Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2016-07-30 00:25:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes 2016-07-24 19:43:37.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes 2016-07-30 00:25:50.000000000 +0200 @@ -1,0 +2,25 @@ +Mon Jul 25 09:22:34 CEST 2016 - mkube...@suse.cz + +- netfilter: x_tables: speed up jump target validation + (CVE-2016-4997 bsc#986362). +- commit 9105e0d + +------------------------------------------------------------------- +Mon Jul 25 01:28:04 CEST 2016 - je...@suse.com + +- Update to 4.7-final. +- commit 24f30d5 + +------------------------------------------------------------------- +Thu Jul 21 15:28:10 CEST 2016 - ag...@suse.de + +- Disable all ARMv8.1 and 8.2 features (bsc#981051) +- commit 684e9e1 + +------------------------------------------------------------------- +Thu Jul 21 14:38:47 CEST 2016 - je...@suse.com + +- config.conf: re-enable arm64/vanilla config +- commit 152f160 + +------------------------------------------------------------------- @@ -8,0 +34,7 @@ +Mon Jul 18 21:46:49 CEST 2016 - je...@suse.com + +- Update to 4.7-rc7. +- Eliminated 2 patches. +- commit f837062 + +------------------------------------------------------------------- @@ -13,0 +46,4 @@ +- config: armv7hl: Enable POWER_RESET_AS3722 for lpae + It's needed for the Jetson TK1 (boo#989450). +- config: armv7hl: Enable POWER_RESET_AS3722 for lpae + It's needed for the Jetson TK1. @@ -41 +77 @@ -- commit c05c411 +- commit 7b473e9 @@ -47 +83,66 @@ -- commit cf6e186 +- commit cc11143 + +------------------------------------------------------------------- +Fri Jul 8 09:41:10 CEST 2016 - jdelv...@suse.de + +- config: Disable RTC_DRV_DS1302 + All other SPI RTC device drivers are disabled, no reason why this + one would be an exception. +- commit 0721302 + +------------------------------------------------------------------- +Fri Jul 8 02:22:32 CEST 2016 - afaer...@suse.de + +- config: arm64: Enable TEGRA210_ADMA +- commit 8852ee8 + +------------------------------------------------------------------- +Fri Jul 8 02:20:22 CEST 2016 - afaer...@suse.de + +- config: arm64: Enable DRM_ANALOGIX_ANX78XX +- commit 2773482 + +------------------------------------------------------------------- +Fri Jul 8 02:10:02 CEST 2016 - afaer...@suse.de + +- config: armv7hl: Enable HDCP support for Snapdragon + arm64 already had it enabled. +- commit 1f3ecb7 + +------------------------------------------------------------------- +Fri Jul 8 00:52:44 CEST 2016 - afaer...@suse.de + +- config: arm64: Align USB gadget options + Enable serial gadget console support, enable a missing configfs option + and disable legacy UAC1. +- commit 5065003 + +------------------------------------------------------------------- +Fri Jul 8 00:45:54 CEST 2016 - afaer...@suse.de + +- config: armv7hl: Enable USB gadget options + This allows to build solutions like a Ceph USB storage gateway, + presented at openSUSE Conference: + https://events.opensuse.org/conference/oSC16/program/proposal/934 +- commit a8b4ce6 + +------------------------------------------------------------------- +Fri Jul 8 00:22:19 CEST 2016 - afaer...@suse.de + +- config: armv6hl: Enable remaining LED triggers + Also enable flash LED class while at it. +- commit 97b6c11 + +------------------------------------------------------------------- +Fri Jul 8 00:16:22 CEST 2016 - afaer...@suse.de + +- config: armv6hl: Update to 4.7 +- commit 5cd0742 + +------------------------------------------------------------------- +Thu Jul 7 20:31:26 CEST 2016 - je...@suse.com + +- config: restore default cpufreq governor + The update to 4.7-rc1 mistakenly used CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y. + This patch reverts to the longtime default of ONDEMAND. +- commit 27cce0c @@ -82,0 +184,83 @@ +Tue Jul 5 23:41:07 CEST 2016 - je...@suse.com + +- Revert "ecryptfs: forbid opening files without mmap handler". +- commit a491e21 + +------------------------------------------------------------------- +Tue Jul 5 20:24:11 CEST 2016 - afaer...@suse.de + +- config: armv7hl: Enable ipq4019 + It's a Cortex-A7. +- commit 016ff1f + +------------------------------------------------------------------- +Tue Jul 5 20:16:29 CEST 2016 - afaer...@suse.de + +- config: armv7hl: Enable BCM2836 support for lpae + The Raspberry Pi 2 has a Cortex-A7, so let's enable it in lpae flavor. + Consistently make HW_RANDOM_BCM2835 a module. +- commit fb11bde + +------------------------------------------------------------------- +Tue Jul 5 19:41:41 CEST 2016 - afaer...@suse.de + +- config: armv7hl: Enable all LED triggers + Let's be consistent about offering them. arm64 has them already. +- commit 4dd8d95 + +------------------------------------------------------------------- +Mon Jul 4 22:49:04 CEST 2016 - ag...@suse.de + +- Remove deprecated patches: + - Delete patches.arch/arm-arndale-dma.patch. + - Delete + patches.arch/arm64-0004-net-xgbe-Add-A0-silicon-support.patch. +- commit 4f0a683 + +------------------------------------------------------------------- +Mon Jul 4 17:30:35 CEST 2016 - je...@suse.com + +- patches.rpmify/i915-fix-build-error-with-werror: actually fix the error +- commit 309a9bd + +------------------------------------------------------------------- +Mon Jul 4 16:45:27 CEST 2016 - je...@suse.com + +- Update to 4.7-rc6. +- commit 916c4e7 + +------------------------------------------------------------------- +Mon Jul 4 16:25:50 CEST 2016 - je...@suse.com + +- patches.rpmify/i915-fix-build-error-with-werror: fix patch description +- i915: fix build error with -Werror. +- commit cf4ceb9 + +------------------------------------------------------------------- +Fri Jul 1 12:14:52 CEST 2016 - jthumsh...@suse.de + +- Update config files to allow building of libnvdimm as module. +- commit f8d3041 + +------------------------------------------------------------------- +Tue Jun 28 14:17:24 CEST 2016 - mma...@suse.com + +- Delete patches.suse/sd_init.mark_majors_busy.patch (bsc#744658) + It was only required by the xenlinux frontent drivers. +- commit 50d8ea0 + +------------------------------------------------------------------- +Mon Jun 27 22:38:16 CEST 2016 - je...@suse.com + +- Update to 4.7-rc5. +- Eliminated 1 patch. +- commit 1207339 + +------------------------------------------------------------------- +Mon Jun 27 15:37:24 CEST 2016 - jkos...@suse.cz + +- HID: hiddev: validate num_values for HIDIOCGUSAGES, + HIDIOCSUSAGES commands (bsc#986572 CVE-2016-5829). +- commit 0646d06 + +------------------------------------------------------------------- @@ -98,0 +283,10 @@ +Wed Jun 22 19:22:31 CEST 2016 - matwey.korni...@gmail.com + +- config: armv7hl: Update configs for 4.7 ++++ 199 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change Old: ---- linux-4.6.tar.xz New: ---- linux-4.7.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -19,8 +19,8 @@ # This makes the OBS store the project cert as %_sourcedir/_projectcert.crt # needssslcertforbuild -%define srcversion 4.6 -%define patchversion 4.6.4 +%define srcversion 4.7 +%define patchversion 4.7.0 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0 Group: System/Kernel -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -16,7 +16,7 @@ # -%define patchversion 4.6.4 +%define patchversion 4.7.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -27,9 +27,9 @@ Summary: Kernel Documentation (man pages) License: GPL-2.0 Group: Documentation/Man -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -19,8 +19,8 @@ # This makes the OBS store the project cert as %_sourcedir/_projectcert.crt # needssslcertforbuild -%define srcversion 4.6 -%define patchversion 4.6.4 +%define srcversion 4.7 +%define patchversion 4.7.0 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.6.4 +%define patchversion 4.7.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -51,9 +51,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.6.4 +%define patchversion 4.7.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -19,8 +19,8 @@ # This makes the OBS store the project cert as %_sourcedir/_projectcert.crt # needssslcertforbuild -%define srcversion 4.6 -%define patchversion 4.6.4 +%define srcversion 4.7 +%define patchversion 4.7.0 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -17,8 +17,8 @@ # icecream 0 -%define srcversion 4.6 -%define patchversion 4.6.4 +%define srcversion 4.7 +%define patchversion 4.7.0 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.6.4 +Version: 4.7.0 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -19,8 +19,8 @@ # This makes the OBS store the project cert as %_sourcedir/_projectcert.crt # needssslcertforbuild -%define srcversion 4.6 -%define patchversion 4.6.4 +%define srcversion 4.7 +%define patchversion 4.7.0 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0 Group: System/Kernel -Version: 4.6.4 +Version: 4.7.0 %if 0%{?is_kotd} -Release: <RELEASE>.g8f4696b +Release: <RELEASE>.g89a2ada %else Release: 0 %endif ++++++ config.sh ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:25:59.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:25:59.000000000 +0200 @@ -1,5 +1,5 @@ # The version of the main tarball to use -SRCVERSION=4.6 +SRCVERSION=4.7 # variant of the kernel-source package, either empty or "-rt" VARIANT= # buildservice projects to build the kernel against ++++++ config.tar.bz2 ++++++ ++++ 10888 lines of diff (skipped) ++++++ linux-4.6.tar.xz -> linux-4.7.tar.xz ++++++ /work/SRC/openSUSE:Factory/kernel-source/linux-4.6.tar.xz /work/SRC/openSUSE:Factory/.kernel-source.new/linux-4.7.tar.xz differ: char 26, line 1 ++++++ patches.arch.tar.bz2 ++++++ ++++ 12601 lines of diff (skipped) ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly new/patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly --- old/patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly 2016-07-12 10:29:48.000000000 +0200 +++ new/patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly 1970-01-01 01:00:00.000000000 +0100 @@ -1,160 +0,0 @@ -From d2c5cf88d5282de258f4eb6ab40040b80a075cd8 Mon Sep 17 00:00:00 2001 -From: Takashi Iwai <ti...@suse.de> -Date: Sun, 24 Apr 2016 22:52:18 +0200 -Subject: [PATCH] ALSA: hrtimer: Handle start/stop more properly -Patch-mainline: Queued in subsystem maintainer repository -Git-commit: d2c5cf88d5282de258f4eb6ab40040b80a075cd8 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -References: bsc#973378 - -This patch tries to address the still remaining issues in ALSA hrtimer -Driver: -- Spurious use-after-free was detected in hrtimer callback -- Incorrect rescheduling due to delayed start -- WARN_ON() is triggered in hrtimer_forward() invoked in hrtimer - callback - -The first issue happens only when the new timer is scheduled even -while hrtimer is being closed. It's related with the second and third -items; since ALSA timer core invokes hw.start callback during hrtimer -interrupt, this may result in the explicit call of hrtimer_start(). - -Also, the similar problem is seen for the stop; ALSA timer core -invokes hw.stop callback even in the hrtimer handler, too. Since we -must not call the synced hrtimer_cancel() in such a context, it's just -a hrtimer_try_to_cancel() call that doesn't properly work. - -Another culprit of the second and third items is the call of -hrtimer_forward_now() before snd_timer_interrupt(). The timer->stick -value may change during snd_timer_interrupt() call, but this -possibility is ignored completely. - -For covering these subtle and messy issues, the following changes have -been done in this patch: -- A new flag, in_callback, is introduced in the private data to - indicate that the hrtimer handler is being processed. -- Both start and stop callbacks skip when called from (during) - in_callback flag. -- The hrtimer handler returns properly HRTIMER_RESTART and NORESTART - depending on the running state now. -- The hrtimer handler reprograms the expiry properly after - snd_timer_interrupt() call, instead of before. -- The close callback clears running flag and sets in_callback flag - to block any further start/stop calls. - -Signed-off-by: Takashi Iwai <ti...@suse.de> - ---- - sound/core/hrtimer.c | 56 ++++++++++++++++++++++++++++++++++++---------------- - 1 file changed, 39 insertions(+), 17 deletions(-) - -diff --git a/sound/core/hrtimer.c b/sound/core/hrtimer.c -index 656d9a9032dc..e2f27022b363 100644 ---- a/sound/core/hrtimer.c -+++ b/sound/core/hrtimer.c -@@ -38,37 +38,53 @@ static unsigned int resolution; - struct snd_hrtimer { - struct snd_timer *timer; - struct hrtimer hrt; -- atomic_t running; -+ bool in_callback; - }; - - static enum hrtimer_restart snd_hrtimer_callback(struct hrtimer *hrt) - { - struct snd_hrtimer *stime = container_of(hrt, struct snd_hrtimer, hrt); - struct snd_timer *t = stime->timer; -- unsigned long oruns; -- -- if (!atomic_read(&stime->running)) -- return HRTIMER_NORESTART; -- -- oruns = hrtimer_forward_now(hrt, ns_to_ktime(t->sticks * resolution)); -- snd_timer_interrupt(stime->timer, t->sticks * oruns); -+ ktime_t delta; -+ unsigned long ticks; -+ enum hrtimer_restart ret = HRTIMER_NORESTART; -+ -+ spin_lock(&t->lock); -+ if (!t->running) -+ goto out; /* fast path */ -+ stime->in_callback = true; -+ ticks = t->sticks; -+ spin_unlock(&t->lock); -+ -+ /* calculate the drift */ -+ delta = ktime_sub(hrt->base->get_time(), hrtimer_get_expires(hrt)); -+ if (delta.tv64 > 0) -+ ticks += ktime_divns(delta, ticks * resolution); -+ -+ snd_timer_interrupt(stime->timer, ticks); -+ -+ spin_lock(&t->lock); -+ if (t->running) { -+ hrtimer_add_expires_ns(hrt, t->sticks * resolution); -+ ret = HRTIMER_RESTART; -+ } - -- if (!atomic_read(&stime->running)) -- return HRTIMER_NORESTART; -- return HRTIMER_RESTART; -+ stime->in_callback = false; -+ out: -+ spin_unlock(&t->lock); -+ return ret; - } - - static int snd_hrtimer_open(struct snd_timer *t) - { - struct snd_hrtimer *stime; - -- stime = kmalloc(sizeof(*stime), GFP_KERNEL); -+ stime = kzalloc(sizeof(*stime), GFP_KERNEL); - if (!stime) - return -ENOMEM; - hrtimer_init(&stime->hrt, CLOCK_MONOTONIC, HRTIMER_MODE_REL); - stime->timer = t; - stime->hrt.function = snd_hrtimer_callback; -- atomic_set(&stime->running, 0); - t->private_data = stime; - return 0; - } -@@ -78,6 +94,11 @@ static int snd_hrtimer_close(struct snd_timer *t) - struct snd_hrtimer *stime = t->private_data; - - if (stime) { -+ spin_lock_irq(&t->lock); -+ t->running = 0; /* just to be sure */ -+ stime->in_callback = 1; /* skip start/stop */ -+ spin_unlock_irq(&t->lock); -+ - hrtimer_cancel(&stime->hrt); - kfree(stime); - t->private_data = NULL; -@@ -89,18 +110,19 @@ static int snd_hrtimer_start(struct snd_timer *t) - { - struct snd_hrtimer *stime = t->private_data; - -- atomic_set(&stime->running, 0); -- hrtimer_try_to_cancel(&stime->hrt); -+ if (stime->in_callback) -+ return 0; - hrtimer_start(&stime->hrt, ns_to_ktime(t->sticks * resolution), - HRTIMER_MODE_REL); -- atomic_set(&stime->running, 1); - return 0; - } - - static int snd_hrtimer_stop(struct snd_timer *t) - { - struct snd_hrtimer *stime = t->private_data; -- atomic_set(&stime->running, 0); -+ -+ if (stime->in_callback) -+ return 0; - hrtimer_try_to_cancel(&stime->hrt); - return 0; - } --- -2.8.2 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/pstore_disable_efi_backend_by_default.patch new/patches.drivers/pstore_disable_efi_backend_by_default.patch --- old/patches.drivers/pstore_disable_efi_backend_by_default.patch 2016-07-12 10:29:48.000000000 +0200 +++ new/patches.drivers/pstore_disable_efi_backend_by_default.patch 2016-07-12 10:31:31.000000000 +0200 @@ -11,22 +11,19 @@ Signed-off-by: Thomas Renninger <tr...@suse.de> -Index: linux-3.7-openSUSE-12.3/fs/pstore/platform.c -=================================================================== ---- linux-3.7-openSUSE-12.3.orig/fs/pstore/platform.c -+++ linux-3.7-openSUSE-12.3/fs/pstore/platform.c -@@ -222,6 +222,14 @@ int pstore_register(struct pstore_info * +--- a/fs/pstore/platform.c ++++ b/fs/pstore/platform.c +@@ -442,6 +442,13 @@ { - struct module *owner = psi->owner; - + struct module *owner = psi->owner; + + if (!backend && !strcmp(psi->name, "efi")) { + pr_info("Efi pstore disabled, enforce via pstore.backend=efi"); + pr_info("On a broken BIOS, this can severely harm your system"); + pr_info("Only enable efi based pstore when you know what you are doing"); -+ spin_unlock(&pstore_lock); + return -EINVAL; + } + if (backend && strcmp(backend, psi->name)) return -EPERM; - + ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch new/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch --- old/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -From 38327424b40bcebe2de92d07312c89360ac9229a Mon Sep 17 00:00:00 2001 -From: Dan Carpenter <dan.carpen...@oracle.com> -Date: Thu, 16 Jun 2016 15:48:57 +0100 -Subject: [PATCH] KEYS: potential uninitialized variable - -Git-commit: 38327424b40bcebe2de92d07312c89360ac9229a -Patch-mainline: v4.7-rc4 -References: bsc#984755, CVE-2016-4470 - -If __key_link_begin() failed then "edit" would be uninitialized. I've -added a check to fix that. - -This allows a random user to crash the kernel, though it's quite -difficult to achieve. There are three ways it can be done as the user -would have to cause an error to occur in __key_link(): - - (1) Cause the kernel to run out of memory. In practice, this is difficult - to achieve without ENOMEM cropping up elsewhere and aborting the - attempt. - - (2) Revoke the destination keyring between the keyring ID being looked up - and it being tested for revocation. In practice, this is difficult to - time correctly because the KEYCTL_REJECT function can only be used - from the request-key upcall process. Further, users can only make use - of what's in /sbin/request-key.conf, though this does including a - rejection debugging test - which means that the destination keyring - has to be the caller's session keyring in practice. - - (3) Have just enough key quota available to create a key, a new session - keyring for the upcall and a link in the session keyring, but not then - sufficient quota to create a link in the nominated destination keyring - so that it fails with EDQUOT. - -The bug can be triggered using option (3) above using something like the -following: - - echo 80 >/proc/sys/kernel/keys/root_maxbytes - keyctl request2 user debug:fred negate @t - -The above sets the quota to something much lower (80) to make the bug -easier to trigger, but this is dependent on the system. Note also that -the name of the keyring created contains a random number that may be -between 1 and 10 characters in size, so may throw the test off by -changing the amount of quota used. - -Assuming the failure occurs, something like the following will be seen: - - kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h - ------------[ cut here ]------------ - kernel BUG at ../mm/slab.c:2821! - ... - RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25 - RSP: 0018:ffff8804014a7de8 EFLAGS: 00010092 - RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000 - RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300 - RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000 - R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202 - R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001 - ... - Call Trace: - kfree+0xde/0x1bc - assoc_array_cancel_edit+0x1f/0x36 - __key_link_end+0x55/0x63 - key_reject_and_link+0x124/0x155 - keyctl_reject_key+0xb6/0xe0 - keyctl_negate_key+0x10/0x12 - SyS_keyctl+0x9f/0xe7 - do_syscall_64+0x63/0x13a - entry_SYSCALL64_slow_path+0x25/0x25 - -Fixes: f70e2e06196a ('KEYS: Do preallocation for __key_link()') -Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> -Signed-off-by: David Howells <dhowe...@redhat.com> -cc: sta...@vger.kernel.org -Signed-off-by: Linus Torvalds <torva...@linux-foundation.org> -Acked-by: Lee, Chun-Yi <j...@suse.com> ---- - security/keys/key.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -584,7 +584,7 @@ int key_reject_and_link(struct key *key, - - mutex_unlock(&key_construction_mutex); - -- if (keyring) -+ if (keyring && link_ret == 0) - __key_link_end(keyring, &key->index_key, edit); - - /* wake up anyone waiting for a key to be constructed */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.patch new/patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.patch --- old/patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.patch 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,63 +0,0 @@ -From 58cef0395ff3578c1339e3a0c6595c781909c051 Mon Sep 17 00:00:00 2001 -From: Jeff Mahoney <je...@suse.com> -Date: Tue, 5 Jul 2016 17:11:12 -0400 -Subject: [PATCH 1/2] Revert "ecryptfs: forbid opening files without mmap - handler" -Patch-mainline: 4.7 -Git-commit: 78c4e172412de5d0456dc00d2b34050aa0b683b5 -References: boo#989084 - -This reverts commit 2f36db71009304b3f0b95afacd8eba1f9f046b87. - -It fixed a local root exploit but also introduced a dependency on -the lower file system implementing an mmap operation just to open a file, -which is a bit of a heavy hammer. The right fix is to have mmap depend -on the existence of the mmap handler instead. - -Signed-off-by: Jeff Mahoney <je...@suse.com> ---- - fs/ecryptfs/kthread.c | 13 ++----------- - 1 file changed, 2 insertions(+), 11 deletions(-) - -diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c -index e818f5a..866bb18 100644 ---- a/fs/ecryptfs/kthread.c -+++ b/fs/ecryptfs/kthread.c -@@ -25,7 +25,6 @@ - #include <linux/slab.h> - #include <linux/wait.h> - #include <linux/mount.h> --#include <linux/file.h> - #include "ecryptfs_kernel.h" - - struct ecryptfs_open_req { -@@ -148,7 +147,7 @@ int ecryptfs_privileged_open(struct file **lower_file, - flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR; - (*lower_file) = dentry_open(&req.path, flags, cred); - if (!IS_ERR(*lower_file)) -- goto have_file; -+ goto out; - if ((flags & O_ACCMODE) == O_RDONLY) { - rc = PTR_ERR((*lower_file)); - goto out; -@@ -166,16 +165,8 @@ int ecryptfs_privileged_open(struct file **lower_file, - mutex_unlock(&ecryptfs_kthread_ctl.mux); - wake_up(&ecryptfs_kthread_ctl.wait); - wait_for_completion(&req.done); -- if (IS_ERR(*lower_file)) { -+ if (IS_ERR(*lower_file)) - rc = PTR_ERR(*lower_file); -- goto out; -- } --have_file: -- if ((*lower_file)->f_op->mmap == NULL) { -- fput(*lower_file); -- *lower_file = NULL; -- rc = -EMEDIUMTYPE; -- } - out: - return rc; - } --- -2.7.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.patch new/patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.patch --- old/patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.patch 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,49 +0,0 @@ -From 328b1a077c5f33cf9dffc98ed805a36eea08d7dc Mon Sep 17 00:00:00 2001 -From: Jeff Mahoney <je...@suse.com> -Date: Tue, 7 Jun 2016 15:11:53 -0400 -Subject: [PATCH] ecryptfs: don't allow mmap when the lower file system doesn't allow it -References: bsc#983143 CVE-2016-1583 -Patch-mainline: 4.7 -Git-commit: f0fe970df3838c202ef6c07a4c2b36838ef0a88b - -There are legitimate reasons to disallow mmap on certain files, notably -in sysfs or procfs. We shouldn't emulate mmap support on file systems -that don't offer support natively. - -Signed-off-by: Jeff Mahoney <je...@suse.com> ---- - fs/ecryptfs/file.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c -index 7000b96..406fde9 100644 ---- a/fs/ecryptfs/file.c -+++ b/fs/ecryptfs/file.c -@@ -238,6 +238,15 @@ out: - return rc; - } - -+ -+static int ecryptfs_mmap(struct file *file, struct vm_area_struct *vma) -+{ -+ struct dentry *dentry = ecryptfs_dentry_to_lower(file_dentry(file)); -+ if (!d_inode(dentry)->i_fop->mmap) -+ return -ENODEV; -+ return generic_file_mmap(file, vma); -+} -+ - /** - * ecryptfs_open - * @inode: inode speciying file to open -@@ -403,7 +412,7 @@ const struct file_operations ecryptfs_main_fops = { - #ifdef CONFIG_COMPAT - .compat_ioctl = ecryptfs_compat_ioctl, - #endif -- .mmap = generic_file_mmap, -+ .mmap = ecryptfs_mmap, - .open = ecryptfs_open, - .flush = ecryptfs_flush, - .release = ecryptfs_release, --- -2.7.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-posix_acl-Add-set_posix_acl.patch new/patches.fixes/0001-posix_acl-Add-set_posix_acl.patch --- old/patches.fixes/0001-posix_acl-Add-set_posix_acl.patch 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/0001-posix_acl-Add-set_posix_acl.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,89 +0,0 @@ -From: Andreas Gruenbacher <agrue...@redhat.com> -Date: Wed, 22 Jun 2016 23:57:25 +0200 -Subject: [PATCH] posix_acl: Add set_posix_acl -Git-commit: 485e71e8fb6356c08c7fc6bcce4bf02c9a9a663f -Patch-mainline: v4.7 -References: bsc#986570 CVE-2016-1237 - -Factor out part of posix_acl_xattr_set into a common function that takes -a posix_acl, which nfsd can also call. - -The prototype already exists in include/linux/posix_acl.h. - -Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> -Cc: sta...@vger.kernel.org -Cc: Christoph Hellwig <h...@infradead.org> -Cc: Al Viro <v...@zeniv.linux.org.uk> -Signed-off-by: J. Bruce Fields <bfie...@redhat.com> -Acked-by: NeilBrown <ne...@suse.com> - ---- - fs/posix_acl.c | 43 ++++++++++++++++++++++++------------------- - 1 file changed, 24 insertions(+), 19 deletions(-) - ---- a/fs/posix_acl.c -+++ b/fs/posix_acl.c -@@ -786,39 +786,44 @@ posix_acl_xattr_get(const struct xattr_h - return error; - } - --static int --posix_acl_xattr_set(const struct xattr_handler *handler, -- struct dentry *dentry, const char *name, -- const void *value, size_t size, int flags) -+int -+set_posix_acl(struct inode *inode, int type, struct posix_acl *acl) - { -- struct inode *inode = d_backing_inode(dentry); -- struct posix_acl *acl = NULL; -- int ret; -- - if (!IS_POSIXACL(inode)) - return -EOPNOTSUPP; - if (!inode->i_op->set_acl) - return -EOPNOTSUPP; - -- if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) -- return value ? -EACCES : 0; -+ if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) -+ return acl ? -EACCES : 0; - if (!inode_owner_or_capable(inode)) - return -EPERM; - -+ if (acl) { -+ int ret = posix_acl_valid(acl); -+ if (ret) -+ return ret; -+ } -+ return inode->i_op->set_acl(inode, acl, type); -+} -+EXPORT_SYMBOL(set_posix_acl); -+ -+static int -+posix_acl_xattr_set(const struct xattr_handler *handler, -+ struct dentry *dentry, -+ const char *name, const void *value, -+ size_t size, int flags) -+{ -+ struct inode *inode = d_backing_inode(dentry); -+ struct posix_acl *acl = NULL; -+ int ret; -+ - if (value) { - acl = posix_acl_from_xattr(&init_user_ns, value, size); - if (IS_ERR(acl)) - return PTR_ERR(acl); -- -- if (acl) { -- ret = posix_acl_valid(acl); -- if (ret) -- goto out; -- } - } -- -- ret = inode->i_op->set_acl(inode, acl, handler->flags); --out: -+ ret = set_posix_acl(inode, handler->flags, acl); - posix_acl_release(acl); - return ret; - } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch new/patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch --- old/patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,149 +0,0 @@ -From: Ben Hutchings <b...@decadent.org.uk> -Date: Wed, 22 Jun 2016 19:43:35 +0100 -Subject: [PATCH] nfsd: check permissions when setting ACLs -Git-commit: 999653786df6954a31044528ac3f7a5dadca08f4 -Patch-mainline: v4.7 -References: bsc#986570 CVE-2016-1237 - -Use set_posix_acl, which includes proper permission checks, instead of -calling ->set_acl directly. Without this anyone may be able to grant -themselves permissions to a file by setting the ACL. - -Lock the inode to make the new checks atomic with respect to set_acl. -(Also, nfsd was the only caller of set_acl not locking the inode, so I -suspect this may fix other races.) - -This also simplifies the code, and ensures our ACLs are checked by -posix_acl_valid. - -The permission checks and the inode locking were lost with commit -4ac7249e, which changed nfsd to use the set_acl inode operation directly -instead of going through xattr handlers. - -Reported-by: David Sinquin <da...@sinquin.eu> -[agreu...@redhat.com: use set_posix_acl] -Fixes: 4ac7249e -Cc: Christoph Hellwig <h...@infradead.org> -Cc: Al Viro <v...@zeniv.linux.org.uk> -Cc: sta...@vger.kernel.org -Signed-off-by: J. Bruce Fields <bfie...@redhat.com> -Acked-by: NeilBrown <ne...@suse.com> - ---- - fs/nfsd/nfs2acl.c | 20 ++++++++++---------- - fs/nfsd/nfs3acl.c | 16 +++++++--------- - fs/nfsd/nfs4acl.c | 16 ++++++++-------- - 3 files changed, 25 insertions(+), 27 deletions(-) - ---- a/fs/nfsd/nfs2acl.c -+++ b/fs/nfsd/nfs2acl.c -@@ -104,22 +104,21 @@ static __be32 nfsacld_proc_setacl(struct - goto out; - - inode = d_inode(fh->fh_dentry); -- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) { -- error = -EOPNOTSUPP; -- goto out_errno; -- } - - error = fh_want_write(fh); - if (error) - goto out_errno; - -- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS); -+ fh_lock(fh); -+ -+ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access); - if (error) -- goto out_drop_write; -- error = inode->i_op->set_acl(inode, argp->acl_default, -- ACL_TYPE_DEFAULT); -+ goto out_drop_lock; -+ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default); - if (error) -- goto out_drop_write; -+ goto out_drop_lock; -+ -+ fh_unlock(fh); - - fh_drop_write(fh); - -@@ -131,7 +130,8 @@ out: - posix_acl_release(argp->acl_access); - posix_acl_release(argp->acl_default); - return nfserr; --out_drop_write: -+out_drop_lock: -+ fh_unlock(fh); - fh_drop_write(fh); - out_errno: - nfserr = nfserrno(error); ---- a/fs/nfsd/nfs3acl.c -+++ b/fs/nfsd/nfs3acl.c -@@ -95,22 +95,20 @@ static __be32 nfsd3_proc_setacl(struct s - goto out; - - inode = d_inode(fh->fh_dentry); -- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) { -- error = -EOPNOTSUPP; -- goto out_errno; -- } - - error = fh_want_write(fh); - if (error) - goto out_errno; - -- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS); -+ fh_lock(fh); -+ -+ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access); - if (error) -- goto out_drop_write; -- error = inode->i_op->set_acl(inode, argp->acl_default, -- ACL_TYPE_DEFAULT); -+ goto out_drop_lock; -+ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default); - --out_drop_write: -+out_drop_lock: -+ fh_unlock(fh); - fh_drop_write(fh); - out_errno: - nfserr = nfserrno(error); ---- a/fs/nfsd/nfs4acl.c -+++ b/fs/nfsd/nfs4acl.c -@@ -770,9 +770,6 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqst - dentry = fhp->fh_dentry; - inode = d_inode(dentry); - -- if (!inode->i_op->set_acl || !IS_POSIXACL(inode)) -- return nfserr_attrnotsupp; -- - if (S_ISDIR(inode->i_mode)) - flags = NFS4_ACL_DIR; - -@@ -782,16 +779,19 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqst - if (host_error < 0) - goto out_nfserr; - -- host_error = inode->i_op->set_acl(inode, pacl, ACL_TYPE_ACCESS); -+ fh_lock(fhp); -+ -+ host_error = set_posix_acl(inode, ACL_TYPE_ACCESS, pacl); - if (host_error < 0) -- goto out_release; -+ goto out_drop_lock; - - if (S_ISDIR(inode->i_mode)) { -- host_error = inode->i_op->set_acl(inode, dpacl, -- ACL_TYPE_DEFAULT); -+ host_error = set_posix_acl(inode, ACL_TYPE_DEFAULT, dpacl); - } - --out_release: -+out_drop_lock: -+ fh_unlock(fhp); -+ - posix_acl_release(pacl); - posix_acl_release(dpacl); - out_nfserr: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS new/patches.fixes/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS --- old/patches.fixes/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS 1970-01-01 01:00:00.000000000 +0100 @@ -1,32 +0,0 @@ -From cec8f96e49d9be372fdb0c3836dcf31ec71e457e Mon Sep 17 00:00:00 2001 -From: Kangjie Lu <kangji...@gmail.com> -Date: Tue, 3 May 2016 16:44:07 -0400 -Subject: [PATCH] ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS -Mime-version: 1.0 -Content-type: text/plain; charset=UTF-8 -Content-transfer-encoding: 8bit -Patch-mainline: v4.7-rc1 -Git-commit: cec8f96e49d9be372fdb0c3836dcf31ec71e457e -References: CVE-2016-4569,bsc#979213 - -The stack object “tread” has a total size of 32 bytes. Its field -“event” and “val” both contain 4 bytes padding. These 8 bytes -padding bytes are sent to user without being initialized. - -Signed-off-by: Kangjie Lu <k...@gatech.edu> -Signed-off-by: Takashi Iwai <ti...@suse.de> - ---- - sound/core/timer.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/sound/core/timer.c -+++ b/sound/core/timer.c -@@ -1739,6 +1739,7 @@ static int snd_timer_user_params(struct - if (tu->timeri->flags & SNDRV_TIMER_IFLG_EARLY_EVENT) { - if (tu->tread) { - struct snd_timer_tread tread; -+ memset(&tread, 0, sizeof(tread)); - tread.event = SNDRV_TIMER_EVENT_EARLY; - tread.tstamp.tv_sec = 0; - tread.tstamp.tv_nsec = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca new/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca --- old/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca 1970-01-01 01:00:00.000000000 +0100 @@ -1,32 +0,0 @@ -From 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 Mon Sep 17 00:00:00 2001 -From: Kangjie Lu <kangji...@gmail.com> -Date: Tue, 3 May 2016 16:44:20 -0400 -Subject: [PATCH] ALSA: timer: Fix leak in events via snd_timer_user_ccallback -Mime-version: 1.0 -Content-type: text/plain; charset=UTF-8 -Content-transfer-encoding: 8bit -Patch-mainline: v4.7-rc1 -Git-commit: 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 -References: CVE-2016-4578,bsc#979879 - -The stack object “r1” has a total size of 32 bytes. Its field -“event” and “val” both contain 4 bytes padding. These 8 bytes -padding bytes are sent to user without being initialized. - -Signed-off-by: Kangjie Lu <k...@gatech.edu> -Signed-off-by: Takashi Iwai <ti...@suse.de> - ---- - sound/core/timer.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/sound/core/timer.c -+++ b/sound/core/timer.c -@@ -1225,6 +1225,7 @@ static void snd_timer_user_ccallback(str - tu->tstamp = *tstamp; - if ((tu->filter & (1 << event)) == 0 || !tu->tread) - return; -+ memset(&r1, 0, sizeof(r1)); - r1.event = event; - r1.tstamp = *tstamp; - r1.val = resolution; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin new/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin --- old/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin 1970-01-01 01:00:00.000000000 +0100 @@ -1,32 +0,0 @@ -From e4ec8cc8039a7063e24204299b462bd1383184a5 Mon Sep 17 00:00:00 2001 -From: Kangjie Lu <kangji...@gmail.com> -Date: Tue, 3 May 2016 16:44:32 -0400 -Subject: [PATCH] ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt -Mime-version: 1.0 -Content-type: text/plain; charset=UTF-8 -Content-transfer-encoding: 8bit -Patch-mainline: v4.7-rc1 -Git-commit: e4ec8cc8039a7063e24204299b462bd1383184a5 -References: CVE-2016-4578,bsc#979879 - -The stack object “r1” has a total size of 32 bytes. Its field -“event” and “val” both contain 4 bytes padding. These 8 bytes -padding bytes are sent to user without being initialized. - -Signed-off-by: Kangjie Lu <k...@gatech.edu> -Signed-off-by: Takashi Iwai <ti...@suse.de> - ---- - sound/core/timer.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/sound/core/timer.c -+++ b/sound/core/timer.c -@@ -1268,6 +1268,7 @@ static void snd_timer_user_tinterrupt(st - } - if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) && - tu->last_resolution != resolution) { -+ memset(&r1, 0, sizeof(r1)); - r1.event = SNDRV_TIMER_EVENT_RESOLUTION; - r1.tstamp = tstamp; - r1.val = resolution; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/Bluetooth-fix-power_on-vs-close-race new/patches.fixes/Bluetooth-fix-power_on-vs-close-race --- old/patches.fixes/Bluetooth-fix-power_on-vs-close-race 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/Bluetooth-fix-power_on-vs-close-race 1970-01-01 01:00:00.000000000 +0100 @@ -1,55 +0,0 @@ -From bf389cabb3b8079c23f9762e62b05f291e2d5e99 Mon Sep 17 00:00:00 2001 -From: Jiri Slaby <jsl...@suse.cz> -Date: Fri, 13 May 2016 10:38:49 +0200 -Subject: [PATCH] Bluetooth: fix power_on vs close race -Patch-mainline: 4.7-rc1 -Git-commit: bf389cabb3b8079c23f9762e62b05f291e2d5e99 -References: bsc#966849 - -With all the latest fixes applied, I am still able to reproduce this -(and other) warning(s): -Warning: CPU: 1 PID: 19684 at ../kernel/workqueue.c:4092 destroy_workqueue+0x70a/0x770() -... -Call Trace: - [<ffffffff819fee81>] ? dump_stack+0xb3/0x112 - [<ffffffff8117377e>] ? warn_slowpath_common+0xde/0x140 - [<ffffffff811ce68a>] ? destroy_workqueue+0x70a/0x770 - [<ffffffff811739ae>] ? warn_slowpath_null+0x2e/0x40 - [<ffffffff811ce68a>] ? destroy_workqueue+0x70a/0x770 - [<ffffffffa0c944c9>] ? hci_unregister_dev+0x2a9/0x720 [bluetooth] - [<ffffffffa0b301db>] ? vhci_release+0x7b/0xf0 [hci_vhci] - [<ffffffffa0b30160>] ? vhci_flush+0x50/0x50 [hci_vhci] - [<ffffffff8117cd73>] ? do_exit+0x863/0x2b90 - -This is due to race present in the hci_unregister_dev path. -hdev->power_on work races with hci_dev_do_close. One tries to open, -the other tries to close, leading to warning like the above. (Another -example is a warning in kobject_get or kobject_put depending on who -wins the race.) - -Fix this by switching those two racers to ensure hdev->power_on never -triggers while hci_dev_do_close is in progress. - -Signed-off-by: Jiri Slaby <jsl...@suse.cz> -Signed-off-by: Marcel Holtmann <mar...@holtmann.org> -Acked-by: Takashi Iwai <ti...@suse.de> - ---- - net/bluetooth/hci_core.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/net/bluetooth/hci_core.c -+++ b/net/bluetooth/hci_core.c -@@ -3139,10 +3139,10 @@ void hci_unregister_dev(struct hci_dev * - list_del(&hdev->list); - write_unlock(&hci_dev_list_lock); - -- hci_dev_do_close(hdev); -- - cancel_work_sync(&hdev->power_on); - -+ hci_dev_do_close(hdev); -+ - if (!test_bit(HCI_INIT, &hdev->flags) && - !hci_dev_test_flag(hdev, HCI_SETUP) && - !hci_dev_test_flag(hdev, HCI_CONFIG)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/apparmor-fix-oops-validate-buffer-size-in-apparmor_s new/patches.fixes/apparmor-fix-oops-validate-buffer-size-in-apparmor_s --- old/patches.fixes/apparmor-fix-oops-validate-buffer-size-in-apparmor_s 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/apparmor-fix-oops-validate-buffer-size-in-apparmor_s 1970-01-01 01:00:00.000000000 +0100 @@ -1,117 +0,0 @@ -From 30a46a4647fd1df9cf52e43bf467f0d9265096ca Mon Sep 17 00:00:00 2001 -From: Vegard Nossum <vegard.nos...@oracle.com> -Date: Thu, 7 Jul 2016 13:41:11 -0700 -Subject: [PATCH] apparmor: fix oops, validate buffer size in apparmor_setprocattr() -Git-commit: 30a46a4647fd1df9cf52e43bf467f0d9265096ca -Patch-mainline: 4.7-rc7 -References: CVE-2016-6187,bsc#988307 - -When proc_pid_attr_write() was changed to use memdup_user apparmor's -(interface violating) assumption that the setprocattr buffer was always -a single page was violated. - -The size test is not strictly speaking needed as proc_pid_attr_write() -will reject anything larger, but for the sake of robustness we can keep -it in. - -SMACK and SELinux look safe to me, but somebody else should probably -have a look just in case. - -Based on original patch from Vegard Nossum <vegard.nos...@oracle.com> -modified for the case that apparmor provides null termination. - -Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a -Reported-by: Vegard Nossum <vegard.nos...@oracle.com> -Cc: Al Viro <v...@zeniv.linux.org.uk> -Cc: John Johansen <john.johan...@canonical.com> -Cc: Paul Moore <p...@paul-moore.com> -Cc: Stephen Smalley <s...@tycho.nsa.gov> -Cc: Eric Paris <epa...@parisplace.org> -Cc: Casey Schaufler <ca...@schaufler-ca.com> -Cc: sta...@kernel.org -Signed-off-by: John Johansen <john.johan...@canonical.com> -Reviewed-by: Tyler Hicks <tyhi...@canonical.com> -Signed-off-by: James Morris <james.l.mor...@oracle.com> -Acked-by: Takashi Iwai <ti...@suse.de> - ---- - security/apparmor/lsm.c | 36 +++++++++++++++++++----------------- - 1 file changed, 19 insertions(+), 17 deletions(-) - ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -524,34 +524,34 @@ static int apparmor_setprocattr(struct t - { - struct common_audit_data sa; - struct apparmor_audit_data aad = {0,}; -- char *command, *args = value; -+ char *command, *largs = NULL, *args = value; - size_t arg_size; - int error; - - if (size == 0) - return -EINVAL; -- /* args points to a PAGE_SIZE buffer, AppArmor requires that -- * the buffer must be null terminated or have size <= PAGE_SIZE -1 -- * so that AppArmor can null terminate them -- */ -- if (args[size - 1] != '\0') { -- if (size == PAGE_SIZE) -- return -EINVAL; -- args[size] = '\0'; -- } -- - /* task can only write its own attributes */ - if (current != task) - return -EACCES; - -- args = value; -+ /* AppArmor requires that the buffer must be null terminated atm */ -+ if (args[size - 1] != '\0') { -+ /* null terminate */ -+ largs = args = kmalloc(size + 1, GFP_KERNEL); -+ if (!args) -+ return -ENOMEM; -+ memcpy(args, value, size); -+ args[size] = '\0'; -+ } -+ -+ error = -EINVAL; - args = strim(args); - command = strsep(&args, " "); - if (!args) -- return -EINVAL; -+ goto out; - args = skip_spaces(args); - if (!*args) -- return -EINVAL; -+ goto out; - - arg_size = size - (args - (char *) value); - if (strcmp(name, "current") == 0) { -@@ -577,10 +577,12 @@ static int apparmor_setprocattr(struct t - goto fail; - } else - /* only support the "current" and "exec" process attributes */ -- return -EINVAL; -+ goto fail; - - if (!error) - error = size; -+out: -+ kfree(largs); - return error; - - fail: -@@ -589,9 +591,9 @@ fail: - aad.profile = aa_current_profile(); - aad.op = OP_SETPROCATTR; - aad.info = name; -- aad.error = -EINVAL; -+ aad.error = error = -EINVAL; - aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL); -- return -EINVAL; -+ goto out; - } - - static int apparmor_task_setrlimit(struct task_struct *task, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/base-make-module_create_drivers_dir-race-free.patch new/patches.fixes/base-make-module_create_drivers_dir-race-free.patch --- old/patches.fixes/base-make-module_create_drivers_dir-race-free.patch 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/base-make-module_create_drivers_dir-race-free.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,86 +0,0 @@ -From: Jiri Slaby <jsl...@suse.cz> -Date: Fri, 10 Jun 2016 10:54:32 +0200 -Subject: base: make module_create_drivers_dir race-free -Git-commit: 7e1b1fc4dabd6ec8e28baa0708866e13fa93c9b3 -Patch-mainline: v4.7-rc4 -References: bnc#983977 - -Modules which register drivers via standard path (driver_register) in -parallel can cause a warning: -WARNING: CPU: 2 PID: 3492 at ../fs/sysfs/dir.c:31 sysfs_warn_dup+0x62/0x80 -sysfs: cannot create duplicate filename '/module/saa7146/drivers' -Modules linked in: hexium_gemini(+) mxb(+) ... -... -Call Trace: -... - [<ffffffff812e63a2>] sysfs_warn_dup+0x62/0x80 - [<ffffffff812e6487>] sysfs_create_dir_ns+0x77/0x90 - [<ffffffff8140f2c4>] kobject_add_internal+0xb4/0x340 - [<ffffffff8140f5b8>] kobject_add+0x68/0xb0 - [<ffffffff8140f631>] kobject_create_and_add+0x31/0x70 - [<ffffffff8157a703>] module_add_driver+0xc3/0xd0 - [<ffffffff8155e5d4>] bus_add_driver+0x154/0x280 - [<ffffffff815604c0>] driver_register+0x60/0xe0 - [<ffffffff8145bed0>] __pci_register_driver+0x60/0x70 - [<ffffffffa0273e14>] saa7146_register_extension+0x64/0x90 [saa7146] - [<ffffffffa0033011>] hexium_init_module+0x11/0x1000 [hexium_gemini] -... - -As can be (mostly) seen, driver_register causes this call sequence: - -> bus_add_driver - -> module_add_driver - -> module_create_drivers_dir -The last one creates "drivers" directory in /sys/module/<...>. When -this is done in parallel, the directory is attempted to be created -twice at the same time. - -This can be easily reproduced by loading mxb and hexium_gemini in -parallel: -while :; do - modprobe mxb & - modprobe hexium_gemini - wait - rmmod mxb hexium_gemini saa7146_vv saa7146 -done - -saa7146 calls pci_register_driver for both mxb and hexium_gemini, -which means /sys/module/saa7146/drivers is to be created for both of -them. - -Fix this by a new mutex in module_create_drivers_dir which makes the -test-and-create "drivers" dir atomic. - -I inverted the condition and removed 'return' to avoid multiple -unlocks or a goto. - -Signed-off-by: Jiri Slaby <jsl...@suse.cz> -Fixes: fe480a2675ed (Modules: only add drivers/ direcory if needed) -Cc: v2.6.21+ <sta...@vger.kernel.org> -Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> ---- - drivers/base/module.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/drivers/base/module.c b/drivers/base/module.c -index db930d3ee312..2a215780eda2 100644 ---- a/drivers/base/module.c -+++ b/drivers/base/module.c -@@ -24,10 +24,12 @@ static char *make_driver_name(struct device_driver *drv) - - static void module_create_drivers_dir(struct module_kobject *mk) - { -- if (!mk || mk->drivers_dir) -- return; -+ static DEFINE_MUTEX(drivers_dir_mutex); - -- mk->drivers_dir = kobject_create_and_add("drivers", &mk->kobj); -+ mutex_lock(&drivers_dir_mutex); -+ if (mk && !mk->drivers_dir) -+ mk->drivers_dir = kobject_create_and_add("drivers", &mk->kobj); -+ mutex_unlock(&drivers_dir_mutex); - } - - void module_add_driver(struct module *mod, struct device_driver *drv) --- -2.9.0 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch new/patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch --- old/patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch 2016-07-25 09:22:34.000000000 +0200 @@ -0,0 +1,482 @@ +From: Florian Westphal <f...@strlen.de> +Date: Thu, 14 Jul 2016 17:51:26 +0200 +Subject: netfilter: x_tables: speed up jump target validation +Patch-mainline: Queued in subsystem maintainer repository (target: v4.8-rc1) +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git +Git-commit: f4dc77713f8016d2e8a3295e1c9c53a21f296def +References: CVE-2016-4997 bsc#986362 + +The dummy ruleset I used to test the original validation change was broken, +most rules were unreachable and were not tested by mark_source_chains(). + +In some cases rulesets that used to load in a few seconds now require +several minutes. + +sample ruleset that shows the behaviour: + +echo "*filter" +for i in $(seq 0 100000);do + printf ":chain_%06x - [0:0]\n" $i +done +for i in $(seq 0 100000);do + printf -- "-A INPUT -j chain_%06x\n" $i + printf -- "-A INPUT -j chain_%06x\n" $i + printf -- "-A INPUT -j chain_%06x\n" $i +done +echo COMMIT + +[ pipe result into iptables-restore ] + +This ruleset will be about 74mbyte in size, with ~500k searches +though all 500k[1] rule entries. iptables-restore will take forever +(gave up after 10 minutes) + +Instead of always searching the entire blob for a match, fill an +array with the start offsets of every single ipt_entry struct, +then do a binary search to check if the jump target is present or not. + +After this change ruleset restore times get again close to what one +gets when reverting 36472341017529e (~3 seconds on my workstation). + +[1] every user-defined rule gets an implicit RETURN, so we get +300k jumps + 100k userchains + 100k returns -> 500k rule entries + +Fixes: 36472341017529e ("netfilter: x_tables: validate targets of jumps") +Reported-by: Jeff Wu <wuji...@gmail.com> +Tested-by: Jeff Wu <wuji...@gmail.com> +Signed-off-by: Florian Westphal <f...@strlen.de> +Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org> +Acked-by: Michal Kubecek <mkube...@suse.cz> + +--- + include/linux/netfilter/x_tables.h | 4 +++ + net/ipv4/netfilter/arp_tables.c | 47 ++++++++++++++++++----------------- + net/ipv4/netfilter/ip_tables.c | 45 ++++++++++++++++++---------------- + net/ipv6/netfilter/ip6_tables.c | 45 ++++++++++++++++++---------------- + net/netfilter/x_tables.c | 50 ++++++++++++++++++++++++++++++++++++++ + 5 files changed, 127 insertions(+), 64 deletions(-) + +diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h +index dc4f58a3cdcc..5f968a3d91ed 100644 +--- a/include/linux/netfilter/x_tables.h ++++ b/include/linux/netfilter/x_tables.h +@@ -246,6 +246,10 @@ int xt_check_entry_offsets(const void *base, const char *elems, + unsigned int target_offset, + unsigned int next_offset); + ++unsigned int *xt_alloc_entry_offsets(unsigned int size); ++bool xt_find_jump_offset(const unsigned int *offsets, ++ unsigned int target, unsigned int size); ++ + int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto, + bool inv_proto); + int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto, +diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c +index 2033f929aa66..9a971e351865 100644 +--- a/net/ipv4/netfilter/arp_tables.c ++++ b/net/ipv4/netfilter/arp_tables.c +@@ -300,23 +300,12 @@ static inline bool unconditional(const struct arpt_entry *e) + memcmp(&e->arp, &uncond, sizeof(uncond)) == 0; + } + +-static bool find_jump_target(const struct xt_table_info *t, +- const struct arpt_entry *target) +-{ +- struct arpt_entry *iter; +- +- xt_entry_foreach(iter, t->entries, t->size) { +- if (iter == target) +- return true; +- } +- return false; +-} +- + /* Figures out from what hook each rule can be called: returns 0 if + * there are loops. Puts hook bitmask in comefrom. + */ + static int mark_source_chains(const struct xt_table_info *newinfo, +- unsigned int valid_hooks, void *entry0) ++ unsigned int valid_hooks, void *entry0, ++ unsigned int *offsets) + { + unsigned int hook; + +@@ -389,10 +378,11 @@ static int mark_source_chains(const struct xt_table_info *newinfo, + XT_STANDARD_TARGET) == 0 && + newpos >= 0) { + /* This a jump; chase it. */ ++ if (!xt_find_jump_offset(offsets, newpos, ++ newinfo->number)) ++ return 0; + e = (struct arpt_entry *) + (entry0 + newpos); +- if (!find_jump_target(newinfo, e)) +- return 0; + } else { + /* ... this is a fallthru */ + newpos = pos + e->next_offset; +@@ -544,6 +534,7 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0, + const struct arpt_replace *repl) + { + struct arpt_entry *iter; ++ unsigned int *offsets; + unsigned int i; + int ret = 0; + +@@ -556,6 +547,9 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0, + newinfo->underflow[i] = 0xFFFFFFFF; + } + ++ offsets = xt_alloc_entry_offsets(newinfo->number); ++ if (!offsets) ++ return -ENOMEM; + i = 0; + + /* Walk through entries, checking offsets. */ +@@ -566,17 +560,20 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0, + repl->underflow, + repl->valid_hooks); + if (ret != 0) +- break; ++ goto out_free; ++ if (i < repl->num_entries) ++ offsets[i] = (void *)iter - entry0; + ++i; + if (strcmp(arpt_get_target(iter)->u.user.name, + XT_ERROR_TARGET) == 0) + ++newinfo->stacksize; + } + if (ret != 0) +- return ret; ++ goto out_free; + ++ ret = -EINVAL; + if (i != repl->num_entries) +- return -EINVAL; ++ goto out_free; + + /* Check hooks all assigned */ + for (i = 0; i < NF_ARP_NUMHOOKS; i++) { +@@ -584,13 +581,16 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0, + if (!(repl->valid_hooks & (1 << i))) + continue; + if (newinfo->hook_entry[i] == 0xFFFFFFFF) +- return -EINVAL; ++ goto out_free; + if (newinfo->underflow[i] == 0xFFFFFFFF) +- return -EINVAL; ++ goto out_free; + } + +- if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) +- return -ELOOP; ++ if (!mark_source_chains(newinfo, repl->valid_hooks, entry0, offsets)) { ++ ret = -ELOOP; ++ goto out_free; ++ } ++ kvfree(offsets); + + /* Finally, each sanity check must pass */ + i = 0; +@@ -611,6 +611,9 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0, + } + + return ret; ++ out_free: ++ kvfree(offsets); ++ return ret; + } + + static void get_counters(const struct xt_table_info *t, +diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c +index 54906e0e8e0c..1c909f37f4af 100644 +--- a/net/ipv4/netfilter/ip_tables.c ++++ b/net/ipv4/netfilter/ip_tables.c +@@ -375,23 +375,12 @@ ipt_do_table(struct sk_buff *skb, + else return verdict; + } + +-static bool find_jump_target(const struct xt_table_info *t, +- const struct ipt_entry *target) +-{ +- struct ipt_entry *iter; +- +- xt_entry_foreach(iter, t->entries, t->size) { +- if (iter == target) +- return true; +- } +- return false; +-} +- + /* Figures out from what hook each rule can be called: returns 0 if + there are loops. Puts hook bitmask in comefrom. */ + static int + mark_source_chains(const struct xt_table_info *newinfo, +- unsigned int valid_hooks, void *entry0) ++ unsigned int valid_hooks, void *entry0, ++ unsigned int *offsets) + { + unsigned int hook; + +@@ -460,10 +449,11 @@ mark_source_chains(const struct xt_table_info *newinfo, + XT_STANDARD_TARGET) == 0 && + newpos >= 0) { + /* This a jump; chase it. */ ++ if (!xt_find_jump_offset(offsets, newpos, ++ newinfo->number)) ++ return 0; + e = (struct ipt_entry *) + (entry0 + newpos); +- if (!find_jump_target(newinfo, e)) +- return 0; + } else { + /* ... this is a fallthru */ + newpos = pos + e->next_offset; +@@ -696,6 +686,7 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + const struct ipt_replace *repl) + { + struct ipt_entry *iter; ++ unsigned int *offsets; + unsigned int i; + int ret = 0; + +@@ -708,6 +699,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + newinfo->underflow[i] = 0xFFFFFFFF; + } + ++ offsets = xt_alloc_entry_offsets(newinfo->number); ++ if (!offsets) ++ return -ENOMEM; + i = 0; + /* Walk through entries, checking offsets. */ + xt_entry_foreach(iter, entry0, newinfo->size) { +@@ -717,15 +711,18 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + repl->underflow, + repl->valid_hooks); + if (ret != 0) +- return ret; ++ goto out_free; ++ if (i < repl->num_entries) ++ offsets[i] = (void *)iter - entry0; + ++i; + if (strcmp(ipt_get_target(iter)->u.user.name, + XT_ERROR_TARGET) == 0) + ++newinfo->stacksize; + } + ++ ret = -EINVAL; + if (i != repl->num_entries) +- return -EINVAL; ++ goto out_free; + + /* Check hooks all assigned */ + for (i = 0; i < NF_INET_NUMHOOKS; i++) { +@@ -733,13 +730,16 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + if (!(repl->valid_hooks & (1 << i))) + continue; + if (newinfo->hook_entry[i] == 0xFFFFFFFF) +- return -EINVAL; ++ goto out_free; + if (newinfo->underflow[i] == 0xFFFFFFFF) +- return -EINVAL; ++ goto out_free; + } + +- if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) +- return -ELOOP; ++ if (!mark_source_chains(newinfo, repl->valid_hooks, entry0, offsets)) { ++ ret = -ELOOP; ++ goto out_free; ++ } ++ kvfree(offsets); + + /* Finally, each sanity check must pass */ + i = 0; +@@ -760,6 +760,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + } + + return ret; ++ out_free: ++ kvfree(offsets); ++ return ret; + } + + static void +diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c +index 63e06c3dd319..48b3d5677dd3 100644 +--- a/net/ipv6/netfilter/ip6_tables.c ++++ b/net/ipv6/netfilter/ip6_tables.c +@@ -402,23 +402,12 @@ ip6t_do_table(struct sk_buff *skb, + else return verdict; + } + +-static bool find_jump_target(const struct xt_table_info *t, +- const struct ip6t_entry *target) +-{ +- struct ip6t_entry *iter; +- +- xt_entry_foreach(iter, t->entries, t->size) { +- if (iter == target) +- return true; +- } +- return false; +-} +- + /* Figures out from what hook each rule can be called: returns 0 if + there are loops. Puts hook bitmask in comefrom. */ + static int + mark_source_chains(const struct xt_table_info *newinfo, +- unsigned int valid_hooks, void *entry0) ++ unsigned int valid_hooks, void *entry0, ++ unsigned int *offsets) + { + unsigned int hook; + +@@ -487,10 +476,11 @@ mark_source_chains(const struct xt_table_info *newinfo, + XT_STANDARD_TARGET) == 0 && + newpos >= 0) { + /* This a jump; chase it. */ ++ if (!xt_find_jump_offset(offsets, newpos, ++ newinfo->number)) ++ return 0; + e = (struct ip6t_entry *) + (entry0 + newpos); +- if (!find_jump_target(newinfo, e)) +- return 0; + } else { + /* ... this is a fallthru */ + newpos = pos + e->next_offset; +@@ -724,6 +714,7 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + const struct ip6t_replace *repl) + { + struct ip6t_entry *iter; ++ unsigned int *offsets; + unsigned int i; + int ret = 0; + +@@ -736,6 +727,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + newinfo->underflow[i] = 0xFFFFFFFF; + } + ++ offsets = xt_alloc_entry_offsets(newinfo->number); ++ if (!offsets) ++ return -ENOMEM; + i = 0; + /* Walk through entries, checking offsets. */ + xt_entry_foreach(iter, entry0, newinfo->size) { +@@ -745,15 +739,18 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + repl->underflow, + repl->valid_hooks); + if (ret != 0) +- return ret; ++ goto out_free; ++ if (i < repl->num_entries) ++ offsets[i] = (void *)iter - entry0; + ++i; + if (strcmp(ip6t_get_target(iter)->u.user.name, + XT_ERROR_TARGET) == 0) + ++newinfo->stacksize; + } + ++ ret = -EINVAL; + if (i != repl->num_entries) +- return -EINVAL; ++ goto out_free; + + /* Check hooks all assigned */ + for (i = 0; i < NF_INET_NUMHOOKS; i++) { +@@ -761,13 +758,16 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + if (!(repl->valid_hooks & (1 << i))) + continue; + if (newinfo->hook_entry[i] == 0xFFFFFFFF) +- return -EINVAL; ++ goto out_free; + if (newinfo->underflow[i] == 0xFFFFFFFF) +- return -EINVAL; ++ goto out_free; + } + +- if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) +- return -ELOOP; ++ if (!mark_source_chains(newinfo, repl->valid_hooks, entry0, offsets)) { ++ ret = -ELOOP; ++ goto out_free; ++ } ++ kvfree(offsets); + + /* Finally, each sanity check must pass */ + i = 0; +@@ -788,6 +788,9 @@ translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, + } + + return ret; ++ out_free: ++ kvfree(offsets); ++ return ret; + } + + static void +diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c +index 2675d580c490..95e044a5ce51 100644 +--- a/net/netfilter/x_tables.c ++++ b/net/netfilter/x_tables.c +@@ -702,6 +702,56 @@ int xt_check_entry_offsets(const void *base, + } + EXPORT_SYMBOL(xt_check_entry_offsets); + ++/** ++ * xt_alloc_entry_offsets - allocate array to store rule head offsets ++ * ++ * @size: number of entries ++ * ++ * Return: NULL or kmalloc'd or vmalloc'd array ++ */ ++unsigned int *xt_alloc_entry_offsets(unsigned int size) ++{ ++ unsigned int *off; ++ ++ off = kcalloc(size, sizeof(unsigned int), GFP_KERNEL | __GFP_NOWARN); ++ ++ if (off) ++ return off; ++ ++ if (size < (SIZE_MAX / sizeof(unsigned int))) ++ off = vmalloc(size * sizeof(unsigned int)); ++ ++ return off; ++} ++EXPORT_SYMBOL(xt_alloc_entry_offsets); ++ ++/** ++ * xt_find_jump_offset - check if target is a valid jump offset ++ * ++ * @offsets: array containing all valid rule start offsets of a rule blob ++ * @target: the jump target to search for ++ * @size: entries in @offset ++ */ ++bool xt_find_jump_offset(const unsigned int *offsets, ++ unsigned int target, unsigned int size) ++{ ++ int m, low = 0, hi = size; ++ ++ while (hi > low) { ++ m = (low + hi) / 2u; ++ ++ if (offsets[m] > target) ++ hi = m; ++ else if (offsets[m] < target) ++ low = m + 1; ++ else ++ return true; ++ } ++ ++ return false; ++} ++EXPORT_SYMBOL(xt_find_jump_offset); ++ + int xt_check_target(struct xt_tgchk_param *par, + unsigned int size, u_int8_t proto, bool inv_proto) + { +-- +2.9.2 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch new/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch --- old/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,33 +0,0 @@ -From: Kangjie Lu <kangji...@gmail.com> -Date: Thu, 2 Jun 2016 04:11:20 -0400 -Subject: rds: fix an infoleak in rds_inc_info_copy -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git -Git-commit: 4116def2337991b39919f3b448326e21c40e0dbb -Patch-mainline: Queued in davem's tree -References: bsc#983213 CVE-2016-5244 - -The last field "flags" of object "minfo" is not initialized. -Copying this object out may leak kernel stack data. -Assign 0 to it to avoid leak. - -Signed-off-by: Kangjie Lu <k...@gatech.edu> -Acked-by: Santosh Shilimkar <santosh.shilim...@oracle.com> -Signed-off-by: David S. Miller <da...@davemloft.net> -Acked-by: Borislav Petkov <b...@suse.de> ---- - net/rds/recv.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/net/rds/recv.c b/net/rds/recv.c -index c0be1ecd11c9..8413f6c99e13 100644 ---- a/net/rds/recv.c -+++ b/net/rds/recv.c -@@ -561,5 +561,7 @@ void rds_inc_info_copy(struct rds_incoming *inc, - minfo.fport = inc->i_hdr.h_dport; - } - -+ minfo.flags = 0; -+ - rds_info_copy(iter, &minfo, sizeof(minfo)); - } - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/rtlwifi-Fix-scheduling-while-atomic-error-from-commi new/patches.fixes/rtlwifi-Fix-scheduling-while-atomic-error-from-commi --- old/patches.fixes/rtlwifi-Fix-scheduling-while-atomic-error-from-commi 2016-07-15 10:08:50.000000000 +0200 +++ new/patches.fixes/rtlwifi-Fix-scheduling-while-atomic-error-from-commi 1970-01-01 01:00:00.000000000 +0100 @@ -1,71 +0,0 @@ -From de26859dcf363d520cc44e59f6dcaf20ebe0aadf Mon Sep 17 00:00:00 2001 -From: Larry Finger <larry.fin...@lwfinger.net> -Date: Sat, 21 May 2016 11:50:35 -0500 -Subject: [PATCH] rtlwifi: Fix scheduling while atomic error from commit 49f86ec21c01 -Patch-mainline: Queued in subsystem maintainer repository -Git-commit: de26859dcf363d520cc44e59f6dcaf20ebe0aadf -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git -References: boo#983036 - -Commit 49f86ec21c01 ("rtlwifi: Change long delays to sleeps") was correct -for most cases; however, driver rtl8192ce calls the affected routines while -in atomic context. The kernel bug output is as follows: - -Bug: scheduling while atomic: wpa_supplicant/627/0x00000002 -[...] - [<ffffffff815c2b39>] __schedule+0x899/0xad0 - [<ffffffff815c2dac>] schedule+0x3c/0x90 - [<ffffffff815c5bb2>] schedule_hrtimeout_range_clock+0xa2/0x120 - [<ffffffff810e8b80>] ? hrtimer_init+0x120/0x120 - [<ffffffff815c5ba6>] ? schedule_hrtimeout_range_clock+0x96/0x120 - [<ffffffff815c5c43>] schedule_hrtimeout_range+0x13/0x20 - [<ffffffff815c568f>] usleep_range+0x4f/0x70 - [<ffffffffa0667218>] rtl_rfreg_delay+0x38/0x50 [rtlwifi] - [<ffffffffa06dd0e7>] rtl92c_phy_config_rf_with_headerfile+0xc7/0xe0 [rtl8192ce] - -To fix this bug, three of the changes from delay to sleep are reverted. -Unfortunately, one of the changes involves a delay of 50 msec. The calling -code will be modified so that this long delay can be avoided; however, -this change is being pushed now to fix the problem in kernel 4.6.0. - -Fixes: 49f86ec21c01 ("rtlwifi: Change long delays to sleeps") -Reported-by: James Feeney <ja...@nurealm.net> -Signed-off-by: Larry Finger <larry.fin...@lwfinger.net> -Cc: James Feeney <ja...@nurealm.net> -Cc: Stable <sta...@vger.kernel.org> [4.6+] -Signed-off-by: Kalle Valo <kv...@codeaurora.org> -Acked-by: Takashi Iwai <ti...@suse.de> - ---- - drivers/net/wireless/realtek/rtlwifi/core.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/drivers/net/wireless/realtek/rtlwifi/core.c -+++ b/drivers/net/wireless/realtek/rtlwifi/core.c -@@ -54,7 +54,7 @@ EXPORT_SYMBOL(channel5g_80m); - void rtl_addr_delay(u32 addr) - { - if (addr == 0xfe) -- msleep(50); -+ mdelay(50); - else if (addr == 0xfd) - msleep(5); - else if (addr == 0xfc) -@@ -75,7 +75,7 @@ void rtl_rfreg_delay(struct ieee80211_hw - rtl_addr_delay(addr); - } else { - rtl_set_rfreg(hw, rfpath, addr, mask, data); -- usleep_range(1, 2); -+ udelay(1); - } - } - EXPORT_SYMBOL(rtl_rfreg_delay); -@@ -86,7 +86,7 @@ void rtl_bb_delay(struct ieee80211_hw *h - rtl_addr_delay(addr); - } else { - rtl_set_bbreg(hw, addr, MASKDWORD, data); -- usleep_range(1, 2); -+ udelay(1); - } - } - EXPORT_SYMBOL(rtl_bb_delay); ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 15402 lines of diff (skipped) ++++++ patches.rpmify.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/drm-amd-add-kconfig-dependency-for-acp-on-drm_amdgpu new/patches.rpmify/drm-amd-add-kconfig-dependency-for-acp-on-drm_amdgpu --- old/patches.rpmify/drm-amd-add-kconfig-dependency-for-acp-on-drm_amdgpu 2016-05-24 20:15:00.000000000 +0200 +++ new/patches.rpmify/drm-amd-add-kconfig-dependency-for-acp-on-drm_amdgpu 1970-01-01 01:00:00.000000000 +0100 @@ -1,28 +0,0 @@ -From: Jeff Mahoney <je...@suse.com> -Date: Tue, 24 May 2016 10:46:59 -0400 -Subject: drm/amd: add Kconfig dependency for ACP on DRM_AMDGPU -Patch-mainline: Submitted to dri-devel, 24 May 2016 - -The DRM_AMD_ACP option doesn't have any dependencies and selects -MFD_CORE, which results in MFD_CORE=y. Since the code is only called -from DRM_AMDGPU, it should depend on it. Adding the dependency results -in MFD_CORE being selected as a module again if amdgpu is also a module. - -Signed-off-by: Jeff Mahoney <je...@suse.com> ---- - drivers/gpu/drm/amd/acp/Kconfig | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/drivers/gpu/drm/amd/acp/Kconfig b/drivers/gpu/drm/amd/acp/Kconfig -index ca77ec1..e503e3d 100644 ---- a/drivers/gpu/drm/amd/acp/Kconfig -+++ b/drivers/gpu/drm/amd/acp/Kconfig -@@ -2,6 +2,7 @@ menu "ACP (Audio CoProcessor) Configuration" - - config DRM_AMD_ACP - bool "Enable AMD Audio CoProcessor IP support" -+ depends on DRM_AMDGPU - select MFD_CORE - select PM_GENERIC_DOMAINS if PM - help - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/i915-fix-build-error-with-werror new/patches.rpmify/i915-fix-build-error-with-werror --- old/patches.rpmify/i915-fix-build-error-with-werror 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.rpmify/i915-fix-build-error-with-werror 2016-07-04 17:30:35.000000000 +0200 @@ -0,0 +1,27 @@ +From: Jeff Mahoney <je...@suse.com> +Subject: i915: fix build error with -Werror +Patch-mainline: submitted 4 July 2016 + +This fixes the following build error with -Werror and gcc 6.1: + +drivers/gpu/drm/i915/i915_debugfs.c:2103:6: error: suggest explicit braces to avoid ambiguous 'else' [-Werror=parentheses] + +Signed-off-by: Jeff Mahoney <je...@suse.com> +--- + drivers/gpu/drm/i915/i915_debugfs.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/gpu/drm/i915/i915_debugfs.c ++++ b/drivers/gpu/drm/i915/i915_debugfs.c +@@ -2100,9 +2100,10 @@ static int i915_dump_lrc(struct seq_file + return ret; + + list_for_each_entry(ctx, &dev_priv->context_list, link) +- if (ctx != dev_priv->kernel_context) ++ if (ctx != dev_priv->kernel_context) { + for_each_engine(engine, dev_priv) + i915_dump_lrc_obj(m, ctx, engine); ++ } + + mutex_unlock(&dev->struct_mutex); + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/lightnvm-warning-fixes.patch new/patches.rpmify/lightnvm-warning-fixes.patch --- old/patches.rpmify/lightnvm-warning-fixes.patch 2016-05-24 20:15:00.000000000 +0200 +++ new/patches.rpmify/lightnvm-warning-fixes.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -From: Jeff Mahoney <je...@suse.com> -Subject: lightnvm: fix "warning: ‘ret’ may be used uninitialized" -Patch-mainline: Submitted to linux-block, 4 Apr 2016 - -This fixes the following warnings: -drivers/lightnvm/sysblk.c:125:9: warning: ‘ret’ may be used -uninitialized in this function - -drivers/lightnvm/sysblk.c:275:15: warning: ‘ret’ may be used -uninitialized in this function - -In both cases, ret is only set from within a loop that may not be entered. - -Signed-off-by: Jeff Mahoney <je...@suse.com> ---- - - drivers/lightnvm/sysblk.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/drivers/lightnvm/sysblk.c -+++ b/drivers/lightnvm/sysblk.c -@@ -122,7 +122,7 @@ static int nvm_get_all_sysblks(struct nv - struct ppa_addr *ppas, nvm_bb_update_fn *fn) - { - struct ppa_addr dppa; -- int i, ret; -+ int i, ret = 0; - - s->nr_ppas = 0; - -@@ -272,7 +272,7 @@ static int nvm_write_and_verify(struct n - { - struct nvm_system_block nvmsb; - void *buf; -- int i, sect, ret, bufsz; -+ int i, sect, ret = 0, bufsz; - struct ppa_addr *ppas; - - nvm_cpu_to_sysblk(&nvmsb, info); - ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-advertise-which-crc32c-implementation-is-being-used-on-mount new/patches.suse/btrfs-advertise-which-crc32c-implementation-is-being-used-on-mount --- old/patches.suse/btrfs-advertise-which-crc32c-implementation-is-being-used-on-mount 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/btrfs-advertise-which-crc32c-implementation-is-being-used-on-mount 1970-01-01 01:00:00.000000000 +0100 @@ -1,33 +0,0 @@ -From: Jeff Mahoney <je...@suse.com> -Subject: btrfs: advertise which crc32c implementation is being used on mount -References: bsc#946057 -Patch-mainline: Submitted to linux-btrfs, 16 Sep 2015 - -Since several architectures support hardware-accelerated crc32c -calculation, it would be nice to confirm that btrfs is actually using it. - -We can see an elevated use count for the module, but it doesn't actually -show who the users are. This patch simply prints the name of the driver -after successfully initializing the shash. - -Signed-off-by: Jeff Mahoney <je...@suse.com> ---- - fs/btrfs/hash.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - ---- a/fs/btrfs/hash.c -+++ b/fs/btrfs/hash.c -@@ -20,8 +20,12 @@ static struct crypto_shash *tfm; - int __init btrfs_hash_init(void) - { - tfm = crypto_alloc_shash("crc32c", 0, 0); -+ if (IS_ERR(tfm)) -+ return PTR_ERR(tfm); - -- return PTR_ERR_OR_ZERO(tfm); -+ printk("BTRFS: using %s for crc32c\n", -+ crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm))); -+ return 0; - } - - void btrfs_hash_exit(void) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/cifs-use-file_dentry.patch new/patches.suse/cifs-use-file_dentry.patch --- old/patches.suse/cifs-use-file_dentry.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/cifs-use-file_dentry.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,57 +0,0 @@ -From: Goldwyn Rodrigues <rgold...@suse.com> -Subject: [PATCH] cifs: Use file_dentry() -References: bsc#974527 -Patch-mainline: Submitted, http://permalink.gmane.org/gmane.linux.kernel.cifs/11835 - -CIFS may be used as lower layer of overlayfs and accessing f_path.dentry can -lead to a crash. - -Fix by replacing direct access of file->f_path.dentry with the -file_dentry() accessor, which will always return a native object. - -Signed-off-by: Goldwyn Rodrigues <rgold...@suse.com> - -diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index c03d074..489ddc7 100644 ---- a/fs/cifs/file.c -+++ b/fs/cifs/file.c -@@ -271,7 +271,7 @@ struct cifsFileInfo * - cifs_new_fileinfo(struct cifs_fid *fid, struct file *file, - struct tcon_link *tlink, __u32 oplock) - { -- struct dentry *dentry = file->f_path.dentry; -+ struct dentry *dentry = file_dentry(file); - struct inode *inode = d_inode(dentry); - struct cifsInodeInfo *cinode = CIFS_I(inode); - struct cifsFileInfo *cfile; -@@ -461,7 +461,7 @@ int cifs_open(struct inode *inode, struct file *file) - tcon = tlink_tcon(tlink); - server = tcon->ses->server; - -- full_path = build_path_from_dentry(file->f_path.dentry); -+ full_path = build_path_from_dentry(file_dentry(file)); - if (full_path == NULL) { - rc = -ENOMEM; - goto out; -diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c -index b30a4a6..8806584 100644 ---- a/fs/cifs/readdir.c -+++ b/fs/cifs/readdir.c -@@ -300,7 +300,7 @@ initiate_cifs_search(const unsigned int xid, struct file *file) - cifsFile->invalidHandle = true; - cifsFile->srch_inf.endOfSearch = false; - -- full_path = build_path_from_dentry(file->f_path.dentry); -+ full_path = build_path_from_dentry(file_dentry(file)); - if (full_path == NULL) { - rc = -ENOMEM; - goto error_exit; -@@ -759,7 +759,7 @@ static int cifs_filldir(char *find_entry, struct file *file, - */ - fattr.cf_flags |= CIFS_FATTR_NEED_REVAL; - -- cifs_prime_dcache(file->f_path.dentry, &name, &fattr); -+ cifs_prime_dcache(file_dentry(file), &name, &fattr); - - ino = cifs_uniqueid_to_ino_t(fattr.cf_uniqueid); - return !dir_emit(ctx, name.name, name.len, ino, fattr.cf_dtype); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/dm-mpath-no-partitions-feature new/patches.suse/dm-mpath-no-partitions-feature --- old/patches.suse/dm-mpath-no-partitions-feature 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/dm-mpath-no-partitions-feature 2016-06-28 14:20:35.000000000 +0200 @@ -1,7 +1,7 @@ From: Hannes Reinecke <h...@suse.de> Subject: Disable partitions scan for multipathed devices References: bnc#402922,bnc#514767 -Patch-mainline: not yet +Patch-mainline: not yet, unsure why. hannes? When multipath devices are being used as disks for VM Guests any partition scanning / setup should be done within the VM Guest, @@ -13,55 +13,48 @@ Patch ported to SLES11. +[Update jeffm: Upstream commit 518257b13276 switched to using a flags + field for multipath state, so we can use that now.] + Signed-off-by: Hannes Reinecke <h...@suse.de> --- - drivers/md/dm-mpath.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) + drivers/md/dm-mpath.c | 8 ++++++++ + 1 file changed, 8 insertions(+) --- a/drivers/md/dm-mpath.c +++ b/drivers/md/dm-mpath.c -@@ -61,6 +61,8 @@ struct priority_group { - bool bypassed:1; /* Temporarily bypass this PG? */ - }; - -+#define FEATURE_NO_PARTITIONS 1 -+ - /* Multipath context */ - struct multipath { - struct list_head list; -@@ -94,6 +96,7 @@ struct multipath { - unsigned pg_init_retries; /* Number of times to retry pg_init */ - unsigned pg_init_count; /* Number of times pg_init called */ - unsigned pg_init_delay_msecs; /* Number of msecs before pg_init retry */ -+ unsigned features; /* Additional selected features */ - - struct work_struct trigger_event; +@@ -126,6 +126,7 @@ static void activate_path(struct work_st + #define MPATHF_PG_INIT_DISABLED 4 /* pg_init is not currently allowed */ + #define MPATHF_PG_INIT_REQUIRED 5 /* pg_init needs calling? */ + #define MPATHF_PG_INIT_DELAY_RETRY 6 /* Delay pg_init retry? */ ++#define MPATHF_NO_PARTITIONS 31 /* Don't scan partition table */ -@@ -812,6 +815,10 @@ static int parse_features(struct dm_arg_ + /*----------------------------------------------- + * Allocation routines +@@ -859,6 +860,10 @@ static int parse_features(struct dm_arg_ continue; } + if (!strcasecmp(arg_name, "no_partitions")) { -+ m->features |= FEATURE_NO_PARTITIONS; ++ set_bit(MPATHF_NO_PARTITIONS, &m->flags); + continue; + } if (!strcasecmp(arg_name, "pg_init_retries") && (argc >= 1)) { r = dm_read_arg(_args + 1, as, &m->pg_init_retries, &ti->error); -@@ -1413,11 +1420,14 @@ static void multipath_status(struct dm_t - DMEMIT("%u ", m->queue_if_no_path + +@@ -1454,11 +1459,14 @@ static void multipath_status(struct dm_t + DMEMIT("%u ", test_bit(MPATHF_QUEUE_IF_NO_PATH, &m->flags) + (m->pg_init_retries > 0) * 2 + (m->pg_init_delay_msecs != DM_PG_INIT_DELAY_DEFAULT) * 2 + -- m->retain_attached_hw_handler); -+ m->retain_attached_hw_handler + -+ (m->features & FEATURE_NO_PARTITIONS)); - if (m->queue_if_no_path) ++ test_bit(MPATHF_NO_PARTITIONS, &m->flags) + + test_bit(MPATHF_RETAIN_ATTACHED_HW_HANDLER, &m->flags)); + if (test_bit(MPATHF_QUEUE_IF_NO_PATH, &m->flags)) DMEMIT("queue_if_no_path "); if (m->pg_init_retries) DMEMIT("pg_init_retries %u ", m->pg_init_retries); -+ if (m->features & FEATURE_NO_PARTITIONS) ++ if (test_bit(MPATHF_NO_PARTITIONS, &m->flags)) + DMEMIT("no_partitions "); if (m->pg_init_delay_msecs != DM_PG_INIT_DELAY_DEFAULT) DMEMIT("pg_init_delay_msecs %u ", m->pg_init_delay_msecs); - if (m->retain_attached_hw_handler) + if (test_bit(MPATHF_RETAIN_ATTACHED_HW_HANDLER, &m->flags)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/pat-0001-x86-mm-pat-Add-support-of-non-default-PAT-MSR-settin.patch new/patches.suse/pat-0001-x86-mm-pat-Add-support-of-non-default-PAT-MSR-settin.patch --- old/patches.suse/pat-0001-x86-mm-pat-Add-support-of-non-default-PAT-MSR-settin.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/pat-0001-x86-mm-pat-Add-support-of-non-default-PAT-MSR-settin.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,203 +0,0 @@ -From: Toshi Kani <toshi.k...@hpe.com> -Date: Wed, 23 Mar 2016 15:41:57 -0600 -Patch-mainline: v4.7-rc1 -Subject: x86/mm/pat: Add support of non-default PAT MSR setting -Git-commit: 02f037d641dc6672be5cfe7875a48ab99b95b154 -Reference: bnc#982991, bnc#974257, bnc#982991 - -In preparation for fixing a regression caused by: - - 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled")' - -... PAT needs to support a case that PAT MSR is initialized with a -non-default value. - -When pat_init() is called and PAT is disabled, it initializes the -PAT table with the BIOS default value. Xen, however, sets PAT MSR -with a non-default value to enable WC. This causes inconsistency -between the PAT table and PAT MSR when PAT is set to disable on Xen. - -Change pat_init() to handle the PAT disable cases properly. Add -init_cache_modes() to handle two cases when PAT is set to disable. - - 1. CPU supports PAT: Set PAT table to be consistent with PAT MSR. - 2. CPU does not support PAT: Set PAT table to be consistent with - PWT and PCD bits in a PTE. - -Note, __init_cache_modes(), renamed from pat_init_cache_modes(), -will be changed to a static function in a later patch. - -Signed-off-by: Toshi Kani <toshi.k...@hpe.com> -Reviewed-by: Thomas Gleixner <t...@linutronix.de> -Cc: Andrew Morton <a...@linux-foundation.org> -Cc: Andy Lutomirski <l...@amacapital.net> -Cc: Borislav Petkov <b...@alien8.de> -Cc: Borislav Petkov <b...@suse.de> -Cc: Brian Gerst <brge...@gmail.com> -Cc: Denys Vlasenko <dvlas...@redhat.com> -Cc: H. Peter Anvin <h...@zytor.com> -Cc: Juergen Gross <jgr...@suse.com> -Cc: Linus Torvalds <torva...@linux-foundation.org> -Cc: Luis R. Rodriguez <mcg...@suse.com> -Cc: Peter Zijlstra <pet...@infradead.org> -Cc: Toshi Kani <toshi.k...@hp.com> -Cc: elli...@hpe.com -Cc: konrad.w...@oracle.com -Cc: paul.gortma...@windriver.com -Cc: xen-de...@lists.xenproject.org -Link: http://lkml.kernel.org/r/1458769323-24491-2-git-send-email-toshi.k...@hpe.com -Signed-off-by: Ingo Molnar <mi...@kernel.org> -Acked-by: <oher...@suse.de> ---- - arch/x86/include/asm/pat.h | 2 +- - arch/x86/mm/pat.c | 73 +++++++++++++++++++++++++++++++++------------- - arch/x86/xen/enlighten.c | 2 +- - 3 files changed, 55 insertions(+), 22 deletions(-) - -diff --git a/arch/x86/include/asm/pat.h b/arch/x86/include/asm/pat.h -index ca6c228..97ea55b 100644 ---- a/arch/x86/include/asm/pat.h -+++ b/arch/x86/include/asm/pat.h -@@ -6,7 +6,7 @@ - - bool pat_enabled(void); - extern void pat_init(void); --void pat_init_cache_modes(u64); -+void __init_cache_modes(u64); - - extern int reserve_memtype(u64 start, u64 end, - enum page_cache_mode req_pcm, enum page_cache_mode *ret_pcm); -diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c -index faec01e..b4663885 100644 ---- a/arch/x86/mm/pat.c -+++ b/arch/x86/mm/pat.c -@@ -181,7 +181,7 @@ static enum page_cache_mode pat_get_cache_mode(unsigned pat_val, char *msg) - * configuration. - * Using lower indices is preferred, so we start with highest index. - */ --void pat_init_cache_modes(u64 pat) -+void __init_cache_modes(u64 pat) - { - enum page_cache_mode cache; - char pat_msg[33]; -@@ -207,9 +207,6 @@ static void pat_bsp_init(u64 pat) - return; - } - -- if (!pat_enabled()) -- goto done; -- - rdmsrl(MSR_IA32_CR_PAT, tmp_pat); - if (!tmp_pat) { - pat_disable("PAT MSR is 0, disabled."); -@@ -218,15 +215,11 @@ static void pat_bsp_init(u64 pat) - - wrmsrl(MSR_IA32_CR_PAT, pat); - --done: -- pat_init_cache_modes(pat); -+ __init_cache_modes(pat); - } - - static void pat_ap_init(u64 pat) - { -- if (!pat_enabled()) -- return; -- - if (!cpu_has_pat) { - /* - * If this happens we are on a secondary CPU, but switched to -@@ -238,18 +231,32 @@ static void pat_ap_init(u64 pat) - wrmsrl(MSR_IA32_CR_PAT, pat); - } - --void pat_init(void) -+static void init_cache_modes(void) - { -- u64 pat; -- struct cpuinfo_x86 *c = &boot_cpu_data; -+ u64 pat = 0; -+ static int init_cm_done; - -- if (!pat_enabled()) { -+ if (init_cm_done) -+ return; -+ -+ if (boot_cpu_has(X86_FEATURE_PAT)) { -+ /* -+ * CPU supports PAT. Set PAT table to be consistent with -+ * PAT MSR. This case supports "nopat" boot option, and -+ * virtual machine environments which support PAT without -+ * MTRRs. In specific, Xen has unique setup to PAT MSR. -+ * -+ * If PAT MSR returns 0, it is considered invalid and emulates -+ * as No PAT. -+ */ -+ rdmsrl(MSR_IA32_CR_PAT, pat); -+ } -+ -+ if (!pat) { - /* - * No PAT. Emulate the PAT table that corresponds to the two -- * cache bits, PWT (Write Through) and PCD (Cache Disable). This -- * setup is the same as the BIOS default setup when the system -- * has PAT but the "nopat" boot option has been specified. This -- * emulated PAT table is used when MSR_IA32_CR_PAT returns 0. -+ * cache bits, PWT (Write Through) and PCD (Cache Disable). -+ * This setup is also the same as the BIOS default setup. - * - * PTE encoding: - * -@@ -266,10 +273,36 @@ void pat_init(void) - */ - pat = PAT(0, WB) | PAT(1, WT) | PAT(2, UC_MINUS) | PAT(3, UC) | - PAT(4, WB) | PAT(5, WT) | PAT(6, UC_MINUS) | PAT(7, UC); -+ } -+ -+ __init_cache_modes(pat); -+ -+ init_cm_done = 1; -+} -+ -+/** -+ * pat_init - Initialize PAT MSR and PAT table -+ * -+ * This function initializes PAT MSR and PAT table with an OS-defined value -+ * to enable additional cache attributes, WC and WT. -+ * -+ * This function must be called on all CPUs using the specific sequence of -+ * operations defined in Intel SDM. mtrr_rendezvous_handler() provides this -+ * procedure for PAT. -+ */ -+void pat_init(void) -+{ -+ u64 pat; -+ struct cpuinfo_x86 *c = &boot_cpu_data; -+ -+ if (!pat_enabled()) { -+ init_cache_modes(); -+ return; -+ } - -- } else if ((c->x86_vendor == X86_VENDOR_INTEL) && -- (((c->x86 == 0x6) && (c->x86_model <= 0xd)) || -- ((c->x86 == 0xf) && (c->x86_model <= 0x6)))) { -+ if ((c->x86_vendor == X86_VENDOR_INTEL) && -+ (((c->x86 == 0x6) && (c->x86_model <= 0xd)) || -+ ((c->x86 == 0xf) && (c->x86_model <= 0x6)))) { - /* - * PAT support with the lower four entries. Intel Pentium 2, - * 3, M, and 4 are affected by PAT errata, which makes the -diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 880862c..c469a7c 100644 ---- a/arch/x86/xen/enlighten.c -+++ b/arch/x86/xen/enlighten.c -@@ -1623,7 +1623,7 @@ asmlinkage __visible void __init xen_start_kernel(void) - * configuration. - */ - rdmsrl(MSR_IA32_CR_PAT, pat); -- pat_init_cache_modes(pat); -+ __init_cache_modes(pat); - - /* keep using Xen gdt for now; no urgent need to change it */ - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/pat-0002-x86-mm-pat-Add-pat_disable-interface.patch new/patches.suse/pat-0002-x86-mm-pat-Add-pat_disable-interface.patch --- old/patches.suse/pat-0002-x86-mm-pat-Add-pat_disable-interface.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/pat-0002-x86-mm-pat-Add-pat_disable-interface.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,92 +0,0 @@ -From: Toshi Kani <toshi.k...@hpe.com> -Date: Wed, 23 Mar 2016 15:41:58 -0600 -Patch-mainline: v4.7-rc1 -Subject: x86/mm/pat: Add pat_disable() interface -Git-commit: 224bb1e5d67ba0f2872c98002d6a6f991ac6fd4a -Reference: bnc#982991, bnc#974257, bnc#982991 - -In preparation for fixing a regression caused by: - - 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled") - -... PAT needs to provide an interface that prevents the OS from -initializing the PAT MSR. - -PAT MSR initialization must be done on all CPUs using the specific -sequence of operations defined in the Intel SDM. This requires MTRRs -to be enabled since pat_init() is called as part of MTRR init -from mtrr_rendezvous_handler(). - -Make pat_disable() as the interface that prevents the OS from -initializing the PAT MSR. MTRR will call this interface when it -cannot provide the SDM-defined sequence to initialize PAT. - -This also assures that pat_disable() called from pat_bsp_init() -will set the PAT table properly when CPU does not support PAT. - -Signed-off-by: Toshi Kani <toshi.k...@hpe.com> -Reviewed-by: Thomas Gleixner <t...@linutronix.de> -Cc: Andrew Morton <a...@linux-foundation.org> -Cc: Andy Lutomirski <l...@amacapital.net> -Cc: Borislav Petkov <b...@alien8.de> -Cc: Borislav Petkov <b...@suse.de> -Cc: Brian Gerst <brge...@gmail.com> -Cc: Denys Vlasenko <dvlas...@redhat.com> -Cc: H. Peter Anvin <h...@zytor.com> -Cc: Juergen Gross <jgr...@suse.com> -Cc: Linus Torvalds <torva...@linux-foundation.org> -Cc: Luis R. Rodriguez <mcg...@suse.com> -Cc: Peter Zijlstra <pet...@infradead.org> -Cc: Robert Elliott <elli...@hpe.com> -Cc: Toshi Kani <toshi.k...@hp.com> -Cc: konrad.w...@oracle.com -Cc: paul.gortma...@windriver.com -Cc: xen-de...@lists.xenproject.org -Link: http://lkml.kernel.org/r/1458769323-24491-3-git-send-email-toshi.k...@hpe.com -Signed-off-by: Ingo Molnar <mi...@kernel.org> -Acked-by: <oher...@suse.de> ---- - arch/x86/include/asm/pat.h | 1 + - arch/x86/mm/pat.c | 13 ++++++++++++- - 2 files changed, 13 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/include/asm/pat.h b/arch/x86/include/asm/pat.h -index 97ea55b..0ad356c 100644 ---- a/arch/x86/include/asm/pat.h -+++ b/arch/x86/include/asm/pat.h -@@ -5,6 +5,7 @@ - #include <asm/pgtable_types.h> - - bool pat_enabled(void); -+void pat_disable(const char *reason); - extern void pat_init(void); - void __init_cache_modes(u64); - -diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c -index b4663885..1cc1d37 100644 ---- a/arch/x86/mm/pat.c -+++ b/arch/x86/mm/pat.c -@@ -40,11 +40,22 @@ - static bool boot_cpu_done; - - static int __read_mostly __pat_enabled = IS_ENABLED(CONFIG_X86_PAT); -+static void init_cache_modes(void); - --static inline void pat_disable(const char *reason) -+void pat_disable(const char *reason) - { -+ if (!__pat_enabled) -+ return; -+ -+ if (boot_cpu_done) { -+ WARN_ONCE(1, "x86/PAT: PAT cannot be disabled after initialization\n"); -+ return; -+ } -+ - __pat_enabled = 0; - pr_info("x86/PAT: %s\n", reason); -+ -+ init_cache_modes(); - } - - static int __init nopat(char *str) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/pat-0003-x86-mm-pat-Replace-cpu_has_pat-with-boot_cpu_has.patch new/patches.suse/pat-0003-x86-mm-pat-Replace-cpu_has_pat-with-boot_cpu_has.patch --- old/patches.suse/pat-0003-x86-mm-pat-Replace-cpu_has_pat-with-boot_cpu_has.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/pat-0003-x86-mm-pat-Replace-cpu_has_pat-with-boot_cpu_has.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,62 +0,0 @@ -From: Toshi Kani <toshi.k...@hpe.com> -Date: Wed, 23 Mar 2016 15:41:59 -0600 -Patch-mainline: v4.7-rc1 -Subject: x86/mm/pat: Replace cpu_has_pat with boot_cpu_has() -Git-commit: d63dcf49cf5ae5605f4d14229e3888e104f294b1 -Reference: bnc#982991, bnc#974257, bnc#982991 - -Borislav Petkov suggested: - - > Please use on init paths boot_cpu_has(X86_FEATURE_PAT) and on fast - > paths static_cpu_has(X86_FEATURE_PAT). No more of that cpu_has_XXX - > ugliness. - -Replace the use of cpu_has_pat on init paths with boot_cpu_has(). - -Suggested-by: Borislav Petkov <b...@suse.de> -Signed-off-by: Toshi Kani <toshi.k...@hpe.com> -Reviewed-by: Thomas Gleixner <t...@linutronix.de> -Cc: Andrew Morton <a...@linux-foundation.org> -Cc: Andy Lutomirski <l...@amacapital.net> -Cc: Borislav Petkov <b...@alien8.de> -Cc: Brian Gerst <brge...@gmail.com> -Cc: Denys Vlasenko <dvlas...@redhat.com> -Cc: H. Peter Anvin <h...@zytor.com> -Cc: Juergen Gross <jgr...@suse.com> -Cc: Linus Torvalds <torva...@linux-foundation.org> -Cc: Luis R. Rodriguez <mcg...@suse.com> -Cc: Peter Zijlstra <pet...@infradead.org> -Cc: Robert Elliott <elli...@hpe.com> -Cc: Toshi Kani <toshi.k...@hp.com> -Cc: konrad.w...@oracle.com -Cc: paul.gortma...@windriver.com -Cc: xen-de...@lists.xenproject.org -Link: http://lkml.kernel.org/r/1458769323-24491-4-git-send-email-toshi.k...@hpe.com -Signed-off-by: Ingo Molnar <mi...@kernel.org> -Acked-by: <oher...@suse.de> ---- - arch/x86/mm/pat.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c -index 1cc1d37..59ec038 100644 ---- a/arch/x86/mm/pat.c -+++ b/arch/x86/mm/pat.c -@@ -213,7 +213,7 @@ static void pat_bsp_init(u64 pat) - { - u64 tmp_pat; - -- if (!cpu_has_pat) { -+ if (!boot_cpu_has(X86_FEATURE_PAT)) { - pat_disable("PAT not supported by CPU."); - return; - } -@@ -231,7 +231,7 @@ static void pat_bsp_init(u64 pat) - - static void pat_ap_init(u64 pat) - { -- if (!cpu_has_pat) { -+ if (!boot_cpu_has(X86_FEATURE_PAT)) { - /* - * If this happens we are on a secondary CPU, but switched to - * PAT on the boot CPU. We have no way to undo PAT. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/pat-0004-x86-mtrr-Fix-Xorg-crashes-in-Qemu-sessions.patch new/patches.suse/pat-0004-x86-mtrr-Fix-Xorg-crashes-in-Qemu-sessions.patch --- old/patches.suse/pat-0004-x86-mtrr-Fix-Xorg-crashes-in-Qemu-sessions.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/pat-0004-x86-mtrr-Fix-Xorg-crashes-in-Qemu-sessions.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,158 +0,0 @@ -From: Toshi Kani <toshi.k...@hpe.com> -Date: Wed, 23 Mar 2016 15:42:00 -0600 -Patch-mainline: v4.7-rc1 -Subject: x86/mtrr: Fix Xorg crashes in Qemu sessions -Git-commit: edfe63ec97ed8d4496225f7ba54c9ce4207c5431 -Reference: bnc#982991, bnc#974257, bnc#982991 - -A Xorg failure on qemu32 was reported as a regression [1] caused by -commit 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled"). - -This patch fixes the Xorg crash. - -Negative effects of this regression were the following two failures [2] -in Xorg on QEMU with QEMU CPU model "qemu32" (-cpu qemu32), which were -triggered by the fact that its virtual CPU does not support MTRRs. - - #1. copy_process() failed in the check in reserve_pfn_range() - - copy_process - copy_mm - dup_mm - dup_mmap - copy_page_range - track_pfn_copy - reserve_pfn_range - - A WC map request was tracked as WC in memtype, which set a PTE as - UC (pgprot) per __cachemode2pte_tbl[]. This led to this error in - reserve_pfn_range() called from track_pfn_copy(), which obtained - a pgprot from a PTE. It converts pgprot to page_cache_mode, which - does not necessarily result in the original page_cache_mode since - __cachemode2pte_tbl[] redirects multiple types to UC. - - #2. error path in copy_process() then hit WARN_ON_ONCE in - untrack_pfn(). - - x86/PAT: Xorg:509 map pfn expected mapping type uncached- - minus for [mem 0xfd000000-0xfdffffff], got write-combining - Call Trace: - dump_stack - warn_slowpath_common - ? untrack_pfn - ? untrack_pfn - warn_slowpath_null - untrack_pfn - ? __kunmap_atomic - unmap_single_vma - ? pagevec_move_tail_fn - unmap_vmas - exit_mmap - mmput - copy_process.part.47 - _do_fork - SyS_clone - do_syscall_32_irqs_on - entry_INT80_32 - -These negative effects are caused by two separate bugs, but they -can be addressed in separate patches. Fixing the pat_init() issue -described below addresses the root cause, and avoids Xorg to hit -these cases. - -When the CPU does not support MTRRs, MTRR does not call pat_init(), -which leaves PAT enabled without initializing PAT. This pat_init() -issue is a long-standing issue, but manifested as issue #1 (and then -hit issue #2) with the above-mentioned commit because the memtype -now tracks cache attribute with 'page_cache_mode'. - -This pat_init() issue existed before the commit, but we used pgprot -in memtype. Hence, we did not have issue #1 before. But WC request -resulted in WT in effect because WC pgrot is actually WT when PAT -is not initialized. This is not how it was designed to work. When -PAT is set to disable properly, WC is converted to UC. The use of -WT can result in a system crash if the target range does not support -WT. Fortunately, nobody ran into such issue before. - -To fix this pat_init() issue, PAT code has been enhanced to provide -pat_disable() interface. Call this interface when MTRRs are disabled. -By setting PAT to disable properly, PAT bypasses the memtype check, -and avoids issue #1. - - [1]: https://lkml.org/lkml/2016/3/3/828 - [2]: https://lkml.org/lkml/2016/3/4/775 - -Signed-off-by: Toshi Kani <toshi.k...@hpe.com> -Reviewed-by: Thomas Gleixner <t...@linutronix.de> -Cc: Andrew Morton <a...@linux-foundation.org> -Cc: Andy Lutomirski <l...@amacapital.net> -Cc: Borislav Petkov <b...@alien8.de> -Cc: Borislav Petkov <b...@suse.de> -Cc: Brian Gerst <brge...@gmail.com> -Cc: Denys Vlasenko <dvlas...@redhat.com> -Cc: H. Peter Anvin <h...@zytor.com> -Cc: Juergen Gross <jgr...@suse.com> -Cc: Linus Torvalds <torva...@linux-foundation.org> -Cc: Luis R. Rodriguez <mcg...@suse.com> -Cc: Peter Zijlstra <pet...@infradead.org> -Cc: Toshi Kani <toshi.k...@hp.com> -Cc: elli...@hpe.com -Cc: konrad.w...@oracle.com -Cc: paul.gortma...@windriver.com -Cc: xen-de...@lists.xenproject.org -Link: http://lkml.kernel.org/r/1458769323-24491-5-git-send-email-toshi.k...@hpe.com -Signed-off-by: Ingo Molnar <mi...@kernel.org> -Acked-by: <oher...@suse.de> ---- - arch/x86/include/asm/mtrr.h | 6 +++++- - arch/x86/kernel/cpu/mtrr/main.c | 10 +++++++++- - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/include/asm/mtrr.h b/arch/x86/include/asm/mtrr.h -index b94f6f6..dbff145 100644 ---- a/arch/x86/include/asm/mtrr.h -+++ b/arch/x86/include/asm/mtrr.h -@@ -24,6 +24,7 @@ - #define _ASM_X86_MTRR_H - - #include <uapi/asm/mtrr.h> -+#include <asm/pat.h> - - - /* -@@ -83,9 +84,12 @@ static inline int mtrr_trim_uncached_memory(unsigned long end_pfn) - static inline void mtrr_centaur_report_mcr(int mcr, u32 lo, u32 hi) - { - } -+static inline void mtrr_bp_init(void) -+{ -+ pat_disable("MTRRs disabled, skipping PAT initialization too."); -+} - - #define mtrr_ap_init() do {} while (0) --#define mtrr_bp_init() do {} while (0) - #define set_mtrr_aps_delayed_init() do {} while (0) - #define mtrr_aps_init() do {} while (0) - #define mtrr_bp_restore() do {} while (0) -diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c -index 10f8d47..8b1947b 100644 ---- a/arch/x86/kernel/cpu/mtrr/main.c -+++ b/arch/x86/kernel/cpu/mtrr/main.c -@@ -759,8 +759,16 @@ void __init mtrr_bp_init(void) - } - } - -- if (!mtrr_enabled()) -+ if (!mtrr_enabled()) { - pr_info("MTRR: Disabled\n"); -+ -+ /* -+ * PAT initialization relies on MTRR's rendezvous handler. -+ * Skip PAT init until the handler can initialize both -+ * features independently. -+ */ -+ pat_disable("MTRRs disabled, skipping PAT initialization too."); -+ } - } - - void mtrr_ap_init(void) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/pat-0005-x86-mtrr-Fix-PAT-init-handling-when-MTRR-is-disabled.patch new/patches.suse/pat-0005-x86-mtrr-Fix-PAT-init-handling-when-MTRR-is-disabled.patch --- old/patches.suse/pat-0005-x86-mtrr-Fix-PAT-init-handling-when-MTRR-is-disabled.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/pat-0005-x86-mtrr-Fix-PAT-init-handling-when-MTRR-is-disabled.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,114 +0,0 @@ -From: Toshi Kani <toshi.k...@hpe.com> -Date: Wed, 23 Mar 2016 15:42:01 -0600 -Patch-mainline: v4.7-rc1 -Subject: x86/mtrr: Fix PAT init handling when MTRR is disabled -Git-commit: ad025a73f0e9344ac73ffe1b74c184033e08e7d5 -Reference: bnc#982991, bnc#974257, bnc#982991 - -get_mtrr_state() calls pat_init() on BSP even if MTRR is disabled. -This results in calling pat_init() on BSP only since APs do not call -pat_init() when MTRR is disabled. This inconsistency between BSP -and APs leads to undefined behavior. - -Make BSP's calling condition to pat_init() consistent with AP's, -mtrr_ap_init() and mtrr_aps_init(). - -Signed-off-by: Toshi Kani <toshi.k...@hpe.com> -Reviewed-by: Thomas Gleixner <t...@linutronix.de> -Cc: Andrew Morton <a...@linux-foundation.org> -Cc: Andy Lutomirski <l...@amacapital.net> -Cc: Borislav Petkov <b...@alien8.de> -Cc: Borislav Petkov <b...@suse.de> -Cc: Brian Gerst <brge...@gmail.com> -Cc: Denys Vlasenko <dvlas...@redhat.com> -Cc: H. Peter Anvin <h...@zytor.com> -Cc: Juergen Gross <jgr...@suse.com> -Cc: Linus Torvalds <torva...@linux-foundation.org> -Cc: Luis R. Rodriguez <mcg...@suse.com> -Cc: Peter Zijlstra <pet...@infradead.org> -Cc: Toshi Kani <toshi.k...@hp.com> -Cc: elli...@hpe.com -Cc: konrad.w...@oracle.com -Cc: paul.gortma...@windriver.com -Cc: xen-de...@lists.xenproject.org -Link: http://lkml.kernel.org/r/1458769323-24491-6-git-send-email-toshi.k...@hpe.com -Signed-off-by: Ingo Molnar <mi...@kernel.org> -Acked-by: <oher...@suse.de> ---- - arch/x86/kernel/cpu/mtrr/generic.c | 24 ++++++++++++++---------- - arch/x86/kernel/cpu/mtrr/main.c | 3 +++ - arch/x86/kernel/cpu/mtrr/mtrr.h | 1 + - 3 files changed, 18 insertions(+), 10 deletions(-) - -diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c -index 19f5736..8d7a29e 100644 ---- a/arch/x86/kernel/cpu/mtrr/generic.c -+++ b/arch/x86/kernel/cpu/mtrr/generic.c -@@ -444,11 +444,24 @@ static void __init print_mtrr_state(void) - pr_debug("TOM2: %016llx aka %lldM\n", mtrr_tom2, mtrr_tom2>>20); - } - -+/* PAT setup for BP. We need to go through sync steps here */ -+void __init mtrr_bp_pat_init(void) -+{ -+ unsigned long flags; -+ -+ local_irq_save(flags); -+ prepare_set(); -+ -+ pat_init(); -+ -+ post_set(); -+ local_irq_restore(flags); -+} -+ - /* Grab all of the MTRR state for this CPU into *state */ - bool __init get_mtrr_state(void) - { - struct mtrr_var_range *vrs; -- unsigned long flags; - unsigned lo, dummy; - unsigned int i; - -@@ -481,15 +494,6 @@ bool __init get_mtrr_state(void) - - mtrr_state_set = 1; - -- /* PAT setup for BP. We need to go through sync steps here */ -- local_irq_save(flags); -- prepare_set(); -- -- pat_init(); -- -- post_set(); -- local_irq_restore(flags); -- - return !!(mtrr_state.enabled & MTRR_STATE_MTRR_ENABLED); - } - -diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c -index 8b1947b..7d393ec 100644 ---- a/arch/x86/kernel/cpu/mtrr/main.c -+++ b/arch/x86/kernel/cpu/mtrr/main.c -@@ -752,6 +752,9 @@ void __init mtrr_bp_init(void) - /* BIOS may override */ - __mtrr_enabled = get_mtrr_state(); - -+ if (mtrr_enabled()) -+ mtrr_bp_pat_init(); -+ - if (mtrr_cleanup(phys_addr)) { - changed_by_mtrr_cleanup = 1; - mtrr_if->set_all(); -diff --git a/arch/x86/kernel/cpu/mtrr/mtrr.h b/arch/x86/kernel/cpu/mtrr/mtrr.h -index 951884d..6c7ced0 100644 ---- a/arch/x86/kernel/cpu/mtrr/mtrr.h -+++ b/arch/x86/kernel/cpu/mtrr/mtrr.h -@@ -52,6 +52,7 @@ void set_mtrr_prepare_save(struct set_mtrr_context *ctxt); - void fill_mtrr_var_range(unsigned int index, - u32 base_lo, u32 base_hi, u32 mask_lo, u32 mask_hi); - bool get_mtrr_state(void); -+void mtrr_bp_pat_init(void); - - extern void set_mtrr_ops(const struct mtrr_ops *ops); - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/pat-0006-x86-xen-pat-Remove-PAT-table-init-code-from-Xen.patch new/patches.suse/pat-0006-x86-xen-pat-Remove-PAT-table-init-code-from-Xen.patch --- old/patches.suse/pat-0006-x86-xen-pat-Remove-PAT-table-init-code-from-Xen.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/pat-0006-x86-xen-pat-Remove-PAT-table-init-code-from-Xen.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,105 +0,0 @@ -From: Toshi Kani <toshi.k...@hpe.com> -Date: Wed, 23 Mar 2016 15:42:02 -0600 -Patch-mainline: v4.7-rc1 -Subject: x86/xen, pat: Remove PAT table init code from Xen -Git-commit: 88ba281108ed0c25c9d292b48bd3f272fcb90dd0 -Reference: bnc#982991, bnc#974257, bnc#982991 - -Xen supports PAT without MTRRs for its guests. In order to -enable WC attribute, it was necessary for xen_start_kernel() -to call pat_init_cache_modes() to update PAT table before -starting guest kernel. - -Now that the kernel initializes PAT table to the BIOS handoff -state when MTRR is disabled, this Xen-specific PAT init code -is no longer necessary. Delete it from xen_start_kernel(). - -Also change __init_cache_modes() to a static function since -PAT table should not be tweaked by other modules. - -Signed-off-by: Toshi Kani <toshi.k...@hpe.com> -Reviewed-by: Thomas Gleixner <t...@linutronix.de> -Acked-by: Juergen Gross <jgr...@suse.com> -Cc: Andrew Morton <a...@linux-foundation.org> -Cc: Andy Lutomirski <l...@amacapital.net> -Cc: Borislav Petkov <b...@alien8.de> -Cc: Borislav Petkov <b...@suse.de> -Cc: Brian Gerst <brge...@gmail.com> -Cc: Denys Vlasenko <dvlas...@redhat.com> -Cc: H. Peter Anvin <h...@zytor.com> -Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> -Cc: Linus Torvalds <torva...@linux-foundation.org> -Cc: Luis R. Rodriguez <mcg...@suse.com> -Cc: Peter Zijlstra <pet...@infradead.org> -Cc: Toshi Kani <toshi.k...@hp.com> -Cc: elli...@hpe.com -Cc: paul.gortma...@windriver.com -Cc: xen-de...@lists.xenproject.org -Link: http://lkml.kernel.org/r/1458769323-24491-7-git-send-email-toshi.k...@hpe.com -Signed-off-by: Ingo Molnar <mi...@kernel.org> -Acked-by: <oher...@suse.de> ---- - arch/x86/include/asm/pat.h | 1 - - arch/x86/mm/pat.c | 2 +- - arch/x86/xen/enlighten.c | 9 --------- - 3 files changed, 1 insertion(+), 11 deletions(-) - -diff --git a/arch/x86/include/asm/pat.h b/arch/x86/include/asm/pat.h -index 0ad356c..0b1ff4c 100644 ---- a/arch/x86/include/asm/pat.h -+++ b/arch/x86/include/asm/pat.h -@@ -7,7 +7,6 @@ - bool pat_enabled(void); - void pat_disable(const char *reason); - extern void pat_init(void); --void __init_cache_modes(u64); - - extern int reserve_memtype(u64 start, u64 end, - enum page_cache_mode req_pcm, enum page_cache_mode *ret_pcm); -diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c -index 59ec038..c4c3ddc 100644 ---- a/arch/x86/mm/pat.c -+++ b/arch/x86/mm/pat.c -@@ -192,7 +192,7 @@ static enum page_cache_mode pat_get_cache_mode(unsigned pat_val, char *msg) - * configuration. - * Using lower indices is preferred, so we start with highest index. - */ --void __init_cache_modes(u64 pat) -+static void __init_cache_modes(u64 pat) - { - enum page_cache_mode cache; - char pat_msg[33]; -diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index c469a7c..d8cca75 100644 ---- a/arch/x86/xen/enlighten.c -+++ b/arch/x86/xen/enlighten.c -@@ -75,7 +75,6 @@ - #include <asm/mach_traps.h> - #include <asm/mwait.h> - #include <asm/pci_x86.h> --#include <asm/pat.h> - #include <asm/cpu.h> - - #ifdef CONFIG_ACPI -@@ -1511,7 +1510,6 @@ asmlinkage __visible void __init xen_start_kernel(void) - { - struct physdev_set_iopl set_iopl; - unsigned long initrd_start = 0; -- u64 pat; - int rc; - - if (!xen_start_info) -@@ -1618,13 +1616,6 @@ asmlinkage __visible void __init xen_start_kernel(void) - xen_start_info->nr_pages); - xen_reserve_special_pages(); - -- /* -- * Modify the cache mode translation tables to match Xen's PAT -- * configuration. -- */ -- rdmsrl(MSR_IA32_CR_PAT, pat); -- __init_cache_modes(pat); -- - /* keep using Xen gdt for now; no urgent need to change it */ - - #ifdef CONFIG_X86_32 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/pat-0007-x86-pat-Document-the-PAT-initialization-sequence.patch new/patches.suse/pat-0007-x86-pat-Document-the-PAT-initialization-sequence.patch --- old/patches.suse/pat-0007-x86-pat-Document-the-PAT-initialization-sequence.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/pat-0007-x86-pat-Document-the-PAT-initialization-sequence.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,75 +0,0 @@ -From: Toshi Kani <toshi.k...@hpe.com> -Date: Wed, 23 Mar 2016 15:42:03 -0600 -Patch-mainline: v4.7-rc1 -Subject: x86/pat: Document the PAT initialization sequence -Git-commit: b6350c21cfe8aa9d65e189509a23c0ea4b8362c2 -Reference: bnc#982991, bnc#974257, bnc#982991 - -Update PAT documentation to describe how PAT is initialized under -various configurations. - -Signed-off-by: Toshi Kani <toshi.k...@hpe.com> -Reviewed-by: Thomas Gleixner <t...@linutronix.de> -Cc: Andrew Morton <a...@linux-foundation.org> -Cc: Andy Lutomirski <l...@amacapital.net> -Cc: Borislav Petkov <b...@alien8.de> -Cc: Borislav Petkov <b...@suse.de> -Cc: Brian Gerst <brge...@gmail.com> -Cc: Denys Vlasenko <dvlas...@redhat.com> -Cc: H. Peter Anvin <h...@zytor.com> -Cc: Juergen Gross <jgr...@suse.com> -Cc: Linus Torvalds <torva...@linux-foundation.org> -Cc: Luis R. Rodriguez <mcg...@suse.com> -Cc: Peter Zijlstra <pet...@infradead.org> -Cc: Toshi Kani <toshi.k...@hp.com> -Cc: elli...@hpe.com -Cc: konrad.w...@oracle.com -Cc: paul.gortma...@windriver.com -Cc: xen-de...@lists.xenproject.org -Link: http://lkml.kernel.org/r/1458769323-24491-8-git-send-email-toshi.k...@hpe.com -Signed-off-by: Ingo Molnar <mi...@kernel.org> -Acked-by: <oher...@suse.de> ---- - Documentation/x86/pat.txt | 32 ++++++++++++++++++++++++++++++++ - 1 file changed, 32 insertions(+) - -diff --git a/Documentation/x86/pat.txt b/Documentation/x86/pat.txt -index 54944c7..2a4ee63 100644 ---- a/Documentation/x86/pat.txt -+++ b/Documentation/x86/pat.txt -@@ -196,3 +196,35 @@ Another, more verbose way of getting PAT related debug messages is with - "debugpat" boot parameter. With this parameter, various debug messages are - printed to dmesg log. - -+PAT Initialization -+------------------ -+ -+The following table describes how PAT is initialized under various -+configurations. The PAT MSR must be updated by Linux in order to support WC -+and WT attributes. Otherwise, the PAT MSR has the value programmed in it -+by the firmware. Note, Xen enables WC attribute in the PAT MSR for guests. -+ -+ MTRR PAT Call Sequence PAT State PAT MSR -+ ========================================================= -+ E E MTRR -> PAT init Enabled OS -+ E D MTRR -> PAT init Disabled - -+ D E MTRR -> PAT disable Disabled BIOS -+ D D MTRR -> PAT disable Disabled - -+ - np/E PAT -> PAT disable Disabled BIOS -+ - np/D PAT -> PAT disable Disabled - -+ E !P/E MTRR -> PAT init Disabled BIOS -+ D !P/E MTRR -> PAT disable Disabled BIOS -+ !M !P/E MTRR stub -> PAT disable Disabled BIOS -+ -+ Legend -+ ------------------------------------------------ -+ E Feature enabled in CPU -+ D Feature disabled/unsupported in CPU -+ np "nopat" boot option specified -+ !P CONFIG_X86_PAT option unset -+ !M CONFIG_MTRR option unset -+ Enabled PAT state set to enabled -+ Disabled PAT state set to disabled -+ OS PAT initializes PAT MSR with OS setting -+ BIOS PAT keeps PAT MSR with BIOS setting -+ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/sd_init.mark_majors_busy.patch new/patches.suse/sd_init.mark_majors_busy.patch --- old/patches.suse/sd_init.mark_majors_busy.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/sd_init.mark_majors_busy.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,143 +0,0 @@ -Subject: mark busy sd majors as allocated -From: <oher...@suse.de> -Patch-mainline: never , triggers only with our xenlinux drivers -References: bnc#744658 - -Mark busy sd majors as allocated, so that sd_probe() can not register -them again. Since register_blkdev() can be called from everywhere, -init_sd() has to handle errors and mark the major as busy in its -internal mapping. - -The specific case where the errors happen is the xenblk driver in PV and -FV guests. A guest can claim IDE or SCSI majors if they are specified in -its configuration file. Then xenblk will claim the major numbers and -start to use them. Later a user of sd_mod (such as iscsi or scsi_debug) -will try to claim these majors as well, but does not handle the error -from register_blkdev(). As a result the kernel devicename is registered -twice with sysfs and the kernel crashes. - -This patch implements simple error handling and marks the first 256 -minors for a failed major as busy. It also handle holes. -The xend tools do not handle extended minors (such as -/sys/block/sdiw/dev:8:256), so this change can remain simple. - ---- - drivers/scsi/sd.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++-------- - 1 file changed, 62 insertions(+), 10 deletions(-) - -Index: b/drivers/scsi/sd.c -=================================================================== ---- a/drivers/scsi/sd.c -+++ b/drivers/scsi/sd.c -@@ -2546,6 +2546,20 @@ static void sd_probe_async(void *data, a - put_device(&sdkp->dev); - } - -+static int sd_get_index(int *index) -+{ -+ int error = -ENOMEM; -+ do { -+ if (!ida_pre_get(&sd_index_ida, GFP_KERNEL)) -+ break; -+ -+ spin_lock(&sd_index_lock); -+ error = ida_get_new(&sd_index_ida, index); -+ spin_unlock(&sd_index_lock); -+ } while (error == -EAGAIN); -+ -+ return error; -+} - /** - * sd_probe - called during driver initialization and whenever a - * new scsi device is attached to the system. It is called once -@@ -2588,15 +2602,7 @@ static int sd_probe(struct device *dev) - if (!gd) - goto out_free; - -- do { -- if (!ida_pre_get(&sd_index_ida, GFP_KERNEL)) -- goto out_put; -- -- spin_lock(&sd_index_lock); -- error = ida_get_new(&sd_index_ida, &index); -- spin_unlock(&sd_index_lock); -- } while (error == -EAGAIN); -- -+ error = sd_get_index(&index); - if (error) { - sdev_printk(KERN_WARNING, sdp, "sd_probe: memory exhausted.\n"); - goto out_put; -@@ -2806,6 +2812,42 @@ done: - return sd_start_stop_device(sdkp, 1); - } - -+/* -+* Each major represents 16 disks. A minor is used for the disk itself and 15 -+* partitions. Mark each disk busy so that sd_probe can not reclaim this major. -+*/ -+static int __init init_sd_ida(int *error) -+{ -+ int *index, i, j, err; -+ -+ index = kmalloc(SD_MAJORS * (256 / SD_MINORS) * sizeof(int), GFP_KERNEL); -+ if (!index) -+ return -ENOMEM; -+ -+ /* Mark minors for all majors as busy */ -+ for (i = 0; i < SD_MAJORS; i++) -+ { -+ for (j = 0; j < (256 / SD_MINORS); j++) { -+ err = sd_get_index(&index[i * (256 / SD_MINORS) + j]); -+ if (err) { -+ kfree(index); -+ return err; -+ } -+ } -+ } -+ -+ /* Mark minors for claimed majors as free */ -+ for (i = 0; i < SD_MAJORS; i++) -+ { -+ if (error[i]) -+ continue; -+ for (j = 0; j < (256 / SD_MINORS); j++) -+ ida_remove(&sd_index_ida, index[i * (256 / SD_MINORS) + j]); -+ } -+ kfree(index); -+ return 0; -+} -+ - /** - * init_sd - entry point for this driver (both when built in or when - * a module). -@@ -2815,20 +2857,27 @@ done: - static int __init init_sd(void) - { - int majors = 0, i, err; -+ int error[SD_MAJORS]; - - SCSI_LOG_HLQUEUE(3, printk("init_sd: sd driver entry point\n")); - - for (i = 0; i < SD_MAJORS; i++) { -- if (register_blkdev(sd_major(i), "sd") != 0) -- continue; -- majors++; -+ error[i] = register_blkdev(sd_major(i), "sd"); -+ if (error[i] == 0) -+ majors++; - blk_register_region(sd_major(i), SD_MINORS, NULL, - sd_default_probe, NULL, NULL); - } - - if (!majors) - return -ENODEV; - -+ if (majors < SD_MAJORS) { -+ err = init_sd_ida(error); -+ if (err) -+ return err; -+ } -+ - err = class_register(&sd_disk_class); - if (err) - goto err_out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/stack-unwind.patch new/patches.suse/stack-unwind.patch --- old/patches.suse/stack-unwind.patch 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/stack-unwind.patch 2016-06-28 14:20:35.000000000 +0200 @@ -548,8 +548,8 @@ + cpu = get_cpu(); for (;;) { - struct thread_info *context; void *end_stack; + --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -14,6 +14,7 @@ @@ -560,13 +560,12 @@ #include <asm/stacktrace.h> -@@ -152,9 +153,9 @@ void dump_trace(struct task_struct *task +@@ -152,8 +153,8 @@ void dump_trace(struct task_struct *task unsigned long *stack, unsigned long bp, const struct stacktrace_ops *ops, void *data) { - const unsigned cpu = get_cpu(); + unsigned cpu; - struct thread_info *tinfo; - unsigned long *irq_stack = (unsigned long *)per_cpu(irq_stack_ptr, cpu); + unsigned long *irq_stack; unsigned long dummy; @@ -584,9 +583,9 @@ if (regs) stack = (unsigned long *)regs->sp; @@ -180,6 +185,8 @@ void dump_trace(struct task_struct *task + * current stack address. If the stacks consist of nested * exceptions */ - tinfo = task_thread_info(task); + cpu = get_cpu(); + irq_stack = (unsigned long *)per_cpu(irq_stack_ptr, cpu); while (!done) { @@ -909,8 +908,8 @@ /* Switch to core kallsyms now init is done: kallsyms may be walking! */ rcu_assign_pointer(mod->kallsyms, &mod->core_kallsyms); @@ -3574,6 +3601,9 @@ static int load_module(struct load_info - if (err < 0) - goto coming_cleanup; + goto sysfs_cleanup; + } + /* Initialize unwind table */ + add_unwind_table(mod, info); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/vfs-add-super_operations-get_inode_dev new/patches.suse/vfs-add-super_operations-get_inode_dev --- old/patches.suse/vfs-add-super_operations-get_inode_dev 2016-06-06 21:08:35.000000000 +0200 +++ new/patches.suse/vfs-add-super_operations-get_inode_dev 2016-06-28 14:20:35.000000000 +0200 @@ -89,7 +89,7 @@ default: case FSIDSOURCE_DEV: p = xdr_encode_hyper(p, (u64)huge_encode_dev -- (d_inode(fhp->fh_dentry)->i_sb->s_dev)); +- (fhp->fh_dentry->d_sb->s_dev)); + (inode_get_dev(d_inode(fhp->fh_dentry)))); break; case FSIDSOURCE_FSID: @@ -229,7 +229,7 @@ inode_unlock(d_backing_inode(parent->dentry)); if (d_is_positive(d)) { /* update watch filter fields */ -- watch->dev = d_backing_inode(d)->i_sb->s_dev; +- watch->dev = d->d_sb->s_dev; + watch->dev = inode_get_dev(d_backing_inode(d)); watch->ino = d_backing_inode(d)->i_ino; } ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:26:01.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:26:01.000000000 +0200 @@ -27,10 +27,6 @@ # DO NOT MODIFY THEM! # Send separate patches upstream if you find a problem... ######################################################## - patches.kernel.org/patch-4.6.1 - patches.kernel.org/patch-4.6.1-2 - patches.kernel.org/patch-4.6.2-3 - patches.kernel.org/patch-4.6.3-4 ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -38,8 +34,7 @@ # and patched flavors. ######################################################## patches.rpmify/lustre-lloop-dont-change-logical-size - patches.rpmify/lightnvm-warning-fixes.patch - patches.rpmify/drm-amd-add-kconfig-dependency-for-acp-on-drm_amdgpu + patches.rpmify/i915-fix-build-error-with-werror ######################################################## # kABI consistency patches @@ -81,7 +76,6 @@ # Scheduler / Core ######################################################## patches.suse/setuid-dumpable-wrongdir - patches.fixes/base-make-module_create_drivers_dir-race-free.patch ######################################################## # Architecture-specific patches. These used to be all @@ -93,13 +87,6 @@ ######################################################## # i386 ######################################################## - patches.suse/pat-0001-x86-mm-pat-Add-support-of-non-default-PAT-MSR-settin.patch - patches.suse/pat-0002-x86-mm-pat-Add-pat_disable-interface.patch - patches.suse/pat-0003-x86-mm-pat-Replace-cpu_has_pat-with-boot_cpu_has.patch - patches.suse/pat-0004-x86-mtrr-Fix-Xorg-crashes-in-Qemu-sessions.patch - patches.suse/pat-0005-x86-mtrr-Fix-PAT-init-handling-when-MTRR-is-disabled.patch - patches.suse/pat-0006-x86-xen-pat-Remove-PAT-table-init-code-from-Xen.patch - patches.suse/pat-0007-x86-pat-Document-the-PAT-initialization-sequence.patch # amd64 | x86-64 | x86_64 @@ -163,9 +150,7 @@ patches.arch/arm-refresh-mach-types.diff patches.arch/arm-arndale-usb.patch -+agraf patches.arch/arm-arndale-dma.patch patches.arch/arm-exynos-dwmmc-modalias.patch -+needs_update patches.arch/arm64-0004-net-xgbe-Add-A0-silicon-support.patch patches.arch/arm64-0006-arm64-Select-reboot-driver-for-X-Gene-platform.patch patches.arch/arm64-0010-KVM-ARM-Hack-to-enable-VGIC-mapping-on-64k-PAGE_SIZE.patch @@ -175,7 +160,6 @@ patches.arch/arm64-3-6-drivers-net-phy-Add-MDIO-driver.patch patches.arch/arm64-6-6-drivers-net-xgene-Fix-module-load-unload-crash.patch - ######################################################## # S/390 ######################################################## @@ -192,9 +176,6 @@ # Changes to tunable defaults patches.suse/readahead-request-tunables.patch - patches.fixes/0001-Revert-ecryptfs-forbid-opening-files-without-mmap-ha.patch - patches.fixes/0001-ecryptfs-don-t-allow-mmap-when-the-lower-file-system.patch - ######################################################## # IPC patches ######################################################## @@ -239,21 +220,16 @@ # Networking, IPv6 ######################################################## - # bsc#983213 CVE-2016-5244 - patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch - ######################################################## # Netfilter ######################################################## patches.suse/netfilter-ip_conntrack_slp.patch + patches.fixes/netfilter-x_tables-speed-up-jump-target-validation.patch ######################################################## # NFS ######################################################## - patches.fixes/0001-posix_acl-Add-set_posix_acl.patch - patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch - ######################################################## # lockd + statd ######################################################## @@ -261,7 +237,6 @@ ######################################################## # cifs patches ######################################################## - patches.suse/cifs-use-file_dentry.patch ######################################################## # ext2/ext3 @@ -275,7 +250,6 @@ ######################################################## # btrfs ######################################################## - patches.suse/btrfs-advertise-which-crc32c-implementation-is-being-used-on-mount patches.suse/btrfs-provide-super_operations-get_inode_dev ######################################################## @@ -340,7 +314,6 @@ patches.fixes/sd_liberal_28_sense_invalid.diff patches.fixes/scsi-ibmvscsi-module_alias.patch - patches.suse/sd_init.mark_majors_busy.patch ######################################################## # DRM/Video @@ -358,7 +331,6 @@ # Wireless Networking ######################################################## patches.suse/b43-missing-firmware-info.patch - patches.fixes/rtlwifi-Fix-scheduling-while-atomic-error-from-commi ######################################################## # ISDN @@ -381,7 +353,6 @@ # USB ######################################################## - ######################################################## # I2C ######################################################## @@ -395,10 +366,6 @@ ########################################################## # Sound ########################################################## - patches.drivers/ALSA-hrtimer-Handle-start-stop-more-properly - patches.fixes/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS - patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca - patches.fixes/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin patches.drivers/ASoC-intel-Fix-sst-dsp-dependency-on-dw-stuff ######################################################## @@ -412,9 +379,6 @@ # Needs updating WRT d27769ec (block: add GENHD_FL_NO_PART_SCAN) +hare patches.suse/no-partition-scan - patches.fixes/Bluetooth-fix-power_on-vs-close-race - - ######################################################## # Other drivers we have added to the tree ######################################################## @@ -443,9 +407,6 @@ # ########################################################## - # Bug 984755 - CVE-2016-4470: kernel-source: Uninitialized variable in request_key handling causes kernel crash in error handling path - patches.fixes/0001-KEYS-potential-uninitialized-variable.patch - ########################################################## # Audit ########################################################## @@ -457,7 +418,6 @@ # patches.apparmor/apparmor-profiles-seq_file patches.apparmor/apparmor-temporary-work-around-for-bug-while-unloadi patches.apparmor/apparmor-allow-sys_cap_resource-to-be-sufficient-to-prlimit-another-task - patches.fixes/apparmor-fix-oops-validate-buffer-size-in-apparmor_s ######################################################## # Address space layout randomization @@ -499,8 +459,6 @@ # KVM patches ######################################################## - # bsc#979715, CVE-2016-3713 - ######################################################## # Staging tree patches # new drivers that are going upstream ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.DemroZ/_old 2016-07-30 00:26:01.000000000 +0200 +++ /var/tmp/diff_new_pack.DemroZ/_new 2016-07-30 00:26:01.000000000 +0200 @@ -1,3 +1,3 @@ -2016-07-19 11:07:19 +0200 -GIT Revision: 8f4696bf2feebf3186b166a91e56932854128fee +2016-07-25 10:42:47 +0200 +GIT Revision: 89a2adaa0f1e861c150bad2fb3589fd2f72800cd GIT Branch: stable