register
cpuidle_*
+ inet_frag_*
+ inet_frags_*
+ kvm_async_pf_task_wait
kvmppc_*
musb_*
+ perf_trace_*
tcp_make_synack
tcp_parse_options
tcp_try_fastopen
diff --git a/debian/patches/bugfix/all/aic94xx-remove-broken-fallback-for-missing-ctrl-a.patch b/debian/patches/bugfix/all/aic94xx-remove-broken-fallback-for-missing-ctrl-a.patch
deleted file mode 100644
index e41a526..0000000
--- a/debian/patches/bugfix/all/aic94xx-remove-broken-fallback-for-missing-ctrl-a.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Sun, 08 Jun 2014 23:37:44 +0100
-Subject: [SCSI] aic94xx: Remove broken fallback for missing 'Ctrl-A' user settings
-Forwarded: http://mid.gmane.org/1402267064.23860.42.camel@deadeye.wl.decadent.org.uk
-
-asd_process_ctrl_a_user() attempts to find user settings in flash, and
-if they are missing it prepares a substitute structure containing
-default values for PHY settings. But having done so, it will still
-try to read user settings - from some random address in flash, as the
-local variable 'offs' has not been initialised.
-
-Since asd_common_setup() already sets default PHY settings, there
-seems to be no need to repeat them here, and we can just return 0.
-
-Compile-tested only.
-
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
----
- drivers/scsi/aic94xx/aic94xx_sds.c | 18 ++----------------
- 1 file changed, 2 insertions(+), 16 deletions(-)
-
-diff --git a/drivers/scsi/aic94xx/aic94xx_sds.c b/drivers/scsi/aic94xx/aic94xx_sds.c
-index edb43fd..f5d51d2 100644
---- a/drivers/scsi/aic94xx/aic94xx_sds.c
-+++ b/drivers/scsi/aic94xx/aic94xx_sds.c
-@@ -981,29 +981,15 @@ static int asd_process_ctrla_phy_settings(struct asd_ha_struct *asd_ha,
- static int asd_process_ctrl_a_user(struct asd_ha_struct *asd_ha,
- struct asd_flash_dir *flash_dir)
- {
-- int err, i;
-+ int err;
- u32 offs, size;
- struct asd_ll_el *el;
- struct asd_ctrla_phy_settings *ps;
-- struct asd_ctrla_phy_settings dflt_ps;
-
- err = asd_find_flash_de(flash_dir, FLASH_DE_CTRL_A_USER, &offs, &size);
- if (err) {
- ASD_DPRINTK("couldn't find CTRL-A user settings section\n");
-- ASD_DPRINTK("Creating default CTRL-A user settings section\n");
--
-- dflt_ps.id0 = 'h';
-- dflt_ps.num_phys = 8;
-- for (i =0; i < ASD_MAX_PHYS; i++) {
-- memcpy(dflt_ps.phy_ent[i].sas_addr,
-- asd_ha->hw_prof.sas_addr, SAS_ADDR_SIZE);
-- dflt_ps.phy_ent[i].sas_link_rates = 0x98;
-- dflt_ps.phy_ent[i].flags = 0x0;
-- dflt_ps.phy_ent[i].sata_link_rates = 0x0;
-- }
--
-- size = sizeof(struct asd_ctrla_phy_settings);
-- ps = &dflt_ps;
-+ return 0;
- }
-
- if (size == 0)
diff --git a/debian/patches/bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch b/debian/patches/bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch
deleted file mode 100644
index 21f7298..0000000
--- a/debian/patches/bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch
+++ /dev/null
@@ -1,353 +0,0 @@
-From: Ben Seri <ben at armis.com>
-Date: Sat, 9 Sep 2017 23:15:59 +0200
-Subject: Bluetooth: Properly check L2CAP config option output buffer length
-Origin: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000251
-
-Validate the output buffer length for L2CAP config requests and responses
-to avoid overflowing the stack buffer used for building the option blocks.
-
-Cc: stable at vger.kernel.org
-Signed-off-by: Ben Seri <ben at armis.com>
-Signed-off-by: Marcel Holtmann <marcel at holtmann.org>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- net/bluetooth/l2cap_core.c | 80 +++++++++++++++++++++++++---------------------
- 1 file changed, 43 insertions(+), 37 deletions(-)
-
---- a/net/bluetooth/l2cap_core.c
-+++ b/net/bluetooth/l2cap_core.c
-@@ -59,7 +59,7 @@ static struct sk_buff *l2cap_build_cmd(s
- u8 code, u8 ident, u16 dlen, void *data);
- static void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len,
- void *data);
--static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data);
-+static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data, size_t data_size);
- static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
-
- static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
-@@ -1401,7 +1401,7 @@ static void l2cap_conn_start(struct l2ca
-
- set_bit(CONF_REQ_SENT, &chan->conf_state);
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -2978,12 +2978,15 @@ static inline int l2cap_get_conf_opt(voi
- return len;
- }
-
--static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
-+static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val, size_t size)
- {
- struct l2cap_conf_opt *opt = *ptr;
-
- BT_DBG("type 0x%2.2x len %u val 0x%lx", type, len, val);
-
-+ if (size < L2CAP_CONF_OPT_SIZE + len)
-+ return;
-+
- opt->type = type;
- opt->len = len;
-
-@@ -3008,7 +3011,7 @@ static void l2cap_add_conf_opt(void **pt
- *ptr += L2CAP_CONF_OPT_SIZE + len;
- }
-
--static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan)
-+static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan, size_t size)
- {
- struct l2cap_conf_efs efs;
-
-@@ -3036,7 +3039,7 @@ static void l2cap_add_opt_efs(void **ptr
- }
-
- l2cap_add_conf_opt(ptr, L2CAP_CONF_EFS, sizeof(efs),
-- (unsigned long) &efs);
-+ (unsigned long) &efs, size);
- }
-
- static void l2cap_ack_timeout(struct work_struct *work)
-@@ -3180,11 +3183,12 @@ static inline void l2cap_txwin_setup(str
- chan->ack_win = chan->tx_win;
- }
-
--static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data)
-+static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data, size_t data_size)
- {
- struct l2cap_conf_req *req = data;
- struct l2cap_conf_rfc rfc = { .mode = chan->mode };
- void *ptr = req->data;
-+ void *endptr = data + data_size;
- u16 size;
-
- BT_DBG("chan %p", chan);
-@@ -3209,7 +3213,7 @@ static int l2cap_build_conf_req(struct l
-
- done:
- if (chan->imtu != L2CAP_DEFAULT_MTU)
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, endptr - ptr);
-
- switch (chan->mode) {
- case L2CAP_MODE_BASIC:
-@@ -3225,7 +3229,7 @@ done:
- rfc.max_pdu_size = 0;
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
- break;
-
- case L2CAP_MODE_ERTM:
-@@ -3245,21 +3249,21 @@ done:
- L2CAP_DEFAULT_TX_WINDOW);
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
-
- if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
-- l2cap_add_opt_efs(&ptr, chan);
-+ l2cap_add_opt_efs(&ptr, chan, endptr - ptr);
-
- if (test_bit(FLAG_EXT_CTRL, &chan->flags))
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
-- chan->tx_win);
-+ chan->tx_win, endptr - ptr);
-
- if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
- if (chan->fcs == L2CAP_FCS_NONE ||
- test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
- chan->fcs = L2CAP_FCS_NONE;
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,
-- chan->fcs);
-+ chan->fcs, endptr - ptr);
- }
- break;
-
-@@ -3277,17 +3281,17 @@ done:
- rfc.max_pdu_size = cpu_to_le16(size);
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
-
- if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
-- l2cap_add_opt_efs(&ptr, chan);
-+ l2cap_add_opt_efs(&ptr, chan, endptr - ptr);
-
- if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
- if (chan->fcs == L2CAP_FCS_NONE ||
- test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
- chan->fcs = L2CAP_FCS_NONE;
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1,
-- chan->fcs);
-+ chan->fcs, endptr - ptr);
- }
- break;
- }
-@@ -3298,10 +3302,11 @@ done:
- return ptr - data;
- }
-
--static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data)
-+static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data_size)
- {
- struct l2cap_conf_rsp *rsp = data;
- void *ptr = rsp->data;
-+ void *endptr = data + data_size;
- void *req = chan->conf_req;
- int len = chan->conf_len;
- int type, hint, olen;
-@@ -3403,7 +3408,7 @@ done:
- return -ECONNREFUSED;
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
- }
-
- if (result == L2CAP_CONF_SUCCESS) {
-@@ -3416,7 +3421,7 @@ done:
- chan->omtu = mtu;
- set_bit(CONF_MTU_DONE, &chan->conf_state);
- }
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu, endptr - ptr);
-
- if (remote_efs) {
- if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
-@@ -3430,7 +3435,7 @@ done:
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
- sizeof(efs),
-- (unsigned long) &efs);
-+ (unsigned long) &efs, endptr - ptr);
- } else {
- /* Send PENDING Conf Rsp */
- result = L2CAP_CONF_PENDING;
-@@ -3463,7 +3468,7 @@ done:
- set_bit(CONF_MODE_DONE, &chan->conf_state);
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
-- sizeof(rfc), (unsigned long) &rfc);
-+ sizeof(rfc), (unsigned long) &rfc, endptr - ptr);
-
- if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
- chan->remote_id = efs.id;
-@@ -3477,7 +3482,7 @@ done:
- le32_to_cpu(efs.sdu_itime);
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS,
- sizeof(efs),
-- (unsigned long) &efs);
-+ (unsigned long) &efs, endptr - ptr);
- }
- break;
-
-@@ -3491,7 +3496,7 @@ done:
- set_bit(CONF_MODE_DONE, &chan->conf_state);
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
-- (unsigned long) &rfc);
-+ (unsigned long) &rfc, endptr - ptr);
-
- break;
-
-@@ -3513,10 +3518,11 @@ done:
- }
-
- static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
-- void *data, u16 *result)
-+ void *data, size_t size, u16 *result)
- {
- struct l2cap_conf_req *req = data;
- void *ptr = req->data;
-+ void *endptr = data + size;
- int type, olen;
- unsigned long val;
- struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
-@@ -3534,13 +3540,13 @@ static int l2cap_parse_conf_rsp(struct l
- chan->imtu = L2CAP_DEFAULT_MIN_MTU;
- } else
- chan->imtu = val;
-- l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu);
-+ l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, endptr - ptr);
- break;
-
- case L2CAP_CONF_FLUSH_TO:
- chan->flush_to = val;
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
-- 2, chan->flush_to);
-+ 2, chan->flush_to, endptr - ptr);
- break;
-
- case L2CAP_CONF_RFC:
-@@ -3554,13 +3560,13 @@ static int l2cap_parse_conf_rsp(struct l
- chan->fcs = 0;
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
-- sizeof(rfc), (unsigned long) &rfc);
-+ sizeof(rfc), (unsigned long) &rfc, endptr - ptr);
- break;
-
- case L2CAP_CONF_EWS:
- chan->ack_win = min_t(u16, val, chan->ack_win);
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EWS, 2,
-- chan->tx_win);
-+ chan->tx_win, endptr - ptr);
- break;
-
- case L2CAP_CONF_EFS:
-@@ -3573,7 +3579,7 @@ static int l2cap_parse_conf_rsp(struct l
- return -ECONNREFUSED;
-
- l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs),
-- (unsigned long) &efs);
-+ (unsigned long) &efs, endptr - ptr);
- break;
-
- case L2CAP_CONF_FCS:
-@@ -3678,7 +3684,7 @@ void __l2cap_connect_rsp_defer(struct l2
- return;
-
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -3885,7 +3891,7 @@ sendresp:
- u8 buf[128];
- set_bit(CONF_REQ_SENT, &chan->conf_state);
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -3965,7 +3971,7 @@ static int l2cap_connect_create_rsp(stru
- break;
-
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, req), req);
-+ l2cap_build_conf_req(chan, req, sizeof(req)), req);
- chan->num_conf_req++;
- break;
-
-@@ -4077,7 +4083,7 @@ static inline int l2cap_config_req(struc
- }
-
- /* Complete config. */
-- len = l2cap_parse_conf_req(chan, rsp);
-+ len = l2cap_parse_conf_req(chan, rsp, sizeof(rsp));
- if (len < 0) {
- l2cap_send_disconn_req(chan, ECONNRESET);
- goto unlock;
-@@ -4111,7 +4117,7 @@ static inline int l2cap_config_req(struc
- if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
- u8 buf[64];
- l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
-
-@@ -4171,7 +4177,7 @@ static inline int l2cap_config_rsp(struc
- char buf[64];
-
- len = l2cap_parse_conf_rsp(chan, rsp->data, len,
-- buf, &result);
-+ buf, sizeof(buf), &result);
- if (len < 0) {
- l2cap_send_disconn_req(chan, ECONNRESET);
- goto done;
-@@ -4201,7 +4207,7 @@ static inline int l2cap_config_rsp(struc
- /* throw out any old stored conf requests */
- result = L2CAP_CONF_SUCCESS;
- len = l2cap_parse_conf_rsp(chan, rsp->data, len,
-- req, &result);
-+ req, sizeof(req), &result);
- if (len < 0) {
- l2cap_send_disconn_req(chan, ECONNRESET);
- goto done;
-@@ -4782,7 +4788,7 @@ static void l2cap_do_create(struct l2cap
- set_bit(CONF_REQ_SENT, &chan->conf_state);
- l2cap_send_cmd(chan->conn, l2cap_get_ident(chan->conn),
- L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf), buf);
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
- chan->num_conf_req++;
- }
- }
-@@ -7361,7 +7367,7 @@ int l2cap_security_cfm(struct hci_conn *
- set_bit(CONF_REQ_SENT, &chan->conf_state);
- l2cap_send_cmd(conn, l2cap_get_ident(conn),
- L2CAP_CONF_REQ,
-- l2cap_build_conf_req(chan, buf),
-+ l2cap_build_conf_req(chan, buf, sizeof(buf)),
- buf);
- chan->num_conf_req++;
- }
diff --git a/debian/patches/bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index 050be32..0000000
--- a/debian/patches/bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From: Jan Kara <jack at suse.cz>
-Date: Thu, 22 Jun 2017 15:31:07 +0200
-Subject: btrfs: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/b7f8a09f8097db776b8d160862540e4fc1f51296
-Bug-Debian: https://bugs.debian.org/873026
-
-When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
-set, DIR1 is expected to have SGID bit set (and owning group equal to
-the owning group of 'DIR0'). However when 'DIR0' also has some default
-ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
-'DIR1' to get cleared if user is not member of the owning group.
-
-Fix the problem by moving posix_acl_update_mode() out of
-__btrfs_set_acl() into btrfs_set_acl(). That way the function will not be
-called when inheriting ACLs which is what we want as it prevents SGID
-bit clearing and the mode has been properly set by posix_acl_create()
-anyway.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-CC: linux-btrfs at vger.kernel.org
-CC: David Sterba <dsterba at suse.com>
-Signed-off-by: Jan Kara <jack at suse.cz>
-Signed-off-by: David Sterba <dsterba at suse.com>
-[bwh: Backported to 3.16: adjust context]
----
- fs/btrfs/acl.c | 13 +++++++------
- 1 file changed, 7 insertions(+), 6 deletions(-)
-
---- a/fs/btrfs/acl.c
-+++ b/fs/btrfs/acl.c
-@@ -82,12 +82,6 @@ static int __btrfs_set_acl(struct btrfs_
- switch (type) {
- case ACL_TYPE_ACCESS:
- name = POSIX_ACL_XATTR_ACCESS;
-- if (acl) {
-- ret = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-- if (ret)
-- return ret;
-- }
-- ret = 0;
- break;
- case ACL_TYPE_DEFAULT:
- if (!S_ISDIR(inode->i_mode))
-@@ -123,6 +117,13 @@ out:
-
- int btrfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
- {
-+ int ret;
-+
-+ if (type == ACL_TYPE_ACCESS && acl) {
-+ ret = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-+ if (ret)
-+ return ret;
-+ }
- return __btrfs_set_acl(NULL, inode, acl, type);
- }
-
diff --git a/debian/patches/bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index eb1c4c9..0000000
--- a/debian/patches/bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From: Jan Kara <jack at suse.cz>
-Date: Wed, 21 Jun 2017 14:34:15 +0200
-Subject: ext2: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/a992f2d38e4ce17b8c7d1f7f67b2de0eebdea069
-Bug-Debian: https://bugs.debian.org/873026
-
-When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
-set, DIR1 is expected to have SGID bit set (and owning group equal to
-the owning group of 'DIR0'). However when 'DIR0' also has some default
-ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
-'DIR1' to get cleared if user is not member of the owning group.
-
-Fix the problem by creating __ext2_set_acl() function that does not call
-posix_acl_update_mode() and use it when inheriting ACLs. That prevents
-SGID bit clearing and the mode has been properly set by
-posix_acl_create() anyway.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-CC: linux-ext4 at vger.kernel.org
-Signed-off-by: Jan Kara <jack at suse.cz>
-[bwh: Backported to 3.16: keep using CURRENT_TIME_SEC]
----
- fs/ext2/acl.c | 36 ++++++++++++++++++++++--------------
- 1 file changed, 22 insertions(+), 14 deletions(-)
-
---- a/fs/ext2/acl.c
-+++ b/fs/ext2/acl.c
-@@ -178,11 +178,8 @@ ext2_get_acl(struct inode *inode, int ty
- return acl;
- }
-
--/*
-- * inode->i_mutex: down
-- */
--int
--ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
-+static int
-+__ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
- {
- int name_index;
- void *value = NULL;
-@@ -192,13 +189,6 @@ ext2_set_acl(struct inode *inode, struct
- switch(type) {
- case ACL_TYPE_ACCESS:
- name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
-- if (acl) {
-- error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-- if (error)
-- return error;
-- inode->i_ctime = CURRENT_TIME_SEC;
-- mark_inode_dirty(inode);
-- }
- break;
-
- case ACL_TYPE_DEFAULT:
-@@ -225,6 +215,24 @@ ext2_set_acl(struct inode *inode, struct
- }
-
- /*
-+ * inode->i_mutex: down
-+ */
-+int
-+ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
-+{
-+ int error;
-+
-+ if (type == ACL_TYPE_ACCESS && acl) {
-+ error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-+ if (error)
-+ return error;
-+ inode->i_ctime = CURRENT_TIME_SEC;
-+ mark_inode_dirty(inode);
-+ }
-+ return __ext2_set_acl(inode, acl, type);
-+}
-+
-+/*
- * Initialize the ACLs of a new inode. Called from ext2_new_inode.
- *
- * dir->i_mutex: down
-@@ -241,12 +249,12 @@ ext2_init_acl(struct inode *inode, struc
- return error;
-
- if (default_acl) {
-- error = ext2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
-+ error = __ext2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
- posix_acl_release(default_acl);
- }
- if (acl) {
- if (!error)
-- error = ext2_set_acl(inode, acl, ACL_TYPE_ACCESS);
-+ error = __ext2_set_acl(inode, acl, ACL_TYPE_ACCESS);
- posix_acl_release(acl);
- }
- return error;
diff --git a/debian/patches/bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index 6c6efd7..0000000
--- a/debian/patches/bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From: Jan Kara <jack at suse.cz>
-Date: Sun, 30 Jul 2017 23:33:01 -0400
-Subject: ext4: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/a3bb2d5587521eea6dab2d05326abb0afb460abd
-Bug-Debian: https://bugs.debian.org/873026
-
-When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
-set, DIR1 is expected to have SGID bit set (and owning group equal to
-the owning group of 'DIR0'). However when 'DIR0' also has some default
-ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
-'DIR1' to get cleared if user is not member of the owning group.
-
-Fix the problem by moving posix_acl_update_mode() out of
-__ext4_set_acl() into ext4_set_acl(). That way the function will not be
-called when inheriting ACLs which is what we want as it prevents SGID
-bit clearing and the mode has been properly set by posix_acl_create()
-anyway.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-Signed-off-by: Theodore Ts'o <tytso at mit.edu>
-Signed-off-by: Jan Kara <jack at suse.cz>
-Reviewed-by: Andreas Gruenbacher <agruenba at redhat.com>
-[bwh: Backported to 3.16:
- - Keep using ext4_current_time()
- - Adjust context]
----
- fs/ext4/acl.c | 28 +++++++++++++++-------------
- 1 file changed, 15 insertions(+), 13 deletions(-)
-
---- a/fs/ext4/acl.c
-+++ b/fs/ext4/acl.c
-@@ -196,18 +196,10 @@ __ext4_set_acl(handle_t *handle, struct
- void *value = NULL;
- size_t size = 0;
- int error;
-- int update_mode = 0;
-- umode_t mode = inode->i_mode;
-
- switch (type) {
- case ACL_TYPE_ACCESS:
- name_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;
-- if (acl) {
-- error = posix_acl_update_mode(inode, &mode, &acl);
-- if (error)
-- return error;
-- update_mode = 1;
-- }
- break;
-
- case ACL_TYPE_DEFAULT:
-@@ -231,11 +223,6 @@ __ext4_set_acl(handle_t *handle, struct
- kfree(value);
- if (!error) {
- set_cached_acl(inode, type, acl);
-- if (update_mode) {
-- inode->i_mode = mode;
-- inode->i_ctime = ext4_current_time(inode);
-- ext4_mark_inode_dirty(handle, inode);
-- }
- }
-
- return error;
-@@ -246,6 +233,8 @@ ext4_set_acl(struct inode *inode, struct
- {
- handle_t *handle;
- int error, retries = 0;
-+ umode_t mode = inode->i_mode;
-+ int update_mode = 0;
-
- retry:
- handle = ext4_journal_start(inode, EXT4_HT_XATTR,
-@@ -253,7 +242,20 @@ retry:
- if (IS_ERR(handle))
- return PTR_ERR(handle);
-
-+ if ((type == ACL_TYPE_ACCESS) && acl) {
-+ error = posix_acl_update_mode(inode, &mode, &acl);
-+ if (error)
-+ goto out_stop;
-+ update_mode = 1;
-+ }
-+
- error = __ext4_set_acl(handle, inode, type, acl);
-+ if (!error && update_mode) {
-+ inode->i_mode = mode;
-+ inode->i_ctime = ext4_current_time(inode);
-+ ext4_mark_inode_dirty(handle, inode);
-+ }
-+out_stop:
- ext4_journal_stop(handle);
- if (error == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries))
- goto retry;
diff --git a/debian/patches/bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch b/debian/patches/bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch
deleted file mode 100644
index 361df4e..0000000
--- a/debian/patches/bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: =?UTF-8?q?Ernesto=20A=2E=20Fern=C3=A1ndez?=
- <ernesto.mnd.fernandez at gmail.com>
-Date: Sun, 30 Jul 2017 22:43:41 -0400
-Subject: ext4: preserve i_mode if __ext4_set_acl() fails
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/397e434176bb62bc6068d2210af1d876c6212a7e
-Bug-Debian: https://bugs.debian.org/873026
-
-When changing a file's acl mask, __ext4_set_acl() will first set the group
-bits of i_mode to the value of the mask, and only then set the actual
-extended attribute representing the new acl.
-
-If the second part fails (due to lack of space, for example) and the file
-had no acl attribute to begin with, the system will from now on assume
-that the mask permission bits are actual group permission bits, potentially
-granting access to the wrong users.
-
-Prevent this by only changing the inode mode after the acl has been set.
-
-Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez at gmail.com>
-Signed-off-by: Theodore Ts'o <tytso at mit.edu>
-Reviewed-by: Jan Kara <jack at suse.cz>
-[bwh: Backported to 3.16: keep using ext4_current_time()]
----
- fs/ext4/acl.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
---- a/fs/ext4/acl.c
-+++ b/fs/ext4/acl.c
-@@ -196,16 +196,17 @@ __ext4_set_acl(handle_t *handle, struct
- void *value = NULL;
- size_t size = 0;
- int error;
-+ int update_mode = 0;
-+ umode_t mode = inode->i_mode;
-
- switch (type) {
- case ACL_TYPE_ACCESS:
- name_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;
- if (acl) {
-- error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-+ error = posix_acl_update_mode(inode, &mode, &acl);
- if (error)
- return error;
-- inode->i_ctime = ext4_current_time(inode);
-- ext4_mark_inode_dirty(handle, inode);
-+ update_mode = 1;
- }
- break;
-
-@@ -228,8 +229,14 @@ __ext4_set_acl(handle_t *handle, struct
- value, size, 0);
-
- kfree(value);
-- if (!error)
-+ if (!error) {
- set_cached_acl(inode, type, acl);
-+ if (update_mode) {
-+ inode->i_mode = mode;
-+ inode->i_ctime = ext4_current_time(inode);
-+ ext4_mark_inode_dirty(handle, inode);
-+ }
-+ }
-
- return error;
- }
diff --git a/debian/patches/bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index 0033c3b..0000000
--- a/debian/patches/bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Jaegeuk Kim <jaegeuk at kernel.org>
-Date: Tue, 11 Jul 2017 14:56:49 -0700
-Subject: f2fs: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/c925dc162f770578ff4a65ec9b08270382dba9e6
-Bug-Debian: https://bugs.debian.org/873026
-
-This patch copies commit b7f8a09f80:
-"btrfs: Don't clear SGID when inheriting ACLs" written by Jan.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-Signed-off-by: Jan Kara <jack at suse.cz>
-Reviewed-by: Chao Yu <yuchao0 at huawei.com>
-Reviewed-by: Jan Kara <jack at suse.cz>
-Signed-off-by: Jaegeuk Kim <jaegeuk at kernel.org>
----
- fs/f2fs/acl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/fs/f2fs/acl.c
-+++ b/fs/f2fs/acl.c
-@@ -212,7 +212,7 @@ static int __f2fs_set_acl(struct inode *
- switch (type) {
- case ACL_TYPE_ACCESS:
- name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS;
-- if (acl) {
-+ if (acl && !ipage) {
- error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
- if (error)
- return error;
diff --git a/debian/patches/bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index 3b960a8..0000000
--- a/debian/patches/bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From: Jan Kara <jack at suse.cz>
-Date: Wed, 21 Jun 2017 15:02:47 +0200
-Subject: hfsplus: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/84969465ddc4f8aeb3b993123b571aa01c5f2683
-Bug-Debian: https://bugs.debian.org/873026
-
-When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
-set, DIR1 is expected to have SGID bit set (and owning group equal to
-the owning group of 'DIR0'). However when 'DIR0' also has some default
-ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
-'DIR1' to get cleared if user is not member of the owning group.
-
-Fix the problem by creating __hfsplus_set_posix_acl() function that does
-not call posix_acl_update_mode() and use it when inheriting ACLs. That
-prevents SGID bit clearing and the mode has been properly set by
-posix_acl_create() anyway.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-Signed-off-by: Jan Kara <jack at suse.cz>
-[bwh: Backported to 3.16: adjust context]
----
- fs/hfsplus/posix_acl.c | 30 ++++++++++++++++++------------
- 1 file changed, 18 insertions(+), 12 deletions(-)
-
---- a/fs/hfsplus/posix_acl.c
-+++ b/fs/hfsplus/posix_acl.c
-@@ -54,8 +54,8 @@ struct posix_acl *hfsplus_get_posix_acl(
- return acl;
- }
-
--int hfsplus_set_posix_acl(struct inode *inode, struct posix_acl *acl,
-- int type)
-+static int __hfsplus_set_posix_acl(struct inode *inode, struct posix_acl *acl,
-+ int type)
- {
- int err;
- char *xattr_name;
-@@ -67,12 +67,6 @@ int hfsplus_set_posix_acl(struct inode *
- switch (type) {
- case ACL_TYPE_ACCESS:
- xattr_name = POSIX_ACL_XATTR_ACCESS;
-- if (acl) {
-- err = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-- if (err)
-- return err;
-- }
-- err = 0;
- break;
-
- case ACL_TYPE_DEFAULT:
-@@ -108,6 +102,18 @@ end_set_acl:
- return err;
- }
-
-+int hfsplus_set_posix_acl(struct inode *inode, struct posix_acl *acl, int type)
-+{
-+ int err;
-+
-+ if (type == ACL_TYPE_ACCESS && acl) {
-+ err = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-+ if (err)
-+ return err;
-+ }
-+ return __hfsplus_set_posix_acl(inode, acl, type);
-+}
-+
- int hfsplus_init_posix_acl(struct inode *inode, struct inode *dir)
- {
- int err = 0;
-@@ -125,15 +131,15 @@ int hfsplus_init_posix_acl(struct inode
- return err;
-
- if (default_acl) {
-- err = hfsplus_set_posix_acl(inode, default_acl,
-- ACL_TYPE_DEFAULT);
-+ err = __hfsplus_set_posix_acl(inode, default_acl,
-+ ACL_TYPE_DEFAULT);
- posix_acl_release(default_acl);
- }
-
- if (acl) {
- if (!err)
-- err = hfsplus_set_posix_acl(inode, acl,
-- ACL_TYPE_ACCESS);
-+ err = __hfsplus_set_posix_acl(inode, acl,
-+ ACL_TYPE_ACCESS);
- posix_acl_release(acl);
- }
- return err;
diff --git a/debian/patches/bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index 3a90a0a..0000000
--- a/debian/patches/bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From: Jan Kara <jack at suse.cz>
-Date: Thu, 22 Jun 2017 15:31:10 +0200
-Subject: jfs: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/9bcf66c72d726322441ec82962994e69157613e4
-Bug-Debian: https://bugs.debian.org/873026
-
-When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
-set, DIR1 is expected to have SGID bit set (and owning group equal to
-the owning group of 'DIR0'). However when 'DIR0' also has some default
-ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
-'DIR1' to get cleared if user is not member of the owning group.
-
-Fix the problem by moving posix_acl_update_mode() out of
-__jfs_set_acl() into jfs_set_acl(). That way the function will not be
-called when inheriting ACLs which is what we want as it prevents SGID
-bit clearing and the mode has been properly set by posix_acl_create()
-anyway.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-CC: jfs-discussion at lists.sourceforge.net
-Signed-off-by: Jan Kara <jack at suse.cz>
-Signed-off-by: Dave Kleikamp <dave.kleikamp at oracle.com>
-[bwh: Backported to 3.16:
- - Keep using CURRENT_TIME
- - Adjust context]
----
- fs/jfs/acl.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
---- a/fs/jfs/acl.c
-+++ b/fs/jfs/acl.c
-@@ -83,13 +83,6 @@ static int __jfs_set_acl(tid_t tid, stru
- switch (type) {
- case ACL_TYPE_ACCESS:
- ea_name = POSIX_ACL_XATTR_ACCESS;
-- if (acl) {
-- rc = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-- if (rc)
-- return rc;
-- inode->i_ctime = CURRENT_TIME;
-- mark_inode_dirty(inode);
-- }
- break;
- case ACL_TYPE_DEFAULT:
- ea_name = POSIX_ACL_XATTR_DEFAULT;
-@@ -124,9 +117,17 @@ int jfs_set_acl(struct inode *inode, str
-
- tid = txBegin(inode->i_sb, 0);
- mutex_lock(&JFS_IP(inode)->commit_mutex);
-+ if (type == ACL_TYPE_ACCESS && acl) {
-+ rc = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-+ if (rc)
-+ goto end_tx;
-+ inode->i_ctime = CURRENT_TIME;
-+ mark_inode_dirty(inode);
-+ }
- rc = __jfs_set_acl(tid, inode, type, acl);
- if (!rc)
- rc = txCommit(tid, 1, &inode, 0);
-+end_tx:
- txEnd(tid);
- mutex_unlock(&JFS_IP(inode)->commit_mutex);
- return rc;
diff --git a/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch b/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
deleted file mode 100644
index bbe3c66..0000000
--- a/debian/patches/bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Vladis Dronov <vdronov at redhat.com>
-Date: Tue, 12 Sep 2017 22:21:21 +0000
-Subject: nl80211: check for the required netlink attributes presence
-Origin: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-12153
-
-nl80211_set_rekey_data() does not check if the required attributes
-NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
-NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
-users with CAP_NET_ADMIN privilege and may result in NULL dereference
-and a system crash. Add a check for the required attributes presence.
-This patch is based on the patch by bo Zhang.
-
-This fixes CVE-2017-12153.
-
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046
-Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload")
-Cc: <stable at vger.kernel.org> # v3.1-rc1
-Reported-by: bo Zhang <zhangbo5891001 at gmail.com>
-Signed-off-by: Vladis Dronov <vdronov at redhat.com>
----
- net/wireless/nl80211.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -8933,6 +8933,9 @@ static int nl80211_set_rekey_data(struct
- if (err)
- return err;
-
-+ if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
-+ !tb[NL80211_REKEY_DATA_KCK])
-+ return -EINVAL;
- if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
- return -ERANGE;
- if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
diff --git a/debian/patches/bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index bb56664..0000000
--- a/debian/patches/bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: Jan Kara <jack at suse.cz>
-Date: Thu, 22 Jun 2017 09:32:49 +0200
-Subject: reiserfs: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/6883cd7f68245e43e91e5ee583b7550abf14523f
-Bug-Debian: https://bugs.debian.org/873026
-
-When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
-set, DIR1 is expected to have SGID bit set (and owning group equal to
-the owning group of 'DIR0'). However when 'DIR0' also has some default
-ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
-'DIR1' to get cleared if user is not member of the owning group.
-
-Fix the problem by moving posix_acl_update_mode() out of
-__reiserfs_set_acl() into reiserfs_set_acl(). That way the function will
-not be called when inheriting ACLs which is what we want as it prevents
-SGID bit clearing and the mode has been properly set by
-posix_acl_create() anyway.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-CC: reiserfs-devel at vger.kernel.org
-Signed-off-by: Jan Kara <jack at suse.cz>
-[bwh: Backported to 3.16: adjust context]
----
- fs/reiserfs/xattr_acl.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
---- a/fs/reiserfs/xattr_acl.c
-+++ b/fs/reiserfs/xattr_acl.c
-@@ -37,7 +37,14 @@ reiserfs_set_acl(struct inode *inode, st
- error = journal_begin(&th, inode->i_sb, jcreate_blocks);
- reiserfs_write_unlock(inode->i_sb);
- if (error == 0) {
-+ if (type == ACL_TYPE_ACCESS && acl) {
-+ error = posix_acl_update_mode(inode, &inode->i_mode,
-+ &acl);
-+ if (error)
-+ goto unlock;
-+ }
- error = __reiserfs_set_acl(&th, inode, type, acl);
-+unlock:
- reiserfs_write_lock(inode->i_sb);
- error2 = journal_end(&th);
- reiserfs_write_unlock(inode->i_sb);
-@@ -245,11 +252,6 @@ __reiserfs_set_acl(struct reiserfs_trans
- switch (type) {
- case ACL_TYPE_ACCESS:
- name = POSIX_ACL_XATTR_ACCESS;
-- if (acl) {
-- error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
-- if (error)
-- return error;
-- }
- break;
- case ACL_TYPE_DEFAULT:
- name = POSIX_ACL_XATTR_DEFAULT;
diff --git a/debian/patches/bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch b/debian/patches/bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
deleted file mode 100644
index 2b63f46..0000000
--- a/debian/patches/bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: Xin Long <lucien.xin at gmail.com>
-Date: Sun, 27 Aug 2017 20:25:26 +0800
-Subject: scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
-Origin: https://patchwork.kernel.org/patch/9923803/
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14489
-
-ChunYu found a kernel crash by syzkaller:
-
-[ 651.617875] kasan: CONFIG_KASAN_INLINE enabled
-[ 651.618217] kasan: GPF could be caused by NULL-ptr deref or user memory access
-[ 651.618731] general protection fault: 0000 [#1] SMP KASAN
-[ 651.621543] CPU: 1 PID: 9539 Comm: scsi Not tainted 4.11.0.cov #32
-[ 651.621938] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
-[ 651.622309] task: ffff880117780000 task.stack: ffff8800a3188000
-[ 651.622762] RIP: 0010:skb_release_data+0x26c/0x590
-[...]
-[ 651.627260] Call Trace:
-[ 651.629156] skb_release_all+0x4f/0x60
-[ 651.629450] consume_skb+0x1a5/0x600
-[ 651.630705] netlink_unicast+0x505/0x720
-[ 651.632345] netlink_sendmsg+0xab2/0xe70
-[ 651.633704] sock_sendmsg+0xcf/0x110
-[ 651.633942] ___sys_sendmsg+0x833/0x980
-[ 651.637117] __sys_sendmsg+0xf3/0x240
-[ 651.638820] SyS_sendmsg+0x32/0x50
-[ 651.639048] entry_SYSCALL_64_fastpath+0x1f/0xc2
-
-It's caused by skb_shared_info at the end of sk_buff was overwritten by
-ISCSI_KEVENT_IF_ERROR when parsing nlmsg info from skb in iscsi_if_rx.
-
-During the loop if skb->len == nlh->nlmsg_len and both are sizeof(*nlh),
-ev = nlmsg_data(nlh) will acutally get skb_shinfo(SKB) instead and set a
-new value to skb_shinfo(SKB)->nr_frags by ev->type.
-
-This patch is to fix it by checking nlh->nlmsg_len properly there to
-avoid over accessing sk_buff.
-
-Reported-by: ChunYu Wang <chunwang at redhat.com>
-Signed-off-by: Xin Long <lucien.xin at gmail.com>
-Acked-by: Chris Leech <cleech at redhat.com>
----
- drivers/scsi/scsi_transport_iscsi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/scsi/scsi_transport_iscsi.c
-+++ b/drivers/scsi/scsi_transport_iscsi.c
-@@ -3689,7 +3689,7 @@ iscsi_if_rx(struct sk_buff *skb)
- uint32_t group;
-
- nlh = nlmsg_hdr(skb);
-- if (nlh->nlmsg_len < sizeof(*nlh) ||
-+ if (nlh->nlmsg_len < sizeof(*nlh) + sizeof(*ev) ||
- skb->len < nlh->nlmsg_len) {
- break;
- }
diff --git a/debian/patches/bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch b/debian/patches/bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch
deleted file mode 100644
index c742e67..0000000
--- a/debian/patches/bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From: Dan Carpenter <dan.carpenter at oracle.com>
-Date: Wed, 30 Aug 2017 16:30:35 +0300
-Subject: scsi: qla2xxx: Fix an integer overflow in sysfs code
-Origin: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14051
-
-The value of "size" comes from the user. When we add "start + size" it
-could lead to an integer overflow bug.
-
-It means we vmalloc() a lot more memory than we had intended. I believe
-that on 64 bit systems vmalloc() can succeed even if we ask it to
-allocate huge 4GB buffers. So we would get memory corruption and likely
-a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().
-
-Only root can trigger this bug.
-
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061
-
-Cc: <stable at vger.kernel.org>
-Fixes: b7cc176c9eb3 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
-Reported-by: shqking <shqking at gmail.com>
-Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
-Signed-off-by: Martin K. Petersen <martin.petersen at oracle.com>
----
- drivers/scsi/qla2xxx/qla_attr.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/drivers/scsi/qla2xxx/qla_attr.c
-+++ b/drivers/scsi/qla2xxx/qla_attr.c
-@@ -396,6 +396,8 @@ qla2x00_sysfs_write_optrom_ctl(struct fi
- return -EINVAL;
- if (start > ha->optrom_size)
- return -EINVAL;
-+ if (size > ha->optrom_size - start)
-+ size = ha->optrom_size - start;
-
- mutex_lock(&ha->optrom_mutex);
- switch (val) {
-@@ -421,8 +423,7 @@ qla2x00_sysfs_write_optrom_ctl(struct fi
- }
-
- ha->optrom_region_start = start;
-- ha->optrom_region_size = start + size > ha->optrom_size ?
-- ha->optrom_size - start : size;
-+ ha->optrom_region_size = start + size;
-
- ha->optrom_state = QLA_SREADING;
- ha->optrom_buffer = vmalloc(ha->optrom_region_size);
-@@ -494,8 +495,7 @@ qla2x00_sysfs_write_optrom_ctl(struct fi
- }
-
- ha->optrom_region_start = start;
-- ha->optrom_region_size = start + size > ha->optrom_size ?
-- ha->optrom_size - start : size;
-+ ha->optrom_region_size = start + size;
-
- ha->optrom_state = QLA_SWRITING;
- ha->optrom_buffer = vmalloc(ha->optrom_region_size);
diff --git a/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch b/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
deleted file mode 100644
index 077815e..0000000
--- a/debian/patches/bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Vladis Dronov <vdronov at redhat.com>
-Date: Mon, 4 Sep 2017 16:00:50 +0200
-Subject: video: fbdev: aty: do not leak uninitialized padding in clk to
- userspace
-Origin: https://git.kernel.org/linus/8e75f7a7a00461ef6d91797a60b606367f6e344d
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14156
-
-'clk' is copied to a userland with padding byte(s) after 'vclk_post_div'
-field unitialized, leaking data from the stack. Fix this ensuring all of
-'clk' is initialized to zero.
-
-References: https://github.com/torvalds/linux/pull/441
-Reported-by: sohu0106 <sohu0106 at 126.com>
-Signed-off-by: Vladis Dronov <vdronov at redhat.com>
-Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie at samsung.com>
----
- drivers/video/fbdev/aty/atyfb_base.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/video/fbdev/aty/atyfb_base.c
-+++ b/drivers/video/fbdev/aty/atyfb_base.c
-@@ -1852,7 +1852,7 @@ static int atyfb_ioctl(struct fb_info *i
- #if defined(DEBUG) && defined(CONFIG_FB_ATY_CT)
- case ATYIO_CLKR:
- if (M64_HAS(INTEGRATED)) {
-- struct atyclk clk;
-+ struct atyclk clk = { 0 };
- union aty_pll *pll = &par->pll;
- u32 dsp_config = pll->ct.dsp_config;
- u32 dsp_on_off = pll->ct.dsp_on_off;
diff --git a/debian/patches/bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch b/debian/patches/bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch
deleted file mode 100644
index 956e159..0000000
--- a/debian/patches/bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From: Jan Kara <jack at suse.cz>
-Date: Mon, 26 Jun 2017 08:48:18 -0700
-Subject: xfs: Don't clear SGID when inheriting ACLs
-Origin: https://git.kernel.org/linus/8ba358756aa08414fa9e65a1a41d28304ed6fd7f
-Bug-Debian: https://bugs.debian.org/873026
-
-When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
-set, DIR1 is expected to have SGID bit set (and owning group equal to
-the owning group of 'DIR0'). However when 'DIR0' also has some default
-ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
-'DIR1' to get cleared if user is not member of the owning group.
-
-Fix the problem by calling __xfs_set_acl() instead of xfs_set_acl() when
-setting up inode in xfs_generic_create(). That prevents SGID bit
-clearing and mode is properly set by posix_acl_create() anyway. We also
-reorder arguments of __xfs_set_acl() to match the ordering of
-xfs_set_acl() to make things consistent.
-
-Fixes: 073931017b49d9458aa351605b43a7e34598caef
-CC: stable at vger.kernel.org
-CC: Darrick J. Wong <darrick.wong at oracle.com>
-CC: linux-xfs at vger.kernel.org
-Signed-off-by: Jan Kara <jack at suse.cz>
-Reviewed-by: Darrick J. Wong <darrick.wong at oracle.com>
-Signed-off-by: Darrick J. Wong <darrick.wong at oracle.com>
-[bwh: Backported to 3.16: adjust context]
----
- fs/xfs/xfs_acl.c | 6 +++---
- fs/xfs/xfs_acl.h | 1 +
- fs/xfs/xfs_iops.c | 4 ++--
- 3 files changed, 6 insertions(+), 5 deletions(-)
-
---- a/fs/xfs/xfs_acl.c
-+++ b/fs/xfs/xfs_acl.c
-@@ -176,8 +176,8 @@ out:
- return acl;
- }
-
--STATIC int
--__xfs_set_acl(struct inode *inode, int type, struct posix_acl *acl)
-+int
-+__xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
- {
- struct xfs_inode *ip = XFS_I(inode);
- unsigned char *ea_name;
-@@ -297,5 +297,5 @@ xfs_set_acl(struct inode *inode, struct
- }
-
- set_acl:
-- return __xfs_set_acl(inode, type, acl);
-+ return __xfs_set_acl(inode, acl, type);
- }
---- a/fs/xfs/xfs_acl.h
-+++ b/fs/xfs/xfs_acl.h
-@@ -61,6 +61,7 @@ struct xfs_acl {
- #ifdef CONFIG_XFS_POSIX_ACL
- extern struct posix_acl *xfs_get_acl(struct inode *inode, int type);
- extern int xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
-+extern int __xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
- extern int posix_acl_access_exists(struct inode *inode);
- extern int posix_acl_default_exists(struct inode *inode);
- #else
---- a/fs/xfs/xfs_iops.c
-+++ b/fs/xfs/xfs_iops.c
-@@ -173,12 +173,12 @@ xfs_generic_create(
-
- #ifdef CONFIG_XFS_POSIX_ACL
- if (default_acl) {
-- error = -xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
-+ error = -__xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
- if (error)
- goto out_cleanup_inode;
- }
- if (acl) {
-- error = -xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
-+ error = -__xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
- if (error)
- goto out_cleanup_inode;
- }
diff --git a/debian/patches/bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch b/debian/patches/bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch
deleted file mode 100644
index 1f1d11d..0000000
--- a/debian/patches/bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Richard Wareing <rwareing at fb.com>
-Date: Wed, 13 Sep 2017 09:09:35 +1000
-Subject: xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
-Origin: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14340
-
-If using a kernel with CONFIG_XFS_RT=y and we set the RHINHERIT flag on
-a directory in a filesystem that does not have a realtime device and
-create a new file in that directory, it gets marked as a real time file.
-When data is written and a fsync is issued, the filesystem attempts to
-flush a non-existent rt device during the fsync process.
-
-This results in a crash dereferencing a null buftarg pointer in
-xfs_blkdev_issue_flush():
-
- BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
- IP: xfs_blkdev_issue_flush+0xd/0x20
- .....
- Call Trace:
- xfs_file_fsync+0x188/0x1c0
- vfs_fsync_range+0x3b/0xa0
- do_fsync+0x3d/0x70
- SyS_fsync+0x10/0x20
- do_syscall_64+0x4d/0xb0
- entry_SYSCALL64_slow_path+0x25/0x25
-
-Setting RT inode flags does not require special privileges so any
-unprivileged user can cause this oops to occur. To reproduce, confirm
-kernel is compiled with CONFIG_XFS_RT=y and run:
-
- # mkfs.xfs -f /dev/pmem0
- # mount /dev/pmem0 /mnt/test
- # mkdir /mnt/test/foo
- # xfs_io -c 'chattr +t' /mnt/test/foo
- # xfs_io -f -c 'pwrite 0 5m' -c fsync /mnt/test/foo/bar
-
-Or just run xfstests with MKFS_OPTIONS="-d rtinherit=1" and wait.
-
-Kernels built with CONFIG_XFS_RT=n are not exposed to this bug.
-
-Fixes: f538d4da8d52 ("[XFS] write barrier support")
-Cc: <stable at vger.kernel.org>
-Signed-off-by: Richard Wareing <rwareing at fb.com>
-Signed-off-by: Dave Chinner <david at fromorbit.com>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-[bwh: Backported to 3.16: adjust filename]
----
- fs/xfs/xfs_dinode.h | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
---- a/fs/xfs/xfs_dinode.h
-+++ b/fs/xfs/xfs_dinode.h
-@@ -228,7 +228,14 @@ static inline void xfs_dinode_put_rdev(s
- #define XFS_DIFLAG_FILESTREAM (1 << XFS_DIFLAG_FILESTREAM_BIT)
-
- #ifdef CONFIG_XFS_RT
--#define XFS_IS_REALTIME_INODE(ip) ((ip)->i_d.di_flags & XFS_DIFLAG_REALTIME)
-+
-+/*
-+ * make sure we ignore the inode flag if the filesystem doesn't have a
-+ * configured realtime device.
-+ */
-+#define XFS_IS_REALTIME_INODE(ip) \
-+ (((ip)->i_d.di_flags & XFS_DIFLAG_REALTIME) && \
-+ (ip)->i_mount->m_rtdev_targp)
- #else
- #define XFS_IS_REALTIME_INODE(ip) (0)
- #endif
diff --git a/debian/patches/bugfix/x86/KVM-x86-pass-host_initiated-to-functions-that-read-M.patch b/debian/patches/bugfix/x86/KVM-x86-pass-host_initiated-to-functions-that-read-M.patch
index b0cd9a4..7a0b0f3 100644
--- a/debian/patches/bugfix/x86/KVM-x86-pass-host_initiated-to-functions-that-read-M.patch
+++ b/debian/patches/bugfix/x86/KVM-x86-pass-host_initiated-to-functions-that-read-M.patch
@@ -15,6 +15,7 @@ on return.
Reviewed-by: Radim Krčmář <rkrcmar at redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
[carnil: backport to 3.16, adjust context]
+[bwh: Adjust context again after update to 3.16.51]
---
arch/x86/include/asm/kvm_host.h | 6 +--
arch/x86/kvm/svm.c | 54 ++++++++++----------
@@ -174,7 +175,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
}
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -2475,71 +2475,64 @@ static int vmx_get_vmx_msr(struct kvm_vc
+@@ -2476,71 +2476,64 @@ static int vmx_get_vmx_msr(struct kvm_vc
* Returns 0 on success, non-0 otherwise.
* Assumes vcpu_load() was already called.
*/
@@ -226,7 +227,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+ msr_info->data = vmcs_readl(GUEST_SYSENTER_ESP);
break;
case MSR_IA32_BNDCFGS:
- if (!vmx_mpx_supported())
+ if (!vmx_mpx_supported() || !guest_cpuid_has_mpx(vcpu))
return 1;
- data = vmcs_read64(GUEST_BNDCFGS);
+ msr_info->data = vmcs_read64(GUEST_BNDCFGS);
@@ -262,7 +263,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
return 0;
}
-@@ -5236,19 +5229,21 @@ static int handle_cpuid(struct kvm_vcpu
+@@ -5240,19 +5233,21 @@ static int handle_cpuid(struct kvm_vcpu
static int handle_rdmsr(struct kvm_vcpu *vcpu)
{
u32 ecx = vcpu->arch.regs[VCPU_REGS_RCX];
@@ -291,7 +292,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
}
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -989,6 +989,21 @@ EXPORT_SYMBOL_GPL(kvm_set_msr);
+@@ -998,6 +998,21 @@ EXPORT_SYMBOL_GPL(kvm_set_msr);
/*
* Adapt set_msr() to msr_io()'s calling convention
*/
@@ -313,7 +314,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
{
struct msr_data msr;
-@@ -2269,9 +2284,9 @@ EXPORT_SYMBOL_GPL(kvm_set_msr_common);
+@@ -2278,9 +2293,9 @@ EXPORT_SYMBOL_GPL(kvm_set_msr_common);
* Returns 0 on success, non-0 otherwise.
* Assumes vcpu_load() was already called.
*/
@@ -325,7 +326,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
}
static int get_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
-@@ -2407,11 +2422,11 @@ static int get_msr_hyperv(struct kvm_vcp
+@@ -2416,11 +2431,11 @@ static int get_msr_hyperv(struct kvm_vcp
return 0;
}
@@ -339,7 +340,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
case MSR_IA32_PLATFORM_ID:
case MSR_IA32_EBL_CR_POWERON:
case MSR_IA32_DEBUGCTLMSR:
-@@ -2430,26 +2445,26 @@ int kvm_get_msr_common(struct kvm_vcpu *
+@@ -2439,26 +2454,26 @@ int kvm_get_msr_common(struct kvm_vcpu *
case MSR_AMD64_NB_CFG:
case MSR_FAM10H_MMIO_CONF_BASE:
case MSR_AMD64_BU_CFG2:
@@ -374,7 +375,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
break;
/*
* MSR_EBC_FREQUENCY_ID
-@@ -2463,48 +2478,48 @@ int kvm_get_msr_common(struct kvm_vcpu *
+@@ -2472,48 +2487,48 @@ int kvm_get_msr_common(struct kvm_vcpu *
* multiplying by zero otherwise.
*/
case MSR_EBC_FREQUENCY_ID:
@@ -436,7 +437,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
break;
case MSR_IA32_P5_MC_ADDR:
case MSR_IA32_P5_MC_TYPE:
-@@ -2512,7 +2527,7 @@ int kvm_get_msr_common(struct kvm_vcpu *
+@@ -2521,7 +2536,7 @@ int kvm_get_msr_common(struct kvm_vcpu *
case MSR_IA32_MCG_CTL:
case MSR_IA32_MCG_STATUS:
case MSR_IA32_MC0_CTL ... MSR_IA32_MC0_CTL + 4 * KVM_MAX_MCE_BANKS - 1:
@@ -445,7 +446,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
case MSR_K7_CLK_CTL:
/*
* Provide expected ramp-up count for K7. All other
-@@ -2523,17 +2538,17 @@ int kvm_get_msr_common(struct kvm_vcpu *
+@@ -2532,17 +2547,17 @@ int kvm_get_msr_common(struct kvm_vcpu *
* type 6, model 8 and higher from exploding due to
* the rdmsr failing.
*/
@@ -467,7 +468,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
break;
case MSR_IA32_BBL_CR_CTL3:
/* This legacy MSR exists but isn't fully documented in current
-@@ -2546,31 +2561,30 @@ int kvm_get_msr_common(struct kvm_vcpu *
+@@ -2555,31 +2570,30 @@ int kvm_get_msr_common(struct kvm_vcpu *
* L2 cache control register 3: 64GB range, 256KB size,
* enabled, latency 0x1, configured
*/
@@ -507,7 +508,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
return 0;
}
EXPORT_SYMBOL_GPL(kvm_get_msr_common);
-@@ -3269,7 +3283,7 @@ long kvm_arch_vcpu_ioctl(struct file *fi
+@@ -3288,7 +3302,7 @@ long kvm_arch_vcpu_ioctl(struct file *fi
break;
}
case KVM_GET_MSRS:
@@ -516,7 +517,7 @@ Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
break;
case KVM_SET_MSRS:
r = msr_io(vcpu, argp, do_set_msr, 0);
-@@ -4779,7 +4793,17 @@ static void emulator_set_segment(struct
+@@ -4808,7 +4822,17 @@ static void emulator_set_segment(struct
static int emulator_get_msr(struct x86_emulate_ctxt *ctxt,
u32 msr_index, u64 *pdata)
{
diff --git a/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch b/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
deleted file mode 100644
index d957caa..0000000
--- a/debian/patches/bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Jim Mattson <jmattson at google.com>
-Date: Tue, 12 Sep 2017 13:02:54 -0700
-Subject: kvm: nVMX: Don't allow L2 to access the hardware CR8
-Origin: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-12154
-
-If L1 does not specify the "use TPR shadow" VM-execution control in
-vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store
-exiting" VM-execution controls in vmcs02. Failure to do so will give
-the L2 VM unrestricted read/write access to the hardware CR8.
-
-This fixes CVE-2017-12154.
-
-Signed-off-by: Jim Mattson <jmattson at google.com>
-Reviewed-by: David Hildenbrand <david at redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
-[bwh: Backported to 3.16: adjust context]
----
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -8040,6 +8040,14 @@ static void prepare_vmcs02(struct kvm_vc
- exec_control &= ~CPU_BASED_VIRTUAL_NMI_PENDING;
- exec_control &= ~CPU_BASED_TPR_SHADOW;
- exec_control |= vmcs12->cpu_based_vm_exec_control;
-+
-+ if (!(exec_control & CPU_BASED_TPR_SHADOW)) {
-+#ifdef CONFIG_X86_64
-+ exec_control |= CPU_BASED_CR8_LOAD_EXITING |
-+ CPU_BASED_CR8_STORE_EXITING;
-+#endif
-+ }
-+
- /*
- * Merging of IO and MSR bitmaps not currently supported.
- * Rather, exit every time.
diff --git a/debian/patches/debian/cpumask-avoid-abi-change-in-3.16.50.patch b/debian/patches/debian/cpumask-avoid-abi-change-in-3.16.50.patch
new file mode 100644
index 0000000..d3763ea
--- /dev/null
+++ b/debian/patches/debian/cpumask-avoid-abi-change-in-3.16.50.patch
@@ -0,0 +1,24 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 19:36:06 +0000
+Subject: cpumask: Avoid ABI change in 3.16.50
+Forwarded: not-needed
+
+Commit f36963c9d3f6 "cpumask_set_cpu_local_first => cpumask_local_spread,
+lament" replaced the former function with the latter. As these function
+are exported and might be used by OOT modules, re-add
+cpumask_set_cpu_local_first() as a wrapper around cpumask_local_spread().
+
+---
+--- a/lib/cpumask.c
++++ b/lib/cpumask.c
+@@ -237,3 +237,10 @@ unsigned int cpumask_local_spread(unsign
+ BUG();
+ }
+ EXPORT_SYMBOL(cpumask_local_spread);
++
++int cpumask_set_cpu_local_first(int i, int numa_node, cpumask_t *dstp)
++{
++ cpumask_set_cpu(cpumask_local_spread(i, numa_node), dstp);
++ return 0;
++}
++EXPORT_SYMBOL(cpumask_set_cpu_local_first);
diff --git a/debian/patches/debian/dm-avoid-abi-change-in-3.16.50.patch b/debian/patches/debian/dm-avoid-abi-change-in-3.16.50.patch
new file mode 100644
index 0000000..110eb25
--- /dev/null
+++ b/debian/patches/debian/dm-avoid-abi-change-in-3.16.50.patch
@@ -0,0 +1,30 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 16:24:53 +0000
+Subject: dm: Avoid ABI change in 3.16.50
+Forwarded: not-needed
+
+Commit 604407890ecf "dm: fix printk() rate limiting code" removed the
+global state for device-mapper log rate limiting. Add it back so any
+old OOT modules using it will still work.
+
+---
+--- a/drivers/md/dm.c
++++ b/drivers/md/dm.c
+@@ -24,6 +24,17 @@
+
+ #define DM_MSG_PREFIX "core"
+
++#ifdef CONFIG_PRINTK
++/*
++ * ratelimit state to be used in DMXXX_LIMIT() (old modules only)
++ */
++DEFINE_RATELIMIT_STATE(dm_ratelimit_state,
++ DEFAULT_RATELIMIT_INTERVAL,
++ DEFAULT_RATELIMIT_BURST);
++EXPORT_SYMBOL(dm_ratelimit_state);
++#endif
++
++ /*
+ /*
+ * Cookies are numeric values sent with CHANGE and REMOVE
+ * uevents while resuming, removing or renaming the device.
diff --git a/debian/patches/debian/gpio-avoid-abi-change-in-3.16.50.patch b/debian/patches/debian/gpio-avoid-abi-change-in-3.16.50.patch
new file mode 100644
index 0000000..f9f603f
--- /dev/null
+++ b/debian/patches/debian/gpio-avoid-abi-change-in-3.16.50.patch
@@ -0,0 +1,27 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 21:44:16 +0000
+Subject: gpio: Avoid ABI change in 3.16.50
+Forwarded: not-needed
+
+Commit 14c8a620ba43 "gpio: drop retval check enforcing from
+gpiochip_remove()" removed __must_check - which expands to
+__attribute__((warn_unused_result)) - from the declaration of
+gpiochip_remove(). This attribute doesn't affect the ABI, so add it
+back for genksyms's eyes only.
+
+---
+--- a/include/linux/gpio/driver.h
++++ b/include/linux/gpio/driver.h
+@@ -141,7 +141,11 @@ extern const char *gpiochip_is_requested
+
+ /* add/remove chips */
+ extern int gpiochip_add(struct gpio_chip *chip);
+-extern int gpiochip_remove(struct gpio_chip *chip);
++extern int
++#ifdef __GENKSYMS__
++__must_check
++#endif
++gpiochip_remove(struct gpio_chip *chip);
+ extern struct gpio_chip *gpiochip_find(void *data,
+ int (*match)(struct gpio_chip *chip, void *data));
+
diff --git a/debian/patches/debian/inet_frag-limit-abi-change-in-3.16.51.patch b/debian/patches/debian/inet_frag-limit-abi-change-in-3.16.51.patch
new file mode 100644
index 0000000..4815efb
--- /dev/null
+++ b/debian/patches/debian/inet_frag-limit-abi-change-in-3.16.51.patch
@@ -0,0 +1,62 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 19:53:35 +0000
+Subject: inet_frag: Limit ABI change in 3.16.51
+Forwarded: not-needed
+
+Commit fb452a1aa3fd 'Revert "net: use lib/percpu_counter API for
+fragmentation mem accounting"' changed the type of inet_frag::mem
+from struct percpu_counter to atomic_t. There are few modules
+that actually depend on this, but struct inet_frag is embedded in
+various other structures that end up affecting symbol versions
+for a huge number of networking APIs.
+
+So add padding to keep the structure size unchanged, hide the type
+change from genksyms, and rename a key inet_frag function so that
+those modules that actually depend on the type of inet_frag::mem do
+see an ABI change.
+
+---
+--- a/include/net/inet_frag.h
++++ b/include/net/inet_frag.h
+@@ -1,13 +1,26 @@
+ #ifndef __NET_FRAG_H__
+ #define __NET_FRAG_H__
+
++#include <linux/percpu_counter.h>
++
+ struct netns_frags {
+ int nqueues;
+ struct list_head lru_list;
+ spinlock_t lru_lock;
+
++ /*
++ * bwh: This change is hidden from genksyms, but we still make
++ * sure to avoid an ABI mismatch for the modules that access
++ * it (see comment below).
++ */
++#ifndef __GENKSYMS__
+ /* Keep atomic mem on separate cachelines in structs that include it */
+ atomic_t mem ____cacheline_aligned_in_smp;
++ char pad[sizeof(struct percpu_counter) -
++ sizeof(atomic_t)];
++#else
++ struct percpu_counter mem ____cacheline_aligned_in_smp;
++#endif
+ /* sysctls */
+ int timeout;
+ int high_thresh;
+@@ -79,6 +92,14 @@ void inet_frags_init(struct inet_frags *
+ void inet_frags_fini(struct inet_frags *);
+
+ void inet_frags_init_net(struct netns_frags *nf);
++/*
++ * bwh: All modules accessing inet_frag::mem through the inline
++ * functions below also call inet_frags_exit_net(). Change the
++ * function name together with that field's type, so that all loaded
++ * code agrees on whether the type is atomic_t or struct
++ * percpu_counter.
++ */
++#define inet_frags_exit_net inet_frags_exit_net_atomic
+ void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f);
+
+ void inet_frag_kill(struct inet_frag_queue *q, struct inet_frags *f);
diff --git a/debian/patches/debian/ip6_fib-avoid-abi-change-in-3.16.50.patch b/debian/patches/debian/ip6_fib-avoid-abi-change-in-3.16.50.patch
new file mode 100644
index 0000000..02eff34
--- /dev/null
+++ b/debian/patches/debian/ip6_fib-avoid-abi-change-in-3.16.50.patch
@@ -0,0 +1,23 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 26 Nov 2017 21:43:27 +0000
+Subject: ip6_fib: Avoid ABI change in 3.16.50
+Forwarded: not-needed
+
+Commit c5cff8561d2d "ipv6: add rcu grace period before freeing
+fib6_node" added an rcu_head field to the end of struct fib6_node.
+As this structure is always allocated and freed inside of the ipv6
+module (or built-in code), we can safely hide it from genksyms.
+
+---
+--- a/include/net/ip6_fib.h
++++ b/include/net/ip6_fib.h
+@@ -66,7 +66,9 @@ struct fib6_node {
+ __u16 fn_flags;
+ __u32 fn_sernum;
+ struct rt6_info *rr_ptr;
++#ifndef __GENKSYMS__
+ struct rcu_head rcu;
++#endif
+ };
+
+ #ifndef CONFIG_IPV6_SUBTREES
diff --git a/debian/patches/debian/ip_fib-avoid-abi-change-in-3.16.50.patch b/debian/patches/debian/ip_fib-avoid-abi-change-in-3.16.50.patch
new file mode 100644
index 0000000..1c318b5
--- /dev/null
+++ b/debian/patches/debian/ip_fib-avoid-abi-change-in-3.16.50.patch
@@ -0,0 +1,30 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 20:01:30 +0000
+Subject: ip_fib: Avoid ABI change in 3.16.50
+Forwarded: not-needed
+
+Commit 3fb07daff8e9 "ipv4: add reference counting to metrics" changed
+the type of fib_info::fib_metrics from u32 * to dst_metrics *.
+However, dst_metrics begins with the same array-of-u32 as before, so
+the change doesn't break existing readers; and all writers to the
+field are built-in. So hide the change from genksyms.
+
+---
+--- a/include/net/ip_fib.h
++++ b/include/net/ip_fib.h
+@@ -110,11 +110,15 @@ struct fib_info {
+ unsigned char fib_type;
+ __be32 fib_prefsrc;
+ u32 fib_priority;
++#ifndef __GENKSYMS__
+ struct dst_metrics *fib_metrics;
+ #define fib_mtu fib_metrics->metrics[RTAX_MTU-1]
+ #define fib_window fib_metrics->metrics[RTAX_WINDOW-1]
+ #define fib_rtt fib_metrics->metrics[RTAX_RTT-1]
+ #define fib_advmss fib_metrics->metrics[RTAX_ADVMSS-1]
++#else
++ u32 *fib_metrics;
++#endif
+ int fib_nhs;
+ #ifdef CONFIG_IP_ROUTE_MULTIPATH
+ int fib_power;
diff --git a/debian/patches/debian/mm-avoid-abi-change-in-3.16.50.patch b/debian/patches/debian/mm-avoid-abi-change-in-3.16.50.patch
new file mode 100644
index 0000000..c3405e2
--- /dev/null
+++ b/debian/patches/debian/mm-avoid-abi-change-in-3.16.50.patch
@@ -0,0 +1,41 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 20:36:53 +0000
+Subject: mm: Avoid ABI change in 3.16.50
+Forwarded: not-needed
+
+Commit 16af97dc5a89 "mm: migrate: prevent racy access to
+tlb_flush_pending" changed mm_struct::tlb_flush_pending from bool to
+atomic_t. Only built-in code allocates the structure and accesses
+this field, but in some configurations the offset of the following
+field will be changed. Move tlb_flush_pending to the end of the
+structure and leave compatible padding in its place. Hide the
+change from genksyms.
+
+---
+--- a/include/linux/mm_types.h
++++ b/include/linux/mm_types.h
+@@ -448,6 +448,15 @@ struct mm_struct {
+ int numa_scan_seq;
+ #endif
+ #if defined(CONFIG_NUMA_BALANCING) || defined(CONFIG_COMPACTION)
++#ifndef __GENKSYMS__
++ bool pad_was_tlb_flush_pending;
++#else
++ bool tlb_flush_pending;
++#endif
++#endif
++ struct uprobes_state uprobes_state;
++#ifndef __GENKSYMS__
++#if defined(CONFIG_NUMA_BALANCING) || defined(CONFIG_COMPACTION)
+ /*
+ * An operation with batched TLB flushing is going on. Anything that
+ * can move process memory needs to flush the TLB when moving a
+@@ -455,7 +464,7 @@ struct mm_struct {
+ */
+ atomic_t tlb_flush_pending;
+ #endif
+- struct uprobes_state uprobes_state;
++#endif
+ };
+
+ static inline void mm_init_cpumask(struct mm_struct *mm)
diff --git a/debian/patches/debian/revert-arm64-define-at_vector_size_arch-for-arch_dlinfo.patch b/debian/patches/debian/revert-arm64-define-at_vector_size_arch-for-arch_dlinfo.patch
index 33ccaf3..2834aab 100644
--- a/debian/patches/debian/revert-arm64-define-at_vector_size_arch-for-arch_dlinfo.patch
+++ b/debian/patches/debian/revert-arm64-define-at_vector_size_arch-for-arch_dlinfo.patch
@@ -11,9 +11,9 @@ struct mm_struct which breaks the module ABI.
---
--- a/arch/arm64/include/asm/elf.h
+++ b/arch/arm64/include/asm/elf.h
-@@ -137,7 +137,6 @@ extern unsigned long randomize_et_dyn(un
-
- #define SET_PERSONALITY(ex) clear_thread_flag(TIF_32BIT);
+@@ -140,7 +140,6 @@ typedef struct user_fpsimd_state elf_fpr
+ current->personality &= ~READ_IMPLIES_EXEC; \
+ })
-/* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT entries changes */
#define ARCH_DLINFO \
diff --git a/debian/patches/debian/s390-mm-avoid-abi-change-in-3.16.51.patch b/debian/patches/debian/s390-mm-avoid-abi-change-in-3.16.51.patch
new file mode 100644
index 0000000..e184873
--- /dev/null
+++ b/debian/patches/debian/s390-mm-avoid-abi-change-in-3.16.51.patch
@@ -0,0 +1,74 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 20:49:07 +0000
+Subject: s390/mm: Avoid ABI change in 3.16.51.patch
+Forwarded: not-needed
+
+Commit 60f07c8ec5fa "s390/mm: fix race on mm->context.flush_mm" added
+a field to the s390 definition of mm_context_t. This is embedded in
+the arch-indepdendent struct mm_struct, so adding a new field results
+in an incompatible change to the layout of the larger struct.
+
+Move the new field out of mm_context_t to the end of mm_struct, and
+hide the change from genksyms.
+
+---
+--- a/arch/s390/include/asm/mmu.h
++++ b/arch/s390/include/asm/mmu.h
+@@ -5,7 +5,6 @@
+ #include <linux/errno.h>
+
+ typedef struct {
+- spinlock_t lock;
+ cpumask_t cpu_attach_mask;
+ atomic_t attach_count;
+ unsigned int flush_mm;
+@@ -22,7 +21,7 @@ typedef struct {
+ } mm_context_t;
+
+ #define INIT_MM_CONTEXT(name) \
+- .context.lock = __SPIN_LOCK_UNLOCKED(name.context.lock), \
++ .s390_flush_lock = __SPIN_LOCK_UNLOCKED(name.s390_flush_lock), \
+ .context.list_lock = __SPIN_LOCK_UNLOCKED(name.context.list_lock), \
+ .context.pgtable_list = LIST_HEAD_INIT(name.context.pgtable_list), \
+ .context.gmap_list = LIST_HEAD_INIT(name.context.gmap_list),
+--- a/arch/s390/include/asm/mmu_context.h
++++ b/arch/s390/include/asm/mmu_context.h
+@@ -15,7 +15,7 @@
+ static inline int init_new_context(struct task_struct *tsk,
+ struct mm_struct *mm)
+ {
+- spin_lock_init(&mm->context.lock);
++ spin_lock_init(&mm->s390_flush_lock);
+ spin_lock_init(&mm->context.list_lock);
+ INIT_LIST_HEAD(&mm->context.pgtable_list);
+ INIT_LIST_HEAD(&mm->context.gmap_list);
+--- a/arch/s390/include/asm/tlbflush.h
++++ b/arch/s390/include/asm/tlbflush.h
+@@ -164,12 +164,12 @@ static inline void __tlb_flush_mm(struct
+
+ static inline void __tlb_flush_mm_lazy(struct mm_struct * mm)
+ {
+- spin_lock(&mm->context.lock);
++ spin_lock(&mm->s390_flush_lock);
+ if (mm->context.flush_mm) {
+ mm->context.flush_mm = 0;
+ __tlb_flush_mm(mm);
+ }
+- spin_unlock(&mm->context.lock);
++ spin_unlock(&mm->s390_flush_lock);
+ }
+
+ /*
+--- a/include/linux/mm_types.h
++++ b/include/linux/mm_types.h
+@@ -464,6 +464,10 @@ struct mm_struct {
+ */
+ atomic_t tlb_flush_pending;
+ #endif
++#ifdef CONFIG_S390
++ /* bwh: This should be in s390's mm_context_t but that breaks ABI */
++ spinlock_t s390_flush_lock;
++#endif
+ #endif
+ };
+
diff --git a/debian/patches/debian/sched-avoid-abi-change-in-3.16.49.patch b/debian/patches/debian/sched-avoid-abi-change-in-3.16.49.patch
new file mode 100644
index 0000000..1920a41
--- /dev/null
+++ b/debian/patches/debian/sched-avoid-abi-change-in-3.16.49.patch
@@ -0,0 +1,48 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 27 Nov 2017 19:48:12 +0000
+Subject: sched: Avoid ABI change in 3.16.49
+Forwarded: not-needed
+
+The backports of commits 5f3333219189 "sched: move no_new_privs into
+new atomic flags" and e0e5070b20e0 "sched: add macros to define bitops
+for task atomic flags" replaced the no_new_privs bitfield with a new
+field in struct task_struct, which will change ABI for most symbols in
+the kernel.
+
+However, task_struct is always allocated by built-in code and both
+fields are/were only accessed by built-in code. Move the new field
+to the end, add a padding bit in place of the old bitfield, and hide
+the changes from genksyms.
+
+---
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -1320,12 +1320,16 @@ struct task_struct {
+ * execve */
+ unsigned in_iowait:1;
+
++#ifndef __GENKSYMS__
++ unsigned :1;
++#else
++ unsigned no_new_privs:1;
++#endif
++
+ /* Revert to default priority/policy when forking */
+ unsigned sched_reset_on_fork:1;
+ unsigned sched_contributes_to_load:1;
+
+- unsigned long atomic_flags; /* Flags needing atomic access. */
+-
+ pid_t pid;
+ pid_t tgid;
+
+@@ -1667,6 +1671,9 @@ struct task_struct {
+ unsigned int sequential_io;
+ unsigned int sequential_io_avg;
+ #endif
++#ifndef __GENKSYMS__
++ unsigned long atomic_flags; /* Flags needing atomic access. */
++#endif
+ };
+
+ /* Future-safe accessor for struct task_struct's cpus_allowed. */
diff --git a/debian/patches/debian/scsi-fix-abi-change-in-3.16.37.patch b/debian/patches/debian/scsi-fix-abi-change-in-3.16.37.patch
index 2348599..4900c94 100644
--- a/debian/patches/debian/scsi-fix-abi-change-in-3.16.37.patch
+++ b/debian/patches/debian/scsi-fix-abi-change-in-3.16.37.patch
@@ -1,29 +1,32 @@
From: Ben Hutchings <ben at decadent.org.uk>
Date: Fri, 09 Dec 2016 22:50:13 +0000
-Subject: SCSI: Fix ABI change in 3.16.37
+Subject: SCSI: Fix ABI changes in 3.16.37, 3.16.49
Forwarded: not-needed
Commit f05795d3d771 ("scsi: Add intermediate STARGET_REMOVE state to
-scsi_target_state") added an enumerator to enum scsi_target_state,
-and renumbered the existing STARGET_DEL.
+scsi_target_state") added an enumerator to enum scsi_target_state, and
+renumbered the existing STARGET_DEL. Commit f9279c968c25 ("scsi: Add
+STARGET_CREATED_REMOVE state to scsi_target_state") did the same
+again.
The target state doesn't appear to be checked anywhere outside of the
-SCSI core, but just in case it is swap STARGET_REMOVE and
-STARGET_DEL to maintain the value of the latter.
+SCSI core, but just in case it is reorder the enumerators to maintain
+the value of STARGET_DEL.
Hide the change from genksyms.
---
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
-@@ -264,8 +264,10 @@ struct scsi_dh_data {
+@@ -264,9 +264,11 @@ struct scsi_dh_data {
enum scsi_target_state {
STARGET_CREATED = 1,
STARGET_RUNNING,
-- STARGET_REMOVE,
- STARGET_DEL,
++ STARGET_DEL,
+#ifndef __GENKSYMS__
-+ STARGET_REMOVE,
+ STARGET_REMOVE,
+ STARGET_CREATED_REMOVE,
+- STARGET_DEL,
+#endif
};
diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch
index f8bb637..a25fdbf 100644
--- a/debian/patches/debian/version.patch
+++ b/debian/patches/debian/version.patch
@@ -9,7 +9,7 @@ are set.
--- a/Makefile
+++ b/Makefile
-@@ -826,7 +826,7 @@ endif
+@@ -940,7 +940,7 @@ endif
prepare2: prepare3 outputmakefile asm-generic
prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
@@ -18,7 +18,7 @@ are set.
$(cmd_crmodverdir)
archprepare: archheaders archscripts prepare1 scripts_basic
-@@ -858,12 +858,25 @@ define filechk_version.h
+@@ -972,12 +972,25 @@ define filechk_version.h
echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
endef
@@ -54,7 +54,7 @@ are set.
#include <asm/current.h>
#include <asm/ptrace.h>
#include <asm/sysrq.h>
-@@ -16,8 +17,9 @@ void __show_regs(struct pt_regs *regs)
+@@ -16,8 +17,9 @@ void show_regs(struct pt_regs *regs)
{
printk("\n");
print_modules();
@@ -90,7 +90,7 @@ are set.
regs->ar_unat, regs->ar_pfs, regs->ar_rsc);
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
-@@ -38,6 +38,7 @@
+@@ -37,6 +37,7 @@
#include <linux/personality.h>
#include <linux/random.h>
#include <linux/hw_breakpoint.h>
@@ -98,7 +98,7 @@ are set.
#include <asm/pgtable.h>
#include <asm/uaccess.h>
-@@ -843,8 +844,9 @@ void show_regs(struct pt_regs * regs)
+@@ -1022,8 +1023,9 @@ void show_regs(struct pt_regs * regs)
printk("NIP: "REG" LR: "REG" CTR: "REG"\n",
regs->nip, regs->link, regs->ctr);
@@ -119,8 +119,8 @@ are set.
+#include <generated/package.h>
#include <asm/uaccess.h>
-
-@@ -2871,11 +2872,12 @@ void __init dump_stack_set_arch_desc(con
+ #include <asm-generic/sections.h>
+@@ -3034,11 +3035,12 @@ void __init dump_stack_set_arch_desc(con
*/
void dump_stack_print_info(const char *log_lvl)
{
diff --git a/debian/patches/features/all/virtio-scsi-Implement-change_queue_depth-for-virtscs.patch b/debian/patches/features/all/virtio-scsi-Implement-change_queue_depth-for-virtscs.patch
index 853fa54..26b6ae5 100644
--- a/debian/patches/features/all/virtio-scsi-Implement-change_queue_depth-for-virtscs.patch
+++ b/debian/patches/features/all/virtio-scsi-Implement-change_queue_depth-for-virtscs.patch
@@ -65,19 +65,19 @@ Signed-off-by: Christoph Hellwig <hch at lst.de>
static int virtscsi_abort(struct scsi_cmnd *sc)
{
struct virtio_scsi *vscsi = shost_priv(sc->device->host);
-@@ -693,6 +724,7 @@ static struct scsi_host_template virtscs
+@@ -703,6 +734,7 @@ static struct scsi_host_template virtscs
.this_id = -1,
.cmd_size = sizeof(struct virtio_scsi_cmd),
.queuecommand = virtscsi_queuecommand_single,
+ .change_queue_depth = virtscsi_change_queue_depth,
.eh_abort_handler = virtscsi_abort,
.eh_device_reset_handler = virtscsi_device_reset,
-
-@@ -710,6 +742,7 @@ static struct scsi_host_template virtscs
+ .eh_timed_out = virtscsi_eh_timed_out,
+@@ -721,6 +753,7 @@ static struct scsi_host_template virtscs
.this_id = -1,
.cmd_size = sizeof(struct virtio_scsi_cmd),
.queuecommand = virtscsi_queuecommand_multi,
+ .change_queue_depth = virtscsi_change_queue_depth,
.eh_abort_handler = virtscsi_abort,
.eh_device_reset_handler = virtscsi_device_reset,
-
+ .eh_timed_out = virtscsi_eh_timed_out,
diff --git a/debian/patches/series b/debian/patches/series
index 62acbe8..96d412d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -197,7 +197,6 @@ features/x86/ie31200_edac-allocate-mci-and-map-mchbar-first.patch
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
bugfix/all/disable-some-marvell-phys.patch
debian/i2o-disable-i2o_ext_adaptec-on-64bit.patch
-bugfix/all/aic94xx-remove-broken-fallback-for-missing-ctrl-a.patch
bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch
bugfix/all/HID-i2c-hid-call-the-hid-driver-s-suspend-and-resume.patch
bugfix/all/xen-netback-Adding-debugfs-io_ring_qX-files.patch
@@ -248,15 +247,6 @@ bugfix/all/SUNRPC-fix-refcounting-problems-with-auth_gss-messag.patch
bugfix/all/ixgbe-do-not-call-check_link-for-ethtool-in-ixgbe_ge.patch
bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
-bugfix/all/ext2-don-t-clear-sgid-when-inheriting-acls.patch
-bugfix/all/hfsplus-don-t-clear-sgid-when-inheriting-acls.patch
-bugfix/all/reiserfs-don-t-clear-sgid-when-inheriting-acls.patch
-bugfix/all/btrfs-don-t-clear-sgid-when-inheriting-acls.patch
-bugfix/all/jfs-don-t-clear-sgid-when-inheriting-acls.patch
-bugfix/all/xfs-don-t-clear-sgid-when-inheriting-acls.patch
-bugfix/all/f2fs-don-t-clear-sgid-when-inheriting-acls.patch
-bugfix/all/ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch
-bugfix/all/ext4-don-t-clear-sgid-when-inheriting-acls.patch
bugfix/all/vfs-avoid-creation-of-inode-number-0-in-get_next_ino.patch
# memfd_create() & kdbus backport
@@ -690,13 +680,6 @@ bugfix/all/pie-aslr/mm-revert-x86_64-and-arm64-elf_et_dyn_base-base-chan.patch
# Security fixes
bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch
-bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
-bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
-bugfix/all/scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch
-bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
-bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch
-bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
-bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch
# Fix ABI changes
debian/of-fix-abi-changes.patch
@@ -760,3 +743,12 @@ debian/revert-scsi-scsi_error-count-medium-access-timeout-only-once.patch
debian/ttm-avoid-abi-change-for-ttm_ref_object_add-require_existed.patch
debian/ptrace-avoid-abi-change-in-3.16.48.patch
debian/xfrm-avoid-abi-change-in-3.16.48.patch
+debian/sched-avoid-abi-change-in-3.16.49.patch
+debian/cpumask-avoid-abi-change-in-3.16.50.patch
+debian/dm-avoid-abi-change-in-3.16.50.patch
+debian/gpio-avoid-abi-change-in-3.16.50.patch
+debian/ip6_fib-avoid-abi-change-in-3.16.50.patch
+debian/ip_fib-avoid-abi-change-in-3.16.50.patch
+debian/mm-avoid-abi-change-in-3.16.50.patch
+debian/inet_frag-limit-abi-change-in-3.16.51.patch
+debian/s390-mm-avoid-abi-change-in-3.16.51.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list