diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2016-11-13 20:35:21 +0000 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2016-11-13 20:35:21 +0000 |
| commit | b15e0cf4598658c2c8f6b8b81157eeb14ea6a0e7 (patch) | |
| tree | f40850a0d894852893214154350443a4409cdb82 | |
| parent | 993ab494e5bfff8e61a2a318d94d7764b58e42c9 (diff) | |
Update to 4.9-rc5
8 files changed, 20 insertions, 257 deletions
diff --git a/debian/changelog b/debian/changelog index 483c0b6e0..241903ba9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,6 @@ -linux (4.9~rc3-1~exp2) UNRELEASED; urgency=medium +linux (4.9~rc5-1~exp1) UNRELEASED; urgency=medium + + * New upstream release candidate [ Aurelien Jarno ] * Enable MAC802154, IEEE802154_ADF7242, IEEE802154_AT86RF230, diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch index a63fc4a66..cc8d017f8 100644 --- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -355,7 +355,7 @@ upstream submission. } --- a/drivers/media/usb/dvb-usb/dib0700_devices.c +++ b/drivers/media/usb/dvb-usb/dib0700_devices.c -@@ -2410,12 +2410,9 @@ static int stk9090m_frontend_attach(stru +@@ -2411,12 +2411,9 @@ static int stk9090m_frontend_attach(stru dib9000_i2c_enumeration(&adap->dev->i2c_adap, 1, 0x10, 0x80); @@ -370,7 +370,7 @@ upstream submission. stk9090m_config.microcode_B_fe_size = state->frontend_firmware->size; stk9090m_config.microcode_B_fe_buffer = state->frontend_firmware->data; -@@ -2476,12 +2473,9 @@ static int nim9090md_frontend_attach(str +@@ -2477,12 +2474,9 @@ static int nim9090md_frontend_attach(str msleep(20); dib0700_set_gpio(adap->dev, GPIO0, GPIO_OUT, 1); @@ -406,7 +406,7 @@ upstream submission. case CYPRESS_AN2135: --- a/drivers/media/usb/dvb-usb/gp8psk.c +++ b/drivers/media/usb/dvb-usb/gp8psk.c -@@ -116,20 +116,14 @@ static int gp8psk_load_bcm4500fw(struct +@@ -134,20 +134,14 @@ static int gp8psk_load_bcm4500fw(struct const u8 *ptr; u8 *buf; if ((ret = request_firmware(&fw, bcm4500_firmware, @@ -1032,7 +1032,7 @@ upstream submission. --- a/drivers/media/usb/s2255/s2255drv.c +++ b/drivers/media/usb/s2255/s2255drv.c -@@ -2297,10 +2297,8 @@ static int s2255_probe(struct usb_interf +@@ -2308,10 +2308,8 @@ static int s2255_probe(struct usb_interf } /* load the first chunk */ if (request_firmware(&dev->fw_data->fw, @@ -1163,7 +1163,7 @@ upstream submission. --- a/drivers/net/ethernet/broadcom/bnx2.c +++ b/drivers/net/ethernet/broadcom/bnx2.c -@@ -3720,16 +3720,13 @@ static int bnx2_request_uncached_firmwar +@@ -3725,16 +3725,13 @@ static int bnx2_request_uncached_firmwar } rc = request_firmware(&bp->mips_firmware, mips_fw_file, &bp->pdev->dev); @@ -1731,17 +1731,17 @@ upstream submission. if (!err) goto found_alt; } -- pr_err("Firmware %s not available\n", rtlpriv->cfg->fw_name); +- pr_err("Selected firmware is not available\n"); rtlpriv->max_fw_size = 0; return; } --- a/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192se/sw.c -@@ -94,7 +94,6 @@ static void rtl92se_fw_cb(const struct f +@@ -95,7 +95,6 @@ static void rtl92se_fw_cb(const struct f "Firmware callback routine entered!\n"); complete(&rtlpriv->firmware_loading_complete); if (!firmware) { -- pr_err("Firmware %s not available\n", rtlpriv->cfg->fw_name); +- pr_err("Firmware %s not available\n", fw_name); rtlpriv->max_fw_size = 0; return; } @@ -1965,7 +1965,7 @@ upstream submission. if (qla82xx_validate_firmware_blob(vha, --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -5620,8 +5620,6 @@ qla2x00_request_firmware(scsi_qla_host_t +@@ -5636,8 +5636,6 @@ qla2x00_request_firmware(scsi_qla_host_t goto out; if (request_firmware(&blob->fw, blob->name, &ha->pdev->dev)) { @@ -2526,7 +2526,7 @@ upstream submission. filename, emu->firmware->size); --- a/sound/pci/hda/hda_intel.c +++ b/sound/pci/hda/hda_intel.c -@@ -1812,10 +1812,8 @@ static void azx_firmware_cb(const struct +@@ -1815,10 +1815,8 @@ static void azx_firmware_cb(const struct struct azx *chip = card->private_data; struct pci_dev *pci = chip->pci; diff --git a/debian/patches/bugfix/all/kbuild-add-fno-pie.patch b/debian/patches/bugfix/all/kbuild-add-fno-pie.patch index 67d087ebc..6326b306b 100644 --- a/debian/patches/bugfix/all/kbuild-add-fno-pie.patch +++ b/debian/patches/bugfix/all/kbuild-add-fno-pie.patch @@ -25,9 +25,9 @@ Signed-off-by: Michal Marek <mmarek@suse.com> --- a/Makefile +++ b/Makefile -@@ -624,6 +624,8 @@ include arch/$(SRCARCH)/Makefile +@@ -623,6 +623,8 @@ include arch/$(SRCARCH)/Makefile + KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,) - KBUILD_CFLAGS += $(call cc-disable-warning,maybe-uninitialized,) KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,) +KBUILD_CFLAGS += $(call cc-option,-fno-PIE) +KBUILD_AFLAGS += $(call cc-option,-fno-PIE) diff --git a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch index 774477e24..c4f5baf03 100644 --- a/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch +++ b/debian/patches/bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch @@ -64,16 +64,16 @@ the kernel. # Usage: KBUILD_ARFLAGS := $(call ar-option,D) --- a/Makefile +++ b/Makefile -@@ -634,6 +634,8 @@ KBUILD_CFLAGS += -O2 - endif - endif +@@ -642,6 +642,8 @@ endif + KBUILD_CFLAGS += $(call cc-ifversion, -lt, 0409, \ + $(call cc-disable-warning,maybe-uninitialized,)) +NOSTDINC_FLAGS += -nostdinc + # Tell gcc to never replace conditional load with a non-conditional one KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) -@@ -752,7 +754,7 @@ KBUILD_CFLAGS += $(call cc-option, -fno- +@@ -760,7 +762,7 @@ KBUILD_CFLAGS += $(call cc-option, -fno- endif # arch Makefile may override CC so keep this after arch Makefile is included diff --git a/debian/patches/bugfix/all/net-add-recursion-limit-to-gro.patch b/debian/patches/bugfix/all/net-add-recursion-limit-to-gro.patch deleted file mode 100644 index d6cfd4b79..000000000 --- a/debian/patches/bugfix/all/net-add-recursion-limit-to-gro.patch +++ /dev/null @@ -1,201 +0,0 @@ -From: Sabrina Dubroca <sd@queasysnail.net> -Date: Mon, 10 Oct 2016 15:43:46 +0200 -Subject: net: add recursion limit to GRO -Origin: https://patchwork.ozlabs.org/patch/680412/ - -Currently, GRO can do unlimited recursion through the gro_receive -handlers. This was fixed for tunneling protocols by limiting tunnel GRO -to one level with encap_mark, but both VLAN and TEB still have this -problem. Thus, the kernel is vulnerable to a stack overflow, if we -receive a packet composed entirely of VLAN headers. - -This patch adds a recursion counter to the GRO layer to prevent stack -overflow. When a gro_receive function hits the recursion limit, GRO is -aborted for this skb and it is processed normally. - -Thanks to Vladimír Beneš <vbenes@redhat.com> for the initial bug report. - -Fixes: CVE-2016-7039 -Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.") -Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan") -Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> -Reviewed-by: Jiri Benc <jbenc@redhat.com> -Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> ---- - drivers/net/geneve.c | 2 +- - drivers/net/vxlan.c | 2 +- - include/linux/netdevice.h | 24 +++++++++++++++++++++++- - net/8021q/vlan.c | 2 +- - net/core/dev.c | 1 + - net/ethernet/eth.c | 2 +- - net/ipv4/af_inet.c | 2 +- - net/ipv4/fou.c | 4 ++-- - net/ipv4/gre_offload.c | 2 +- - net/ipv4/udp_offload.c | 8 +++++++- - net/ipv6/ip6_offload.c | 2 +- - 11 files changed, 40 insertions(+), 11 deletions(-) - ---- a/drivers/net/geneve.c -+++ b/drivers/net/geneve.c -@@ -471,7 +471,7 @@ static struct sk_buff **geneve_gro_recei - - skb_gro_pull(skb, gh_len); - skb_gro_postpull_rcsum(skb, gh, gh_len); -- pp = ptype->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb); - flush = 0; - - out_unlock: ---- a/drivers/net/vxlan.c -+++ b/drivers/net/vxlan.c -@@ -601,7 +601,7 @@ static struct sk_buff **vxlan_gro_receiv - } - } - -- pp = eth_gro_receive(head, skb); -+ pp = call_gro_receive(eth_gro_receive, head, skb); - flush = 0; - - out: ---- a/include/linux/netdevice.h -+++ b/include/linux/netdevice.h -@@ -2114,7 +2114,10 @@ struct napi_gro_cb { - /* Used to determine if flush_id can be ignored */ - u8 is_atomic:1; - -- /* 5 bit hole */ -+ /* Number of gro_receive callbacks this packet already went through */ -+ u8 recursion_counter:4; -+ -+ /* 1 bit hole */ - - /* used to support CHECKSUM_COMPLETE for tunneling protocols */ - __wsum csum; -@@ -2125,6 +2128,25 @@ struct napi_gro_cb { - - #define NAPI_GRO_CB(skb) ((struct napi_gro_cb *)(skb)->cb) - -+#define GRO_RECURSION_LIMIT 15 -+static inline int gro_recursion_inc_test(struct sk_buff *skb) -+{ -+ return ++NAPI_GRO_CB(skb)->recursion_counter == GRO_RECURSION_LIMIT; -+} -+ -+typedef struct sk_buff **(*gro_receive_t)(struct sk_buff **, struct sk_buff *); -+static inline struct sk_buff **call_gro_receive(gro_receive_t cb, -+ struct sk_buff **head, -+ struct sk_buff *skb) -+{ -+ if (gro_recursion_inc_test(skb)) { -+ NAPI_GRO_CB(skb)->flush |= 1; -+ return NULL; -+ } -+ -+ return cb(head, skb); -+} -+ - struct packet_type { - __be16 type; /* This is really htons(ether_type). */ - struct net_device *dev; /* NULL is wildcarded here */ ---- a/net/8021q/vlan.c -+++ b/net/8021q/vlan.c -@@ -664,7 +664,7 @@ static struct sk_buff **vlan_gro_receive - - skb_gro_pull(skb, sizeof(*vhdr)); - skb_gro_postpull_rcsum(skb, vhdr, sizeof(*vhdr)); -- pp = ptype->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb); - - out_unlock: - rcu_read_unlock(); ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -4500,6 +4500,7 @@ static enum gro_result dev_gro_receive(s - NAPI_GRO_CB(skb)->flush = 0; - NAPI_GRO_CB(skb)->free = 0; - NAPI_GRO_CB(skb)->encap_mark = 0; -+ NAPI_GRO_CB(skb)->recursion_counter = 0; - NAPI_GRO_CB(skb)->is_fou = 0; - NAPI_GRO_CB(skb)->is_atomic = 1; - NAPI_GRO_CB(skb)->gro_remcsum_start = 0; ---- a/net/ethernet/eth.c -+++ b/net/ethernet/eth.c -@@ -439,7 +439,7 @@ struct sk_buff **eth_gro_receive(struct - - skb_gro_pull(skb, sizeof(*eh)); - skb_gro_postpull_rcsum(skb, eh, sizeof(*eh)); -- pp = ptype->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb); - - out_unlock: - rcu_read_unlock(); ---- a/net/ipv4/af_inet.c -+++ b/net/ipv4/af_inet.c -@@ -1388,7 +1388,7 @@ struct sk_buff **inet_gro_receive(struct - skb_gro_pull(skb, sizeof(*iph)); - skb_set_transport_header(skb, skb_gro_offset(skb)); - -- pp = ops->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb); - - out_unlock: - rcu_read_unlock(); ---- a/net/ipv4/fou.c -+++ b/net/ipv4/fou.c -@@ -219,7 +219,7 @@ static struct sk_buff **fou_gro_receive( - if (!ops || !ops->callbacks.gro_receive) - goto out_unlock; - -- pp = ops->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb); - - out_unlock: - rcu_read_unlock(); -@@ -387,7 +387,7 @@ static struct sk_buff **gue_gro_receive( - if (WARN_ON_ONCE(!ops || !ops->callbacks.gro_receive)) - goto out_unlock; - -- pp = ops->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb); - flush = 0; - - out_unlock: ---- a/net/ipv4/gre_offload.c -+++ b/net/ipv4/gre_offload.c -@@ -227,7 +227,7 @@ static struct sk_buff **gre_gro_receive( - /* Adjusted NAPI_GRO_CB(skb)->csum after skb_gro_pull()*/ - skb_gro_postpull_rcsum(skb, greh, grehlen); - -- pp = ptype->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb); - flush = 0; - - out_unlock: ---- a/net/ipv4/udp_offload.c -+++ b/net/ipv4/udp_offload.c -@@ -293,7 +293,13 @@ unflush: - - skb_gro_pull(skb, sizeof(struct udphdr)); /* pull encapsulating udp header */ - skb_gro_postpull_rcsum(skb, uh, sizeof(struct udphdr)); -- pp = udp_sk(sk)->gro_receive(sk, head, skb); -+ -+ if (gro_recursion_inc_test(skb)) { -+ flush = 1; -+ pp = NULL; -+ } else { -+ pp = udp_sk(sk)->gro_receive(sk, head, skb); -+ } - - out_unlock: - rcu_read_unlock(); ---- a/net/ipv6/ip6_offload.c -+++ b/net/ipv6/ip6_offload.c -@@ -243,7 +243,7 @@ static struct sk_buff **ipv6_gro_receive - - skb_gro_postpull_rcsum(skb, iph, nlen); - -- pp = ops->callbacks.gro_receive(head, skb); -+ pp = call_gro_receive(ops->callbacks.gro_receive, head, skb); - - out_unlock: - rcu_read_unlock(); diff --git a/debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch b/debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch deleted file mode 100644 index 8b2ac7fc8..000000000 --- a/debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Liping Zhang <liping.zhang@spreadtrum.com> -Date: Tue, 11 Oct 2016 21:03:45 +0800 -Subject: netfilter: xt_NFLOG: fix unexpected truncated packet -Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6d19375b58763fefc2f215fb45117d3353ced888 -Bug-Debian: https://bugs.debian.org/841261 - -Justin and Chris spotted that iptables NFLOG target was broken when they -upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or -"results in segfaults in ulogd-2.0.5". - -Because "struct nf_loginfo li;" is a local variable, and flags will be -filled with garbage value, not inited to zero. So if it contains 0x1, -packets will not be logged to the userspace anymore. - -Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets") -Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com> -Reported-by: Chris Caputo <ccaputo@alt.net> -Tested-by: Chris Caputo <ccaputo@alt.net> -Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - net/netfilter/xt_NFLOG.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c -index 018eed7e1ff1..8668a5c18dc3 100644 ---- a/net/netfilter/xt_NFLOG.c -+++ b/net/netfilter/xt_NFLOG.c -@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par) - li.u.ulog.copy_len = info->len; - li.u.ulog.group = info->group; - li.u.ulog.qthreshold = info->threshold; -+ li.u.ulog.flags = 0; - - if (info->flags & XT_NFLOG_F_COPY_LEN) - li.u.ulog.flags |= NF_LOG_F_COPY_LEN; diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch index a98f76c75..f59d00b7d 100644 --- a/debian/patches/debian/kernelvariables.patch +++ b/debian/patches/debian/kernelvariables.patch @@ -58,7 +58,7 @@ use of $(ARCH) needs to be moved after this. export KCONFIG_CONFIG @@ -373,6 +337,44 @@ LDFLAGS_vmlinux = - CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im + CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) +-include $(obj)/.kernelvariables diff --git a/debian/patches/series b/debian/patches/series index 97e6738df..a15bfa2d8 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -62,7 +62,6 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch bugfix/all/ext4-fix-bug-838544.patch bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch -bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch bugfix/all/kbuild-add-fno-pie.patch bugfix/x86/scripts-has-stack-protector-add-fno-pie.patch bugfix/x86/x86-kexec-add-fno-pie.patch @@ -96,7 +95,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa # Security fixes bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/all/net-add-recursion-limit-to-gro.patch # ABI maintenance |