[linux] 04/04: Update to 3.2.93
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Sep 18 00:30:42 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit a9338ddbee527ff75b0e5427b0955ef9fc5c0871
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Mon Sep 18 00:45:43 2017 +0100
Update to 3.2.93
---
debian/changelog | 75 +++++++++++++++++++++-
.../all/ipv6-fix-leak-in-ipv6_gso_segment.patch | 31 ---------
...andle-errors-reported-by-xfrm6_find_1stfr.patch | 40 ------------
.../xfrm-policy-check-policy-direction-value.patch | 40 ------------
.../debian/ptrace-avoid-abi-change-in-3.2.93.patch | 24 +++++++
.../rtnetlink-avoid-ABI-change-in-3.2.34.patch | 7 +-
.../debian/xfrm-avoid-abi-change-in-3.2.93.patch | 25 ++++++++
.../drm/Remove-gma500-driver-from-staging.patch | 20 +++---
debian/patches/features/all/drm/drm-3.4.patch | 29 ++++++++-
.../features/all/net-add-kfree_skb_list.patch | 56 ----------------
debian/patches/series | 6 +-
11 files changed, 168 insertions(+), 185 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index d47e882..deaf219 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (3.2.92-1) UNRELEASED; urgency=medium
+linux (3.2.93-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.90
@@ -141,10 +141,81 @@ linux (3.2.92-1) UNRELEASED; urgency=medium
- timerfd: Protect the might cancel mechanism proper (CVE-2017-10661)
- mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
- packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.93
+ - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
+ - af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
+ - tcp: avoid fragmenting peculiar skbs in SACK
+ - USB: serial: ftdi_sio: fix setting latency for unprivileged users
+ - USB: serial: io_ti: fix div-by-zero in set_termios
+ - tcp: eliminate negative reordering in tcp_clean_rtx_queue
+ - [x86] USB: usbip: fix nonconforming hub descriptor
+ - USB: hub: fix SS hub-descriptor handling
+ - USB: hub: fix non-SS hub-descriptor handling
+ - USB: hub: fix SS max number of ports
+ - mac80211: strictly check mesh address extension mode
+ - tracing/kprobes: Enforce kprobes teardown after testing
+ - xhci: workaround for hosts missing CAS bit
+ - usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
+ - usb: host: xhci: simplify irq handler return
+ - USB: xhci: fix lock-inversion problem
+ - drivers: char: mem: Check for address space wraparound with mmap()
+ - watchdog: pcwd_usb: fix NULL-deref at probe
+ - [x86] KVM: Fix read out-of-bounds vulnerability in kvm pio emulation
+ - [x86] KVM: fix use of uninitialized memory as segment descriptor in
+ emulator.
+ - [x86] KVM: zero base3 of unusable segments
+ - ext4: keep existing extra fields when inode expands
+ - i2c: i2c-tiny-usb: fix buffer not being DMA capable
+ - crypto: gcm - wait for crypto op not signal safe
+ - block: fix an error code in add_partition()
+ - libceph: NULL deref on crush_decode() error path
+ - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
+ - [arm*] ASoC: Fix use-after-free at card unregistration
+ - scsi: qla2xxx: don't disable a not previously enabled PCI device
+ - net: ethernet: ax88796: don't call free_irq without request_irq first
+ - ext4: fix data corruption for mmap writes
+ - ext4: fix fdatasync(2) after extent manipulation operations
+ - net: phy: fix marvell phy status reading
+ - usb: gadget: f_mass_storage: Serialize wake and sleep execution
+ - drivers: char: mem: Fix wraparound check to allow mappings up to the end
+ - alarmtimer: Prevent overflow of relative timers
+ - alarmtimer: Rate limit periodic intervals
+ - rc-core: race condition during ir_raw_event_register()
+ - net: ping: do not abuse udp_poll()
+ - vb2: fix plane index sanity check in vb2_plane_cookie()
+ - vb2: Fix an off by one error in 'vb2_plane_vaddr'
+ - net: ethoc: enable NAPI before poll may be scheduled
+ - [x86] KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid
+ emulation
+ - KEYS: fix dereferencing NULL payload with nonzero length
+ - fix ufs_isblockset()
+ - ufs: set correct ->s_maxsize
+ - excessive checks in ufs_write_failed() and ufs_evict_inode()
+ - [x86] KVM: async_pf: avoid async pf injection when in guest mode
+ - configfs: Fix race between create_link and configfs_rmdir
+ - selinux: fix double free in selinux_parse_opts_str()
+ - xfrm: Oops on error in pfkey_msg2xfrm_state()
+ - xfrm: NULL dereference on allocation failure
+ - swap: cond_resched in swap_cgroup_prepare()
+ - signal: Only reschedule timers on signals timers have sent
+ - rtnetlink: add IFLA_GROUP to ifla_policy
+ - ipv6: avoid unregistering inet6_dev for loopback
+ - autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
+ - lib/cmdline.c: fix get_options() overflow while parsing ranges
+ - net: prevent sign extension in dev_get_stats()
+ - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106)
+ - xfrm: policy: check policy direction value (CVE-2017-11600)
+ - xen: fix bio vec merging (CVE-2017-12134)
+ - ptrace: use fsuid, fsgid, effective creds for fs access checks
+ - mm: fix move/migrate_pages() race on task struct
+ - mm: fix NULL ptr dereference in migrate_pages
+ - mm: fix NULL ptr dereference in move_pages
+ - Sanitize 'move_pages()' permission checks (CVE-2017-14140)
+ - net: phy: marvell: Limit errata to 88m1101
[ Ben Hutchings ]
- * xfrm: policy: check policy direction value (CVE-2017-11600)
* [rt] Update to 3.2.89-rt127 (no functional change)
+ * ptrace, xfrm: Avoid ABI changes in 3.2.93
-- Ben Hutchings <ben at decadent.org.uk> Mon, 03 Jul 2017 17:17:55 +0100
diff --git a/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch b/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
deleted file mode 100644
index 0d0bbe8..0000000
--- a/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: "David S. Miller" <davem at davemloft.net>
-Date: Sun, 4 Jun 2017 21:41:10 -0400
-Subject: ipv6: Fix leak in ipv6_gso_segment().
-Origin: https://git.kernel.org/linus/e3e86b5119f81e5e2499bea7ea1ebe8ac6aab789
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9074
-
-If ip6_find_1stfragopt() fails and we return an error we have to free
-up 'segs' because nobody else is going to.
-
-Fixes: 2423496af35d ("ipv6: Prevent overrun when parsing v6 header options")
-Reported-by: Ben Hutchings <ben at decadent.org.uk>
-Signed-off-by: David S. Miller <davem at davemloft.net>
-[bwh: Backported to 3.2: adjust filename, context]
----
- net/ipv6/af_inet6.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
---- a/net/ipv6/af_inet6.c
-+++ b/net/ipv6/af_inet6.c
-@@ -824,8 +824,10 @@ static struct sk_buff *ipv6_gso_segment(
- sizeof(*ipv6h));
- if (proto == IPPROTO_UDP) {
- int err = ip6_find_1stfragopt(skb, &prevhdr);
-- if (err < 0)
-+ if (err < 0) {
-+ kfree_skb_list(segs);
- return ERR_PTR(err);
-+ }
- fptr = (struct frag_hdr *)(skb_network_header(skb) +
- err);
- fptr->frag_off = htons(offset);
diff --git a/debian/patches/bugfix/all/ipv6-xfrm-handle-errors-reported-by-xfrm6_find_1stfr.patch b/debian/patches/bugfix/all/ipv6-xfrm-handle-errors-reported-by-xfrm6_find_1stfr.patch
deleted file mode 100644
index 4741678..0000000
--- a/debian/patches/bugfix/all/ipv6-xfrm-handle-errors-reported-by-xfrm6_find_1stfr.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Wed, 31 May 2017 13:15:41 +0100
-Subject: ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
-Origin: https://git.kernel.org/linus/6e80ac5cc992ab6256c3dae87f7e57db15e1a58c
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9074
-
-xfrm6_find_1stfragopt() may now return an error code and we must
-not treat it as a length.
-
-Fixes: 2423496af35d ("ipv6: Prevent overrun when parsing v6 header options")
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
-Acked-by: Craig Gallek <kraig at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/ipv6/xfrm6_mode_ro.c | 2 ++
- net/ipv6/xfrm6_mode_transport.c | 2 ++
- 2 files changed, 4 insertions(+)
-
---- a/net/ipv6/xfrm6_mode_ro.c
-+++ b/net/ipv6/xfrm6_mode_ro.c
-@@ -48,6 +48,8 @@ static int xfrm6_ro_output(struct xfrm_s
- iph = ipv6_hdr(skb);
-
- hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
-+ if (hdr_len < 0)
-+ return hdr_len;
- skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
- skb_set_network_header(skb, -x->props.header_len);
- skb->transport_header = skb->network_header + hdr_len;
---- a/net/ipv6/xfrm6_mode_transport.c
-+++ b/net/ipv6/xfrm6_mode_transport.c
-@@ -28,6 +28,8 @@ static int xfrm6_transport_output(struct
- iph = ipv6_hdr(skb);
-
- hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
-+ if (hdr_len < 0)
-+ return hdr_len;
- skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
- skb_set_network_header(skb, -x->props.header_len);
- skb->transport_header = skb->network_header + hdr_len;
diff --git a/debian/patches/bugfix/all/xfrm-policy-check-policy-direction-value.patch b/debian/patches/bugfix/all/xfrm-policy-check-policy-direction-value.patch
deleted file mode 100644
index 251d090..0000000
--- a/debian/patches/bugfix/all/xfrm-policy-check-policy-direction-value.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Vladis Dronov <vdronov at redhat.com>
-Date: Wed, 2 Aug 2017 19:50:14 +0200
-Subject: xfrm: policy: check policy direction value
-Origin: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git/commit?id=7bab09631c2a303f87a7eb7e3d69e888673b9b7e
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-11600
-
-The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used
-as an array index. This can lead to an out-of-bound access, kernel lockup and
-DoS. Add a check for the 'dir' value.
-
-This fixes CVE-2017-11600.
-
-References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928
-Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")
-Cc: <stable at vger.kernel.org> # v2.6.21-rc1
-Reported-by: "bo Zhang" <zhangbo5891001 at gmail.com>
-Signed-off-by: Vladis Dronov <vdronov at redhat.com>
-Signed-off-by: Steffen Klassert <steffen.klassert at secunet.com>
----
- net/xfrm/xfrm_policy.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/net/xfrm/xfrm_policy.c
-+++ b/net/xfrm/xfrm_policy.c
-@@ -2942,9 +2942,15 @@ int xfrm_migrate(const struct xfrm_selec
- struct xfrm_state *x_new[XFRM_MAX_DEPTH];
- struct xfrm_migrate *mp;
-
-+ /* Stage 0 - sanity checks */
- if ((err = xfrm_migrate_check(m, num_migrate)) < 0)
- goto out;
-
-+ if (dir >= XFRM_POLICY_MAX) {
-+ err = -EINVAL;
-+ goto out;
-+ }
-+
- /* Stage 1 - find policy */
- if ((pol = xfrm_migrate_policy_find(sel, dir, type)) == NULL) {
- err = -ENOENT;
diff --git a/debian/patches/debian/ptrace-avoid-abi-change-in-3.2.93.patch b/debian/patches/debian/ptrace-avoid-abi-change-in-3.2.93.patch
new file mode 100644
index 0000000..f9a5791
--- /dev/null
+++ b/debian/patches/debian/ptrace-avoid-abi-change-in-3.2.93.patch
@@ -0,0 +1,24 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 18 Sep 2017 00:30:42 +0100
+Subject: ptrace: Avoid ABI change in 3.2.93
+Forwarded: not-needed
+
+ptrace_may_access() now expects the given mode to include exactly one
+of the PTRACE_MODE_FSCREDS and PTRACE_MODE_REALCREDS flags, and always
+fails (-EPERM) otherwise. Old out-of-tree modules won't set either of
+these flags, so revert to the old behaviour in this case.
+
+---
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+@@ -224,6 +224,10 @@ int __ptrace_may_access(struct task_stru
+ uid_t caller_uid;
+ gid_t caller_gid;
+
++ /* bwh: Use old behaviour for any out-of-tree modules */
++ if ((mode & (PTRACE_MODE_FSCREDS | PTRACE_MODE_REALCREDS)) == 0) {
++ mode |= PTRACE_MODE_REALCREDS;
++ } else
+ if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
+ WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
+ return -EPERM;
diff --git a/debian/patches/debian/rtnetlink-avoid-ABI-change-in-3.2.34.patch b/debian/patches/debian/rtnetlink-avoid-ABI-change-in-3.2.34.patch
index 39e3dc1..993f50a 100644
--- a/debian/patches/debian/rtnetlink-avoid-ABI-change-in-3.2.34.patch
+++ b/debian/patches/debian/rtnetlink-avoid-ABI-change-in-3.2.34.patch
@@ -27,17 +27,18 @@ hide the change from genksyms.
rtnl_doit_func, rtnl_dumpit_func,
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
-@@ -1116,7 +1116,9 @@ const struct nla_policy ifla_policy[IFLA
+@@ -1142,8 +1142,10 @@ const struct nla_policy ifla_policy[IFLA
[IFLA_VF_PORTS] = { .type = NLA_NESTED },
[IFLA_PORT_SELF] = { .type = NLA_NESTED },
[IFLA_AF_SPEC] = { .type = NLA_NESTED },
+#ifndef __GENKSYMS__
[IFLA_EXT_MASK] = { .type = NLA_U32 },
+ [IFLA_GROUP] = { .type = NLA_U32 },
+#endif
};
EXPORT_SYMBOL(ifla_policy);
-@@ -2020,7 +2022,9 @@ static int rtnetlink_rcv_msg(struct sk_b
+@@ -2053,7 +2055,9 @@ static int rtnetlink_rcv_msg(struct sk_b
return -EOPNOTSUPP;
calcit = rtnl_get_calcit(family, type);
if (calcit)
@@ -48,7 +49,7 @@ hide the change from genksyms.
__rtnl_unlock();
rtnl = net->rtnl;
-@@ -2136,7 +2140,7 @@ void __init rtnetlink_init(void)
+@@ -2169,7 +2173,7 @@ void __init rtnetlink_init(void)
register_netdevice_notifier(&rtnetlink_dev_notifier);
rtnl_register(PF_UNSPEC, RTM_GETLINK, rtnl_getlink,
diff --git a/debian/patches/debian/xfrm-avoid-abi-change-in-3.2.93.patch b/debian/patches/debian/xfrm-avoid-abi-change-in-3.2.93.patch
new file mode 100644
index 0000000..d7bceb9
--- /dev/null
+++ b/debian/patches/debian/xfrm-avoid-abi-change-in-3.2.93.patch
@@ -0,0 +1,25 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Mon, 18 Sep 2017 00:37:17 +0100
+Subject: xfrm: Avoid ABI change in 3.2.93
+Forwarded: not-needed
+
+Commit 9b3eb54106cf6acd03f07cf0ab01c13676a226c2 "xfrm: fix stack
+access out of bounds with CONFIG_XFRM_SUB_POLICY" removed two members
+from xfrm_dst that were written and never read. We should retain them
+as always-zero to avoid ABI breakage.
+
+---
+--- a/include/net/xfrm.h
++++ b/include/net/xfrm.h
+@@ -922,6 +922,11 @@ struct xfrm_dst {
+ struct flow_cache_object flo;
+ struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
+ int num_pols, num_xfrms;
++#ifdef CONFIG_XFRM_SUB_POLICY
++ /* bwh: unused, for binary compatibility */
++ struct flowi *origin;
++ struct xfrm_selector *partner;
++#endif
+ u32 xfrm_genid;
+ u32 policy_genid;
+ u32 route_mtu_cached;
diff --git a/debian/patches/features/all/drm/Remove-gma500-driver-from-staging.patch b/debian/patches/features/all/drm/Remove-gma500-driver-from-staging.patch
index a64fe70..f1ef477 100644
--- a/debian/patches/features/all/drm/Remove-gma500-driver-from-staging.patch
+++ b/debian/patches/features/all/drm/Remove-gma500-driver-from-staging.patch
@@ -25889,7 +25889,7 @@ It moved to the main tree
-#endif /* __INTEL_DRV_H__ */
--- a/drivers/staging/gma500/psb_intel_lvds.c
+++ /dev/null
-@@ -1,854 +0,0 @@
+@@ -1,858 +0,0 @@
-/*
- * Copyright © 2006-2007 Intel Corporation
- *
@@ -26684,20 +26684,23 @@ It moved to the main tree
- if (scan->type & DRM_MODE_TYPE_PREFERRED) {
- mode_dev->panel_fixed_mode =
- drm_mode_duplicate(dev, scan);
+- DRM_DEBUG_KMS("Using mode from DDC\n");
- goto out; /* FIXME: check for quirks */
- }
- }
-
- /* Failed to get EDID, what about VBT? do we need this? */
-- if (mode_dev->vbt_mode)
+- if (dev_priv->lfp_lvds_vbt_mode) {
- mode_dev->panel_fixed_mode =
-- drm_mode_duplicate(dev, mode_dev->vbt_mode);
+- drm_mode_duplicate(dev, dev_priv->lfp_lvds_vbt_mode);
-
-- if (!mode_dev->panel_fixed_mode)
-- if (dev_priv->lfp_lvds_vbt_mode)
-- mode_dev->panel_fixed_mode =
-- drm_mode_duplicate(dev,
-- dev_priv->lfp_lvds_vbt_mode);
+- if (mode_dev->panel_fixed_mode) {
+- mode_dev->panel_fixed_mode->type |=
+- DRM_MODE_TYPE_PREFERRED;
+- DRM_DEBUG_KMS("Using mode from VBT\n");
+- goto out;
+- }
+- }
-
- /*
- * If we didn't get EDID, try checking if the panel is already turned
@@ -26714,6 +26717,7 @@ It moved to the main tree
- if (mode_dev->panel_fixed_mode) {
- mode_dev->panel_fixed_mode->type |=
- DRM_MODE_TYPE_PREFERRED;
+- DRM_DEBUG_KMS("Using pre-programmed mode\n");
- goto out; /* FIXME: check for quirks */
- }
- }
diff --git a/debian/patches/features/all/drm/drm-3.4.patch b/debian/patches/features/all/drm/drm-3.4.patch
index 1831e44..75fd46e 100644
--- a/debian/patches/features/all/drm/drm-3.4.patch
+++ b/debian/patches/features/all/drm/drm-3.4.patch
@@ -86302,7 +86302,7 @@ index b6e18c8db9f5..9c6b29a41927 100644
tmp = RREG32_PLL(RADEON_VCLK_ECP_CNTL);
tmp &= ~(RADEON_PIXCLK_ALWAYS_ONb |
diff --git a/drivers/gpu/drm/radeon/radeon_combios.c b/drivers/gpu/drm/radeon/radeon_combios.c
-index 87a677e91927..69c2dd085722 100644
+index 9ac606fffc0a..69c2dd085722 100644
--- a/drivers/gpu/drm/radeon/radeon_combios.c
+++ b/drivers/gpu/drm/radeon/radeon_combios.c
@@ -2927,7 +2927,7 @@ bool radeon_combios_external_tmds_setup(struct drm_encoder *encoder)
@@ -86339,6 +86339,20 @@ index 87a677e91927..69c2dd085722 100644
}
break;
default:
+@@ -3406,13 +3406,6 @@ void radeon_combios_asic_init(struct drm_device *dev)
+ rdev->pdev->subsystem_vendor == 0x103c &&
+ rdev->pdev->subsystem_device == 0x280a)
+ return;
+- /* quirk for rs4xx Toshiba Sattellite L20-183 latop to make it resume
+- * - it hangs on resume inside the dynclk 1 table.
+- */
+- if (rdev->family == CHIP_RS400 &&
+- rdev->pdev->subsystem_vendor == 0x1179 &&
+- rdev->pdev->subsystem_device == 0xff31)
+- return;
+
+ /* DYN CLK 1 */
+ table = combios_get_table_offset(dev, COMBIOS_DYN_CLK_1_TABLE);
diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
index 40633f3ad044..9c5d96cb6e14 100644
--- a/drivers/gpu/drm/radeon/radeon_connectors.c
@@ -105484,6 +105498,19 @@ index 0854a2096b55..faf2e7873860 100644
+ uint32_t *tv_usec,
+ bool interruptible);
#endif /* _VMWGFX_FENCE_H_ */
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
+index ea9358313b3f..decca8251bfa 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c
+@@ -368,8 +368,6 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes)
+ return fifo_state->static_buffer;
+ else {
+ fifo_state->dynamic_buffer = vmalloc(bytes);
+- if (!fifo_state->dynamic_buffer)
+- goto out_err;
+ return fifo_state->dynamic_buffer;
+ }
+ }
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gmr.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gmr.c
index 295224947c6b..e1978a2a4982 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_gmr.c
diff --git a/debian/patches/features/all/net-add-kfree_skb_list.patch b/debian/patches/features/all/net-add-kfree_skb_list.patch
deleted file mode 100644
index b7e3028..0000000
--- a/debian/patches/features/all/net-add-kfree_skb_list.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Sun, 18 Jun 2017 02:36:32 +0100
-Subject: net: add kfree_skb_list()
-Forwarded: not-needed
-
-Extracted from upstream commit bd8a7036c06c "gre: fix a possible skb leak".
-
-This patch adds a kfree_skb_list() helper.
----
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -534,6 +534,7 @@ static inline struct rtable *skb_rtable(
- }
-
- extern void kfree_skb(struct sk_buff *skb);
-+extern void kfree_skb_list(struct sk_buff *segs);
- extern void consume_skb(struct sk_buff *skb);
- extern void __kfree_skb(struct sk_buff *skb);
- extern struct sk_buff *__alloc_skb(unsigned int size,
---- a/net/core/skbuff.c
-+++ b/net/core/skbuff.c
-@@ -277,15 +277,8 @@ EXPORT_SYMBOL(dev_alloc_skb);
-
- static void skb_drop_list(struct sk_buff **listp)
- {
-- struct sk_buff *list = *listp;
--
-+ kfree_skb_list(*listp);
- *listp = NULL;
--
-- do {
-- struct sk_buff *this = list;
-- list = list->next;
-- kfree_skb(this);
-- } while (list);
- }
-
- static inline void skb_drop_fraglist(struct sk_buff *skb)
-@@ -436,6 +429,17 @@ void kfree_skb(struct sk_buff *skb)
- }
- EXPORT_SYMBOL(kfree_skb);
-
-+void kfree_skb_list(struct sk_buff *segs)
-+{
-+ while (segs) {
-+ struct sk_buff *next = segs->next;
-+
-+ kfree_skb(segs);
-+ segs = next;
-+ }
-+}
-+EXPORT_SYMBOL(kfree_skb_list);
-+
- /**
- * consume_skb - free an skbuff
- * @skb: buffer to free
diff --git a/debian/patches/series b/debian/patches/series
index e3d566c..ebfcaef 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1109,11 +1109,7 @@ bugfix/all/ecryptfs-fix-handling-of-directory-opening.patch
bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch
bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch
-bugfix/all/ipv6-xfrm-handle-errors-reported-by-xfrm6_find_1stfr.patch
-features/all/net-add-kfree_skb_list.patch
-bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
bugfix/arm/mm-larger-stack-guard-gap-between-vmas-arm-topdown.patch
-bugfix/all/xfrm-policy-check-policy-direction-value.patch
# ABI maintenance
debian/perf-hide-abi-change-in-3.2.30.patch
@@ -1183,3 +1179,5 @@ debian/i8042-revert-abi-break-in-3.2.84.patch
debian/fs-fix-abi-change-in-3.2.84.patch
debian/net-fix-abi-change-for-sk_filter-changes.patch
debian/net-avoid-abi-change-for-net-fix-sk_mem_reclaim_partial.patch
+debian/ptrace-avoid-abi-change-in-3.2.93.patch
+debian/xfrm-avoid-abi-change-in-3.2.93.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list