Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2022-11-02 15:45:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Wed Nov 2 15:45:29 2022 rev:664 rq:1032782 version:6.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2022-10-28 19:29:34.822646388 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new.2275/dtb-aarch64.changes 2022-11-02 15:45:30.879207822 +0100 @@ -1,0 +2,204 @@ +Wed Nov 2 08:02:44 CET 2022 - jsl...@suse.cz + +- char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops + (bsc#1204922 CVE-2022-44033). +- commit aaed0f2 + +------------------------------------------------------------------- +Wed Nov 2 07:27:16 CET 2022 - ti...@suse.de + +- ring-buffer: Check for NULL cpu_buffer in + ring_buffer_wake_waiters() (bsc#1204705). +- commit 57f1f7d + +------------------------------------------------------------------- +Tue Nov 1 09:21:53 CET 2022 - jsl...@suse.cz + +- Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch. + Update upstream status. +- commit 30b9c27 + +------------------------------------------------------------------- +Tue Nov 1 08:50:08 CET 2022 - jsl...@suse.cz + +- char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops + (bsc#1204901 CVE-2022-44034). +- char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops + (bsc#1204894 CVE-2022-44032). +- commit 7d0ff8d + +------------------------------------------------------------------- +Tue Nov 1 08:48:59 CET 2022 - jsl...@suse.cz + +- Refresh + patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch. +- Refresh + patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch. +- Refresh + patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch. + Update upstream status. +- commit eaa1897 + +------------------------------------------------------------------- +Sun Oct 30 08:55:59 CET 2022 - jsl...@suse.cz + +- Linux 6.0.6 (bsc#1012628). +- mm: /proc/pid/smaps_rollup: fix no vma's null-deref + (bsc#1012628). +- ACPI: video: Force backlight native for more TongFang devices + (bsc#1012628). +- ext4: fix potential out of bound read in ext4_fc_replay_scan() + (bsc#1012628). +- ext4: factor out ext4_fc_get_tl() (bsc#1012628). +- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1012628). +- io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL + (bsc#1012628). +- wifi: mt76: mt7921e: fix random fw download fail (bsc#1012628). +- iommu/vt-d: Clean up si_domain in the init_dmars() error path + (bsc#1012628). +- iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() + (bsc#1012628). +- rv/dot2c: Make automaton definition static (bsc#1012628). +- drbd: only clone bio if we have a backing device (bsc#1012628). +- net: phy: dp83822: disable MDI crossover status change interrupt + (bsc#1012628). +- net: sched: fix race condition in qdisc_graft() (bsc#1012628). +- net: hns: fix possible memory leak in hnae_ae_register() + (bsc#1012628). +- wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() + (bsc#1012628). +- sfc: include vport_id in filter spec hash and equal() + (bsc#1012628). +- io_uring/msg_ring: Fix NULL pointer dereference in + io_msg_send_fd() (bsc#1012628). +- net: Fix return value of qdisc ingress handling on success + (bsc#1012628). +- net: sched: sfb: fix null pointer access issue when sfb_init() + fails (bsc#1012628). +- net: sched: delete duplicate cleanup of backlog and qlen + (bsc#1012628). +- net: sched: cake: fix null pointer access issue when cake_init() + fails (bsc#1012628). +- nvmet: fix workqueue MEM_RECLAIM flushing dependency + (bsc#1012628). +- nvme-hwmon: kmalloc the NVME SMART log buffer (bsc#1012628). +- nvme-hwmon: consistently ignore errors from nvme_hwmon_init + (bsc#1012628). +- netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags + requirements (bsc#1012628). +- netfilter: rpfilter/fib: Set ->flowic_uid correctly for user + namespaces (bsc#1012628). +- netfilter: rpfilter/fib: Populate flowic_l3mdev field + (bsc#1012628). +- ionic: catch NULL pointer issue on reconfig (bsc#1012628). +- net: hsr: avoid possible NULL deref in skb_clone() + (bsc#1012628). +- bnxt_en: fix memory leak in bnxt_nvm_test() (bsc#1012628). +- drm/amd/display: Increase frame size limit for + display_mode_vba_util_32.o (bsc#1012628). +- dm: remove unnecessary assignment statement in alloc_dev() + (bsc#1012628). +- cifs: Fix memory leak when build ntlmssp negotiate blob failed + (bsc#1012628). +- cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1012628). +- cifs: Fix xid leak in cifs_flock() (bsc#1012628). +- cifs: Fix xid leak in cifs_copy_file_range() (bsc#1012628). +- cifs: Fix xid leak in cifs_create() (bsc#1012628). +- ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() + failed (bsc#1012628). +- udp: Update reuse->has_conns under reuseport_lock (bsc#1012628). +- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1012628). +- net: ethernet: mtk_eth_wed: add missing of_node_put() + (bsc#1012628). +- net: ethernet: mtk_eth_wed: add missing put_device() in + mtk_wed_add_hw() (bsc#1012628). +- net: ethernet: mtk_eth_soc: fix possible memory leak in + mtk_probe() (bsc#1012628). +- io_uring/rw: remove leftover debug statement (bsc#1012628). +- blk-mq: fix null pointer dereference in + blk_mq_clear_rq_mapping() (bsc#1012628). +- erofs: shouldn't churn the mapping page for duplicated copies + (bsc#1012628). +- skmsg: pass gfp argument to alloc_sk_msg() (bsc#1012628). +- net: stmmac: Enable mac_managed_pm phylink config (bsc#1012628). +- net: phylink: add mac_managed_pm in phylink_config structure + (bsc#1012628). +- net/smc: Fix an error code in smc_lgr_create() (bsc#1012628). +- net: phy: dp83867: Extend RX strap quirk for SGMII mode + (bsc#1012628). +- net/atm: fix proc_mpc_write incorrect return value + (bsc#1012628). +- sfc: Change VF mac via PF as first preference if available + (bsc#1012628). +- HID: magicmouse: Do not set BTN_MOUSE on double report + (bsc#1012628). +- tls: strp: make sure the TCP skbs do not have overlapping data + (bsc#1012628). +- i40e: Fix DMA mappings leak (bsc#1012628). +- net: dsa: qca8k: fix ethtool autocast mib for big-endian systems + (bsc#1012628). +- net: dsa: qca8k: fix inband mgmt for big-endian systems + (bsc#1012628). +- tipc: fix an information leak in tipc_topsrv_kern_subscr + (bsc#1012628). +- tipc: Fix recognition of trial period (bsc#1012628). +- ACPI: extlog: Handle multiple records (bsc#1012628). +- drm/vc4: hdmi: Enforce the minimum rate at runtime_resume + (bsc#1012628). +- drm/vc4: Add module dependency on hdmi-codec (bsc#1012628). +- btrfs: fix processing of delayed tree block refs during backref + walking (bsc#1012628). +- btrfs: fix processing of delayed data refs during backref + walking (bsc#1012628). +- dm bufio: use the acquire memory barrier when testing for + B_READING (bsc#1012628). +- platform/x86/amd: pmc: Read SMU version during suspend on + Cezanne systems (bsc#1012628). +- x86/topology: Fix duplicated core ID within a package + (bsc#1012628). +- x86/topology: Fix multiple packages shown on a single-package + system (bsc#1012628). +- x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB + (bsc#1012628). +- media: venus: Fix NV12 decoder buffer discovery on + HFI_VERSION_1XX (bsc#1012628). +- media: venus: dec: Handle the case where find_format fails + (bsc#1012628). +- media: mceusb: set timeout to at least timeout provided + (bsc#1012628). +- media: ipu3-imgu: Fix NULL pointer dereference in active + selection access (bsc#1012628). +- KVM: arm64: vgic: Fix exit condition in scan_its_table() + (bsc#1012628). +- KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER + (bsc#1012628). +- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() + (bsc#1012628). +- kvm: Add support for arch compat vm ioctls (bsc#1012628). +- mm,hugetlb: take hugetlb_lock before decrementing + h->resv_huge_pages (bsc#1012628). +- drm/amdgpu: fix sdma doorbell init ordering on APUs + (bsc#1012628). +- cpufreq: qcom: fix memory leak in error path (bsc#1012628). +- x86/resctrl: Fix min_cbm_bits for AMD (bsc#1012628). +- ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS + (bsc#1012628). +- ata: ahci-imx: Fix MODULE_ALIAS (bsc#1012628). +- hwmon/coretemp: Handle large core ID value (bsc#1012628). +- x86/microcode/AMD: Apply the patch early on every logical thread + (bsc#1012628). +- cpufreq: tegra194: Fix module loading (bsc#1012628). +- i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter + (bsc#1012628). +- cpufreq: qcom: fix writes in read-only memory region + (bsc#1012628). +- selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in + convert_context() (bsc#1012628). +- smb3: interface count displayed incorrectly (bsc#1012628). ++++ 7 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new.2275/dtb-aarch64.changes dtb-armv6l.changes: same change dtb-armv7l.changes: same change dtb-riscv64.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-kvmsmall.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.523231263 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.527231283 +0100 @@ -17,7 +17,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-aarch64 -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change dtb-riscv64.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.695232131 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.699232151 +0100 @@ -18,7 +18,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -110,9 +110,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0-only Group: System/Kernel -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -239,10 +239,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 -Provides: kernel-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: kernel-%build_flavor-base-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 +Provides: kernel-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 # END COMMON DEPS -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.743232373 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.751232413 +0100 @@ -18,7 +18,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -110,9 +110,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0-only Group: System/Kernel -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -239,10 +239,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 -Provides: kernel-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: kernel-%build_flavor-base-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 +Provides: kernel-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 # END COMMON DEPS -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 %ifarch ppc64 Provides: kernel-kdump = 2.6.28 Obsoletes: kernel-kdump <= 2.6.28 ++++++ kernel-default.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.779232555 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.791232616 +0100 @@ -18,7 +18,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -110,9 +110,9 @@ Summary: The Standard Kernel License: GPL-2.0-only Group: System/Kernel -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -239,10 +239,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 -Provides: kernel-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: kernel-%build_flavor-base-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 +Provides: kernel-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 # END COMMON DEPS -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 %ifarch %ix86 Provides: kernel-smp = 2.6.17 Obsoletes: kernel-smp <= 2.6.17 ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.819232756 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.823232777 +0100 @@ -17,7 +17,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0-only Group: Documentation/Man -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -67,7 +67,7 @@ %endif URL: https://www.kernel.org/ Provides: %name = %version-%source_rel -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz ++++++ kernel-kvmsmall.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.851232918 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.855232938 +0100 @@ -18,7 +18,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -110,9 +110,9 @@ Summary: The Small Developer Kernel for KVM License: GPL-2.0-only Group: System/Kernel -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -239,10 +239,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 -Provides: kernel-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: kernel-%build_flavor-base-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 +Provides: kernel-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 # END COMMON DEPS -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.907233201 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.915233242 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 @@ -45,7 +45,7 @@ %endif %endif %endif -BuildRequires: kernel%kernel_flavor-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +BuildRequires: kernel%kernel_flavor-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 %if 0%{?rhel_version} BuildRequires: kernel @@ -64,9 +64,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0-only Group: SLES -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.943233383 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.947233403 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0-only Group: SLES -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:35.979233565 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:35.983233584 +0100 @@ -18,7 +18,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -110,9 +110,9 @@ Summary: Kernel with PAE Support License: GPL-2.0-only Group: System/Kernel -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -239,10 +239,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 -Provides: kernel-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: kernel-%build_flavor-base-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 +Provides: kernel-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 # END COMMON DEPS -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 %ifarch %ix86 Provides: kernel-bigsmp = 2.6.17 Obsoletes: kernel-bigsmp <= 2.6.17 ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:36.011233726 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:36.019233766 +0100 @@ -17,7 +17,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 @@ -31,9 +31,9 @@ %endif Name: kernel-source -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -50,7 +50,7 @@ BuildRequires: sed Requires(post): coreutils sed Provides: %name = %version-%source_rel -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 Provides: linux Provides: multiversion(kernel) Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:36.055233948 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:36.059233968 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0-only Group: Development/Sources -Version: 6.0.5 +Version: 6.0.6 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -52,7 +52,7 @@ %endif Requires: pesign-obs-integration Provides: %name = %version-%source_rel -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 Provides: multiversion(kernel) Source: README.KSYMS Requires: kernel-devel%variant = %version-%source_rel ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:36.087234109 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:36.099234170 +0100 @@ -18,7 +18,7 @@ %define srcversion 6.0 -%define patchversion 6.0.5 +%define patchversion 6.0.6 %define variant %{nil} %define vanilla_only 0 %define compress_modules zstd @@ -110,9 +110,9 @@ Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0-only Group: System/Kernel -Version: 6.0.5 +Version: 6.0.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7359656 +Release: <RELEASE>.gaaed0f2 %else Release: 0 %endif @@ -239,10 +239,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 -Provides: kernel-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: kernel-%build_flavor-base-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 +Provides: kernel-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 # END COMMON DEPS -Provides: %name-srchash-7359656e16c5fb0cf358bc75890037b4d7164011 +Provides: %name-srchash-aaed0f2da007a52820ad40a53a49064ca0772776 %obsolete_rebuilds %name Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%srcversion.tar.xz Source3: kernel-source.rpmlintrc kernel-zfcpdump.spec: same change ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/pae new/config/i386/pae --- old/config/i386/pae 2022-10-26 12:13:38.000000000 +0200 +++ new/config/i386/pae 2022-10-26 12:13:38.000000000 +0200 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 6.0.5 Kernel Configuration +# Linux/i386 6.0.2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (scripts/dummy-tools/gcc)" CONFIG_CC_IS_GCC=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/default new/config/ppc64/default --- old/config/ppc64/default 2022-10-26 12:13:38.000000000 +0200 +++ new/config/ppc64/default 2022-10-26 12:13:38.000000000 +0200 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 6.0.5 Kernel Configuration +# Linux/powerpc 6.0.2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (scripts/dummy-tools/gcc)" CONFIG_CC_IS_GCC=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/default new/config/ppc64le/default --- old/config/ppc64le/default 2022-10-26 12:13:38.000000000 +0200 +++ new/config/ppc64le/default 2022-10-26 12:13:38.000000000 +0200 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 6.0.5 Kernel Configuration +# Linux/powerpc 6.0.2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (scripts/dummy-tools/gcc)" CONFIG_CC_IS_GCC=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/default new/config/x86_64/default --- old/config/x86_64/default 2022-10-26 12:13:38.000000000 +0200 +++ new/config/x86_64/default 2022-10-26 12:13:38.000000000 +0200 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 6.0.5 Kernel Configuration +# Linux/x86_64 6.0.2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (scripts/dummy-tools/gcc)" CONFIG_CC_IS_GCC=y ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 8762 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch new/patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch --- old/patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch 2022-10-27 07:14:33.000000000 +0200 +++ new/patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch 2022-11-02 08:02:44.000000000 +0100 @@ -1,9 +1,8 @@ From: "Jiri Slaby (SUSE)" <jsl...@suse.cz> Date: Tue, 4 Oct 2022 12:33:40 +0200 Subject: ACPI: resource: do IRQ override on LENOVO IdeaPad -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git#bleeding-edge Git-commit: bfcdf58380b1d9be564a78a9370da722ed1a9965 -Patch-mainline: Queued in subsystem maintainer repository +Patch-mainline: v6.1-rc2 References: bsc#1203794 LENOVO IdeaPad Flex 5 is ryzen-5 based and the commit below removed IRQ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch new/patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch --- old/patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch 2022-10-27 07:14:33.000000000 +0200 +++ new/patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch 2022-11-02 08:02:44.000000000 +0100 @@ -3,8 +3,7 @@ Date: Sat, 22 Oct 2022 09:21:07 +0200 Subject: [PATCH] ALSA: hda/realtek: Add another HP ZBook G9 model quirks Git-commit: f86bfeb689f2c4ebe12782ef0578ef778fb1a050 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -Patch-mainline: Queued in subsystem maintainer repository +Patch-mainline: v6.1-rc3 References: bsc#1203699 HP ZBook Firefly 16 G9 (103c:896d) and HP ZBook Power 15.6 G9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch new/patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch --- old/patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch 2022-10-27 07:14:33.000000000 +0200 +++ new/patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch 2022-11-02 08:02:44.000000000 +0100 @@ -3,8 +3,7 @@ Date: Tue, 18 Oct 2022 13:15:06 +0100 Subject: [PATCH] ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 Git-commit: 491a4ccd8a0258392900c80c6b2b622c7115fc23 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -Patch-mainline: Queued in subsystem maintainer repository +Patch-mainline: v6.1-rc3 References: bsc#1203922 This Asus Zenbook laptop use Realtek HDA codec combined with diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/char-pcmcia-cm4000_cs-Fix-use-after-free-in-cm4000_f.patch new/patches.suse/char-pcmcia-cm4000_cs-Fix-use-after-free-in-cm4000_f.patch --- old/patches.suse/char-pcmcia-cm4000_cs-Fix-use-after-free-in-cm4000_f.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/char-pcmcia-cm4000_cs-Fix-use-after-free-in-cm4000_f.patch 2022-11-02 08:02:44.000000000 +0100 @@ -0,0 +1,147 @@ +From: Hyunwoo Kim <imv4...@gmail.com> +Date: Sun, 18 Sep 2022 21:07:01 -0700 +Subject: char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops +Patch-mainline: Submitted, 20220919040701.GA302806@ubuntu +References: bsc#1204894 CVE-2022-44032 + +A race condition may occur if the user physically removes the pcmcia +device while calling open() for this char device node. + +This is a race condition between the cmm_open() function and the +cm4000_detach() function, which may eventually result in UAF. + +So, add a refcount check to cm4000_detach() to free the "dev" structure +after the char device node is close()d. + +Signed-off-by: Hyunwoo Kim <imv4...@gmail.com> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/char/pcmcia/cm4000_cs.c | 58 ++++++++++++++++++++++++++++------------ + 1 file changed, 41 insertions(+), 17 deletions(-) + +--- a/drivers/char/pcmcia/cm4000_cs.c ++++ b/drivers/char/pcmcia/cm4000_cs.c +@@ -55,6 +55,7 @@ + } while (0) + + static DEFINE_MUTEX(cmm_mutex); ++static DEFINE_MUTEX(remove_mutex); + + #define T_1SEC (HZ) + #define T_10MSEC msecs_to_jiffies(10) +@@ -103,7 +104,8 @@ static int major; /* major number we ge + #define REG_STOPBITS(x) (x + 7) + + struct cm4000_dev { +- struct pcmcia_device *p_dev; ++ struct pcmcia_device *p_dev; ++ struct kref refcnt; + + unsigned char atr[MAX_ATR]; + unsigned char rbuf[512]; +@@ -146,6 +148,9 @@ struct cm4000_dev { + + #define ZERO_DEV(dev) memset(&((dev)->init), 0, sizeof((dev)->init)) + ++static void stop_monitor(struct cm4000_dev *dev); ++static void cm4000_delete(struct kref *kref); ++ + static struct pcmcia_device *dev_table[CM4000_MAX_DEV]; + static struct class *cmm_class; + +@@ -416,6 +421,30 @@ static struct card_fixup card_fixups[] = + }, + }; + ++ ++static void cm4000_delete(struct kref *kref) ++{ ++ struct cm4000_dev *dev = container_of(kref, struct cm4000_dev, refcnt); ++ struct pcmcia_device *link = dev->p_dev; ++ int devno; ++ ++ /* find device */ ++ for (devno = 0; devno < CM4000_MAX_DEV; devno++) ++ if (dev_table[devno] == link) ++ break; ++ if (devno == CM4000_MAX_DEV) ++ return; ++ ++ stop_monitor(dev); ++ ++ cm4000_release(link); ++ ++ dev_table[devno] = NULL; ++ kfree(dev); ++ ++ device_destroy(cmm_class, MKDEV(major, devno)); ++} ++ + static void set_cardparameter(struct cm4000_dev *dev) + { + int i; +@@ -1629,6 +1658,7 @@ static int cmm_open(struct inode *inode, + if (minor >= CM4000_MAX_DEV) + return -ENODEV; + ++ mutex_lock(&remove_mutex); + mutex_lock(&cmm_mutex); + link = dev_table[minor]; + if (link == NULL || !pcmcia_dev_present(link)) { +@@ -1673,8 +1703,12 @@ static int cmm_open(struct inode *inode, + + DEBUGP(2, dev, "<- cmm_open\n"); + ret = stream_open(inode, filp); ++ ++ kref_get(&dev->refcnt); + out: + mutex_unlock(&cmm_mutex); ++ mutex_unlock(&remove_mutex); ++ + return ret; + } + +@@ -1703,6 +1737,8 @@ static int cmm_close(struct inode *inode + link->open = 0; /* only one open per device */ + wake_up(&dev->devq); /* socket removed? */ + ++ kref_put(&dev->refcnt, cm4000_delete); ++ + DEBUGP(2, dev, "cmm_close\n"); + return 0; + } +@@ -1808,6 +1844,7 @@ static int cm4000_probe(struct pcmcia_de + init_waitqueue_head(&dev->ioq); + init_waitqueue_head(&dev->atrq); + init_waitqueue_head(&dev->readq); ++ kref_init(&dev->refcnt); + + ret = cm4000_config(link, i); + if (ret) { +@@ -1824,23 +1861,10 @@ static int cm4000_probe(struct pcmcia_de + static void cm4000_detach(struct pcmcia_device *link) + { + struct cm4000_dev *dev = link->priv; +- int devno; +- +- /* find device */ +- for (devno = 0; devno < CM4000_MAX_DEV; devno++) +- if (dev_table[devno] == link) +- break; +- if (devno == CM4000_MAX_DEV) +- return; +- +- stop_monitor(dev); +- +- cm4000_release(link); + +- dev_table[devno] = NULL; +- kfree(dev); +- +- device_destroy(cmm_class, MKDEV(major, devno)); ++ mutex_lock(&remove_mutex); ++ kref_put(&dev->refcnt, cm4000_delete); ++ mutex_unlock(&remove_mutex); + + return; + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/char-pcmcia-cm4040_cs-Fix-use-after-free-in-reader_f.patch new/patches.suse/char-pcmcia-cm4040_cs-Fix-use-after-free-in-reader_f.patch --- old/patches.suse/char-pcmcia-cm4040_cs-Fix-use-after-free-in-reader_f.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/char-pcmcia-cm4040_cs-Fix-use-after-free-in-reader_f.patch 2022-11-02 08:02:44.000000000 +0100 @@ -0,0 +1,132 @@ +From: Hyunwoo Kim <imv4...@gmail.com> +Date: Sun, 18 Sep 2022 21:04:57 -0700 +Subject: char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops +Patch-mainline: Submitted, 20220919040457.GA302681@ubuntu +References: bsc#1204922 CVE-2022-44033 + +A race condition may occur if the user physically removes the pcmcia +device while calling open() for this char device node. + +This is a race condition between the cm4040_open() function and the +reader_detach() function, which may eventually result in UAF. + +So, add a refcount check to reader_detach() to free the "dev" structure +after the char device node is close()d. + +Signed-off-by: Hyunwoo Kim <imv4...@gmail.com> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/char/pcmcia/cm4040_cs.c | 50 ++++++++++++++++++++++++++++------------ + 1 file changed, 35 insertions(+), 15 deletions(-) + +--- a/drivers/char/pcmcia/cm4040_cs.c ++++ b/drivers/char/pcmcia/cm4040_cs.c +@@ -59,6 +59,7 @@ static DEFINE_MUTEX(cm4040_mutex); + /* how often to poll for fifo status change */ + #define POLL_PERIOD msecs_to_jiffies(10) + ++static void cm4040_delete(struct kref *kref); + static void reader_release(struct pcmcia_device *link); + + static int major; +@@ -73,6 +74,7 @@ struct reader_dev { + wait_queue_head_t poll_wait; + wait_queue_head_t read_wait; + wait_queue_head_t write_wait; ++ struct kref refcnt; + unsigned long buffer_status; + unsigned long timeout; + unsigned char s_buf[READ_WRITE_BUFFER_SIZE]; +@@ -102,6 +104,28 @@ static inline unsigned char xinb(unsigne + } + #endif + ++static void cm4040_delete(struct kref *kref) ++{ ++ struct reader_dev *dev = container_of(kref, struct reader_dev, refcnt); ++ struct pcmcia_device *link = dev->p_dev; ++ int devno; ++ ++ /* find device */ ++ for (devno = 0; devno < CM_MAX_DEV; devno++) { ++ if (dev_table[devno] == link) ++ break; ++ } ++ if (devno == CM_MAX_DEV) ++ return; ++ ++ reader_release(link); ++ ++ dev_table[devno] = NULL; ++ kfree(dev); ++ ++ device_destroy(cmx_class, MKDEV(major, devno)); ++} ++ + /* poll the device fifo status register. not to be confused with + * the poll syscall. */ + static void cm4040_do_poll(struct timer_list *t) +@@ -442,6 +466,7 @@ static int cm4040_open(struct inode *ino + return -ENODEV; + + mutex_lock(&cm4040_mutex); ++ + link = dev_table[minor]; + if (link == NULL || !pcmcia_dev_present(link)) { + ret = -ENODEV; +@@ -468,8 +493,11 @@ static int cm4040_open(struct inode *ino + + DEBUGP(2, dev, "<- cm4040_open (successfully)\n"); + ret = nonseekable_open(inode, filp); ++ ++ kref_get(&dev->refcnt); + out: + mutex_unlock(&cm4040_mutex); ++ + return ret; + } + +@@ -495,6 +523,9 @@ static int cm4040_close(struct inode *in + wake_up(&dev->devq); + + DEBUGP(2, dev, "<- cm4040_close\n"); ++ ++ kref_put(&dev->refcnt, cm4040_delete); ++ + return 0; + } + +@@ -584,6 +615,7 @@ static int reader_probe(struct pcmcia_de + init_waitqueue_head(&dev->read_wait); + init_waitqueue_head(&dev->write_wait); + timer_setup(&dev->poll_timer, cm4040_do_poll, 0); ++ kref_init(&dev->refcnt); + + ret = reader_config(link, i); + if (ret) { +@@ -600,22 +632,10 @@ static int reader_probe(struct pcmcia_de + static void reader_detach(struct pcmcia_device *link) + { + struct reader_dev *dev = link->priv; +- int devno; +- +- /* find device */ +- for (devno = 0; devno < CM_MAX_DEV; devno++) { +- if (dev_table[devno] == link) +- break; +- } +- if (devno == CM_MAX_DEV) +- return; +- +- reader_release(link); +- +- dev_table[devno] = NULL; +- kfree(dev); + +- device_destroy(cmx_class, MKDEV(major, devno)); ++ mutex_lock(&cm4040_mutex); ++ kref_put(&dev->refcnt, cm4040_delete); ++ mutex_unlock(&cm4040_mutex); + + return; + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/char-pcmcia-scr24x_cs-Fix-use-after-free-in-scr24x_f.patch new/patches.suse/char-pcmcia-scr24x_cs-Fix-use-after-free-in-scr24x_f.patch --- old/patches.suse/char-pcmcia-scr24x_cs-Fix-use-after-free-in-scr24x_f.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/char-pcmcia-scr24x_cs-Fix-use-after-free-in-scr24x_f.patch 2022-11-02 08:02:44.000000000 +0100 @@ -0,0 +1,161 @@ +From: Hyunwoo Kim <imv4...@gmail.com> +Date: Mon, 19 Sep 2022 03:18:25 -0700 +Subject: char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops +Patch-mainline: Submitted, 20220919101825.GA313940@ubuntu +References: bsc#1204901 CVE-2022-44034 + +A race condition may occur if the user physically removes the +pcmcia device while calling open() for this char device node. + +This is a race condition between the scr24x_open() function and +the scr24x_remove() function, which may eventually result in UAF. + +So, add a mutex to the scr24x_open() and scr24x_remove() functions +to avoid race contidion of krefs. + +Signed-off-by: Hyunwoo Kim <imv4...@gmail.com> +Reported-by: kernel test robot <l...@intel.com> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/char/pcmcia/scr24x_cs.c | 73 ++++++++++++++++++++++++++++------------ + 1 file changed, 52 insertions(+), 21 deletions(-) + +--- a/drivers/char/pcmcia/scr24x_cs.c ++++ b/drivers/char/pcmcia/scr24x_cs.c +@@ -33,6 +33,7 @@ + + struct scr24x_dev { + struct device *dev; ++ struct pcmcia_device *p_dev; + struct cdev c_dev; + unsigned char buf[CCID_MAX_LEN]; + int devno; +@@ -42,15 +43,31 @@ struct scr24x_dev { + }; + + #define SCR24X_DEVS 8 +-static DECLARE_BITMAP(scr24x_minors, SCR24X_DEVS); ++static struct pcmcia_device *dev_table[SCR24X_DEVS]; ++static DEFINE_MUTEX(remove_mutex); + + static struct class *scr24x_class; + static dev_t scr24x_devt; + + static void scr24x_delete(struct kref *kref) + { +- struct scr24x_dev *dev = container_of(kref, struct scr24x_dev, +- refcnt); ++ struct scr24x_dev *dev = container_of(kref, struct scr24x_dev, refcnt); ++ struct pcmcia_device *link = dev->p_dev; ++ int devno; ++ ++ for (devno = 0; devno < SCR24X_DEVS; devno++) { ++ if (dev_table[devno] == link) ++ break; ++ } ++ if (devno == SCR24X_DEVS) ++ return; ++ ++ device_destroy(scr24x_class, MKDEV(MAJOR(scr24x_devt), dev->devno)); ++ mutex_lock(&dev->lock); ++ pcmcia_disable_device(link); ++ cdev_del(&dev->c_dev); ++ dev->dev = NULL; ++ mutex_unlock(&dev->lock); + + kfree(dev); + } +@@ -73,11 +90,24 @@ static int scr24x_wait_ready(struct scr2 + + static int scr24x_open(struct inode *inode, struct file *filp) + { +- struct scr24x_dev *dev = container_of(inode->i_cdev, +- struct scr24x_dev, c_dev); ++ struct scr24x_dev *dev; ++ struct pcmcia_device *link; ++ int minor = iminor(inode); ++ ++ if (minor >= SCR24X_DEVS) ++ return -ENODEV; ++ ++ mutex_lock(&remove_mutex); ++ link = dev_table[minor]; ++ if (link == NULL) { ++ mutex_unlock(&remove_mutex); ++ return -ENODEV; ++ } + ++ dev = link->priv; + kref_get(&dev->refcnt); + filp->private_data = dev; ++ mutex_unlock(&remove_mutex); + + return stream_open(inode, filp); + } +@@ -232,24 +262,31 @@ static int scr24x_config_check(struct pc + static int scr24x_probe(struct pcmcia_device *link) + { + struct scr24x_dev *dev; +- int ret; ++ int i, ret; ++ ++ for (i = 0; i < SCR24X_DEVS; i++) { ++ if (dev_table[i] == NULL) ++ break; ++ } ++ ++ if (i == SCR24X_DEVS) ++ return -ENODEV; + + dev = kzalloc(sizeof(*dev), GFP_KERNEL); + if (!dev) + return -ENOMEM; + +- dev->devno = find_first_zero_bit(scr24x_minors, SCR24X_DEVS); +- if (dev->devno >= SCR24X_DEVS) { +- ret = -EBUSY; +- goto err; +- } ++ dev->devno = i; + + mutex_init(&dev->lock); + kref_init(&dev->refcnt); + + link->priv = dev; ++ dev->p_dev = link; + link->config_flags |= CONF_ENABLE_IRQ | CONF_AUTO_SET_IO; + ++ dev_table[i] = link; ++ + ret = pcmcia_loop_config(link, scr24x_config_check, NULL); + if (ret < 0) + goto err; +@@ -282,8 +319,8 @@ static int scr24x_probe(struct pcmcia_de + return 0; + + err: +- if (dev->devno < SCR24X_DEVS) +- clear_bit(dev->devno, scr24x_minors); ++ dev_table[i] = NULL; ++ + kfree (dev); + return ret; + } +@@ -292,15 +329,9 @@ static void scr24x_remove(struct pcmcia_ + { + struct scr24x_dev *dev = (struct scr24x_dev *)link->priv; + +- device_destroy(scr24x_class, MKDEV(MAJOR(scr24x_devt), dev->devno)); +- mutex_lock(&dev->lock); +- pcmcia_disable_device(link); +- cdev_del(&dev->c_dev); +- clear_bit(dev->devno, scr24x_minors); +- dev->dev = NULL; +- mutex_unlock(&dev->lock); +- ++ mutex_lock(&remove_mutex); + kref_put(&dev->refcnt, scr24x_delete); ++ mutex_unlock(&remove_mutex); + } + + static const struct pcmcia_device_id scr24x_ids[] = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch new/patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch --- old/patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch 2022-10-27 07:14:33.000000000 +0200 +++ new/patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch 2022-11-02 08:02:44.000000000 +0100 @@ -4,9 +4,8 @@ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Git-repo: https://gitlab.freedesktop.org/agd5f/linux#drm-next -Git-commit: df768a9770271b0d9faab25f42dfc7bdec87b21c -Patch-mainline: Queued in subsystem maintainer repository +Git-commit: 8273b4048664fff356fd10059033f0e2f5a422a1 +Patch-mainline: 6.1-rc2 References: bsc#1204160 A user reported a bug on CAPE VERDE system where uvd_v3_1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch new/patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch --- old/patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch 2022-11-02 08:02:44.000000000 +0100 @@ -0,0 +1,71 @@ +From: "Steven Rostedt (Google)" <rost...@goodmis.org> +Date: Tue, 1 Nov 2022 19:10:09 -0400 +Subject: [PATCH] ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() +Message-ID: <20221101191009.1e737...@rorschach.local.home> +Patch-mainline: Submitted, trace ML +References: bsc#1204705 + +On some machines the number of listed CPUs may be bigger than the actual +CPUs that exist. The tracing subsystem allocates a per_cpu directory with +access to the per CPU ring buffer via a cpuX file. But to save space, the +ring buffer will only allocate buffers for online CPUs, even though the +CPU array will be as big as the nr_cpu_ids. + +With the addition of waking waiters on the ring buffer when closing the +file, the ring_buffer_wake_waiters() now needs to make sure that the +buffer is allocated (with the irq_work allocated with it) before trying to +wake waiters, as it will cause a NULL pointer dereference. + +While debugging this, I added a NULL check for the buffer itself (which is +OK to do), and also NULL pointer checks against buffer->buffers (which is +not fine, and will WARN) as well as making sure the CPU number passed in +is within the nr_cpu_ids (which is also not fine if it isn't). + +Link: https://lore.kernel.org/all/87h6zklb6n.wl-ti...@suse.de/ +Link: https://lore.kernel.org/all/CAM6Wdxc0KRJMXVAA0Y=u6Jh2V=uwb-_fn6m4xrunppfxzl1...@mail.gmail.com/ + +Cc: sta...@vger.kernel.org +Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705 +Reported-by: Takashi Iwai <ti...@suse.de> +Reported-by: Roland Ruckerbauer <roland.ru...@gmail.com> +Fixes: f3ddb74ad079 ("tracing: Wake up ring buffer waiters on closing of the file") +Signed-off-by: Steven Rostedt (Google) <rost...@goodmis.org> +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + kernel/trace/ring_buffer.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 199759c73519..9712083832f4 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -937,6 +937,9 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu) + struct ring_buffer_per_cpu *cpu_buffer; + struct rb_irq_work *rbwork; + ++ if (!buffer) ++ return; ++ + if (cpu == RING_BUFFER_ALL_CPUS) { + + /* Wake up individual ones too. One level recursion */ +@@ -945,7 +948,15 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu) + + rbwork = &buffer->irq_work; + } else { ++ if (WARN_ON_ONCE(!buffer->buffers)) ++ return; ++ if (WARN_ON_ONCE(cpu >= nr_cpu_ids)) ++ return; ++ + cpu_buffer = buffer->buffers[cpu]; ++ /* The CPU buffer may not have been initialized yet */ ++ if (!cpu_buffer) ++ return; + rbwork = &cpu_buffer->irq_work; + } + +-- +2.35.3 + ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:38.099244266 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:38.103244286 +0100 @@ -956,6 +956,101 @@ patches.kernel.org/6.0.5-001-clk-tegra-Fix-Tegra-PWM-parent-clock.patch patches.kernel.org/6.0.5-002-Revert-btrfs-call-__btrfs_remove_free_space_cac.patch patches.kernel.org/6.0.5-003-Linux-6.0.5.patch + patches.kernel.org/6.0.6-001-video-aperture-Call-sysfb_disable-before-removi.patch + patches.kernel.org/6.0.6-002-ocfs2-clear-dinode-links-count-in-case-of-error.patch + patches.kernel.org/6.0.6-003-ocfs2-fix-BUG-when-iput-after-ocfs2_mknod-fails.patch + patches.kernel.org/6.0.6-004-smb3-interface-count-displayed-incorrectly.patch + patches.kernel.org/6.0.6-005-selinux-enable-use-of-both-GFP_KERNEL-and-GFP_A.patch + patches.kernel.org/6.0.6-006-cpufreq-qcom-fix-writes-in-read-only-memory-reg.patch + patches.kernel.org/6.0.6-007-i2c-qcom-cci-Fix-ordering-of-pm_runtime_xx-and-.patch + patches.kernel.org/6.0.6-008-cpufreq-tegra194-Fix-module-loading.patch + patches.kernel.org/6.0.6-009-x86-microcode-AMD-Apply-the-patch-early-on-ever.patch + patches.kernel.org/6.0.6-010-hwmon-coretemp-Handle-large-core-ID-value.patch + patches.kernel.org/6.0.6-011-ata-ahci-imx-Fix-MODULE_ALIAS.patch + patches.kernel.org/6.0.6-012-ata-ahci-Match-EM_MAX_SLOTS-with-SATA_PMP_MAX_P.patch + patches.kernel.org/6.0.6-013-x86-resctrl-Fix-min_cbm_bits-for-AMD.patch + patches.kernel.org/6.0.6-014-cpufreq-qcom-fix-memory-leak-in-error-path.patch + patches.kernel.org/6.0.6-015-drm-amdgpu-fix-sdma-doorbell-init-ordering-on-A.patch + patches.kernel.org/6.0.6-016-mm-hugetlb-take-hugetlb_lock-before-decrementin.patch + patches.kernel.org/6.0.6-017-kvm-Add-support-for-arch-compat-vm-ioctls.patch + patches.kernel.org/6.0.6-018-KVM-x86-Copy-filter-arg-outside-kvm_vm_ioctl_se.patch + patches.kernel.org/6.0.6-019-KVM-x86-Add-compat-handler-for-KVM_X86_SET_MSR_.patch + patches.kernel.org/6.0.6-020-KVM-arm64-vgic-Fix-exit-condition-in-scan_its_t.patch + patches.kernel.org/6.0.6-021-media-ipu3-imgu-Fix-NULL-pointer-dereference-in.patch + patches.kernel.org/6.0.6-022-media-mceusb-set-timeout-to-at-least-timeout-pr.patch + patches.kernel.org/6.0.6-023-media-venus-dec-Handle-the-case-where-find_form.patch + patches.kernel.org/6.0.6-024-media-venus-Fix-NV12-decoder-buffer-discovery-o.patch + patches.kernel.org/6.0.6-025-x86-Kconfig-Drop-check-for-mabi-ms-for-CONFIG_E.patch + patches.kernel.org/6.0.6-026-x86-topology-Fix-multiple-packages-shown-on-a-s.patch + patches.kernel.org/6.0.6-027-x86-topology-Fix-duplicated-core-ID-within-a-pa.patch + patches.kernel.org/6.0.6-028-platform-x86-amd-pmc-Read-SMU-version-during-su.patch + patches.kernel.org/6.0.6-029-dm-bufio-use-the-acquire-memory-barrier-when-te.patch + patches.kernel.org/6.0.6-030-btrfs-fix-processing-of-delayed-data-refs-durin.patch + patches.kernel.org/6.0.6-031-btrfs-fix-processing-of-delayed-tree-block-refs.patch + patches.kernel.org/6.0.6-032-drm-vc4-Add-module-dependency-on-hdmi-codec.patch + patches.kernel.org/6.0.6-033-drm-vc4-hdmi-Enforce-the-minimum-rate-at-runtim.patch + patches.kernel.org/6.0.6-034-ACPI-extlog-Handle-multiple-records.patch + patches.kernel.org/6.0.6-035-tipc-Fix-recognition-of-trial-period.patch + patches.kernel.org/6.0.6-036-tipc-fix-an-information-leak-in-tipc_topsrv_ker.patch + patches.kernel.org/6.0.6-037-net-dsa-qca8k-fix-inband-mgmt-for-big-endian-sy.patch + patches.kernel.org/6.0.6-038-net-dsa-qca8k-fix-ethtool-autocast-mib-for-big-.patch + patches.kernel.org/6.0.6-039-i40e-Fix-DMA-mappings-leak.patch + patches.kernel.org/6.0.6-040-tls-strp-make-sure-the-TCP-skbs-do-not-have-ove.patch + patches.kernel.org/6.0.6-041-HID-magicmouse-Do-not-set-BTN_MOUSE-on-double-r.patch + patches.kernel.org/6.0.6-042-sfc-Change-VF-mac-via-PF-as-first-preference-if.patch + patches.kernel.org/6.0.6-043-net-atm-fix-proc_mpc_write-incorrect-return-val.patch + patches.kernel.org/6.0.6-044-net-phy-dp83867-Extend-RX-strap-quirk-for-SGMII.patch + patches.kernel.org/6.0.6-045-net-smc-Fix-an-error-code-in-smc_lgr_create.patch + patches.kernel.org/6.0.6-046-net-phylink-add-mac_managed_pm-in-phylink_confi.patch + patches.kernel.org/6.0.6-047-net-stmmac-Enable-mac_managed_pm-phylink-config.patch + patches.kernel.org/6.0.6-048-skmsg-pass-gfp-argument-to-alloc_sk_msg.patch + patches.kernel.org/6.0.6-049-erofs-shouldn-t-churn-the-mapping-page-for-dupl.patch + patches.kernel.org/6.0.6-050-blk-mq-fix-null-pointer-dereference-in-blk_mq_c.patch + patches.kernel.org/6.0.6-051-io_uring-rw-remove-leftover-debug-statement.patch + patches.kernel.org/6.0.6-052-net-ethernet-mtk_eth_soc-fix-possible-memory-le.patch + patches.kernel.org/6.0.6-053-net-ethernet-mtk_eth_wed-add-missing-put_device.patch + patches.kernel.org/6.0.6-054-net-ethernet-mtk_eth_wed-add-missing-of_node_pu.patch + patches.kernel.org/6.0.6-055-scsi-lpfc-Fix-memory-leak-in-lpfc_create_port.patch + patches.kernel.org/6.0.6-056-udp-Update-reuse-has_conns-under-reuseport_lock.patch + patches.kernel.org/6.0.6-057-ip6mr-fix-UAF-issue-in-ip6mr_sk_done-when-addrc.patch + patches.kernel.org/6.0.6-058-cifs-Fix-xid-leak-in-cifs_create.patch + patches.kernel.org/6.0.6-059-cifs-Fix-xid-leak-in-cifs_copy_file_range.patch + patches.kernel.org/6.0.6-060-cifs-Fix-xid-leak-in-cifs_flock.patch + patches.kernel.org/6.0.6-061-cifs-Fix-xid-leak-in-cifs_ses_add_channel.patch + patches.kernel.org/6.0.6-062-cifs-Fix-memory-leak-when-build-ntlmssp-negotia.patch + patches.kernel.org/6.0.6-063-dm-remove-unnecessary-assignment-statement-in-a.patch + patches.kernel.org/6.0.6-064-drm-amd-display-Increase-frame-size-limit-for-d.patch + patches.kernel.org/6.0.6-065-bnxt_en-fix-memory-leak-in-bnxt_nvm_test.patch + patches.kernel.org/6.0.6-066-net-hsr-avoid-possible-NULL-deref-in-skb_clone.patch + patches.kernel.org/6.0.6-067-ionic-catch-NULL-pointer-issue-on-reconfig.patch + patches.kernel.org/6.0.6-068-netfilter-rpfilter-fib-Populate-flowic_l3mdev-f.patch + patches.kernel.org/6.0.6-069-netfilter-rpfilter-fib-Set-flowic_uid-correctly.patch + patches.kernel.org/6.0.6-070-netfilter-nf_tables-relax-NFTA_SET_ELEM_KEY_END.patch + patches.kernel.org/6.0.6-071-nvme-hwmon-consistently-ignore-errors-from-nvme.patch + patches.kernel.org/6.0.6-072-nvme-hwmon-kmalloc-the-NVME-SMART-log-buffer.patch + patches.kernel.org/6.0.6-073-nvmet-fix-workqueue-MEM_RECLAIM-flushing-depend.patch + patches.kernel.org/6.0.6-074-net-sched-cake-fix-null-pointer-access-issue-wh.patch + patches.kernel.org/6.0.6-075-net-sched-delete-duplicate-cleanup-of-backlog-a.patch + patches.kernel.org/6.0.6-076-net-sched-sfb-fix-null-pointer-access-issue-whe.patch + patches.kernel.org/6.0.6-077-net-Fix-return-value-of-qdisc-ingress-handling-.patch + patches.kernel.org/6.0.6-078-io_uring-msg_ring-Fix-NULL-pointer-dereference-.patch + patches.kernel.org/6.0.6-079-sfc-include-vport_id-in-filter-spec-hash-and-eq.patch + patches.kernel.org/6.0.6-080-wwan_hwsim-fix-possible-memory-leak-in-wwan_hws.patch + patches.kernel.org/6.0.6-081-net-hns-fix-possible-memory-leak-in-hnae_ae_reg.patch + patches.kernel.org/6.0.6-082-net-sched-fix-race-condition-in-qdisc_graft.patch + patches.kernel.org/6.0.6-083-net-phy-dp83822-disable-MDI-crossover-status-ch.patch + patches.kernel.org/6.0.6-084-drbd-only-clone-bio-if-we-have-a-backing-device.patch + patches.kernel.org/6.0.6-085-rv-dot2c-Make-automaton-definition-static.patch + patches.kernel.org/6.0.6-086-iommu-vt-d-Allow-NVS-regions-in-arch_rmrr_sanit.patch + patches.kernel.org/6.0.6-087-iommu-vt-d-Clean-up-si_domain-in-the-init_dmars.patch + patches.kernel.org/6.0.6-088-wifi-mt76-mt7921e-fix-random-fw-download-fail.patch + patches.kernel.org/6.0.6-089-io_uring-don-t-gate-task_work-run-on-TIF_NOTIFY.patch + patches.kernel.org/6.0.6-090-ext4-introduce-EXT4_FC_TAG_BASE_LEN-helper.patch + patches.kernel.org/6.0.6-091-ext4-factor-out-ext4_fc_get_tl.patch + patches.kernel.org/6.0.6-092-ext4-fix-potential-out-of-bound-read-in-ext4_fc.patch + patches.kernel.org/6.0.6-093-ACPI-video-Force-backlight-native-for-more-Tong.patch + patches.kernel.org/6.0.6-094-mm-proc-pid-smaps_rollup-fix-no-vma-s-null-dere.patch + patches.kernel.org/6.0.6-095-Linux-6.0.6.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -987,6 +1082,10 @@ patches.suse/ALSA-hda-realtek-More-robust-component-matching-for-.patch patches.suse/watchdog-wdat_wdt-fix-min-max-timer-value.patch patches.suse/drm-amdgpu-Fix-VRAM-BO-swap-issue.patch + patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch + patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch + patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch + patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch ######################################################## # end of sorted patches @@ -1005,10 +1104,11 @@ # to area specific sections below. ######################################################## patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch - patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch - patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch - patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch + patches.suse/char-pcmcia-cm4000_cs-Fix-use-after-free-in-cm4000_f.patch + patches.suse/char-pcmcia-cm4040_cs-Fix-use-after-free-in-reader_f.patch + patches.suse/char-pcmcia-scr24x_cs-Fix-use-after-free-in-scr24x_f.patch + patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch ######################################################## # kbuild/module infrastructure fixes @@ -1103,7 +1203,6 @@ ######################################################## patches.suse/drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch patches.suse/Add-parameter-to-disable-simple-framebuffer-devices.patch - patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch ######################################################## # Storage ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.W1hxFt/_old 2022-11-02 15:45:38.143244487 +0100 +++ /var/tmp/diff_new_pack.W1hxFt/_new 2022-11-02 15:45:38.147244508 +0100 @@ -1,4 +1,4 @@ -2022-10-27 05:14:41 +0000 -GIT Revision: 7359656e16c5fb0cf358bc75890037b4d7164011 +2022-11-02 07:02:44 +0000 +GIT Revision: aaed0f2da007a52820ad40a53a49064ca0772776 GIT Branch: stable