Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2016-09-13 22:22:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes 2016-09-05 21:15:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes 2016-09-13 22:22:09.000000000 +0200 @@ -1,0 +2,22 @@ +Thu Sep 8 15:04:24 CEST 2016 - [email protected] + +- Refresh patches.fixes/autofs-use-dentry-flags-to-block-walks-during-expire + Fix schedule_timeout() call with uninterruptible one (bsc#997639) +- commit 7ad9c1d + +------------------------------------------------------------------- +Wed Sep 7 17:41:12 CEST 2016 - [email protected] + +- autofs - use dentry flags to block walks during expire + (bsc#997639). +- commit 268a807 + +------------------------------------------------------------------- +Wed Sep 7 09:38:58 CEST 2016 - [email protected] + +- Linux 4.7.3 (CVE-2016-6480 bsc#991608). +- Delete + patches.fixes/aacraid-check-size-values-after-double-fetch-from-user.patch. +- commit 2ecc7fe + +------------------------------------------------------------------- kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.7 -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0 Group: System/Kernel -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -16,7 +16,7 @@ # -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -27,9 +27,9 @@ Summary: Kernel Documentation (man pages) License: GPL-2.0 Group: Documentation/Man -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.7 -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -51,9 +51,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.7 -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.7 -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:14.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:14.000000000 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.7.2 +Version: 4.7.3 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:15.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:15.000000000 +0200 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.7 -%define patchversion 4.7.2 +%define patchversion 4.7.3 %define variant %{nil} %define vanilla_only 0 @@ -61,9 +61,9 @@ Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0 Group: System/Kernel -Version: 4.7.2 +Version: 4.7.3 %if 0%{?is_kotd} -Release: <RELEASE>.g8a962cf +Release: <RELEASE>.g7ad9c1d %else Release: 0 %endif ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/aacraid-check-size-values-after-double-fetch-from-user.patch new/patches.fixes/aacraid-check-size-values-after-double-fetch-from-user.patch --- old/patches.fixes/aacraid-check-size-values-after-double-fetch-from-user.patch 2016-08-30 01:57:41.000000000 +0200 +++ new/patches.fixes/aacraid-check-size-values-after-double-fetch-from-user.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,66 +0,0 @@ -From: Dave Carroll <[email protected]> -Date: Fri, 5 Aug 2016 13:44:10 -0600 -Subject: aacraid: Check size values after double-fetch from user -Git-commit: fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3 -Patch-mainline: v4.8-rc2 -References: CVE-2016-6480 bsc#991608 - -In aacraid's ioctl_send_fib() we do two fetches from userspace, one the -get the fib header's size and one for the fib itself. Later we use the -size field from the second fetch to further process the fib. If for some -reason the size from the second fetch is different than from the first -fix, we may encounter an out-of- bounds access in aac_fib_send(). We -also check the sender size to insure it is not out of bounds. This was -reported in https://bugzilla.kernel.org/show_bug.cgi?id=116751 and was -assigned CVE-2016-6480. - -Reported-by: Pengfei Wang <[email protected]> -Fixes: 7c00ffa31 '[SCSI] 2.6 aacraid: Variable FIB size (updated patch)' -Cc: [email protected] -Signed-off-by: Dave Carroll <[email protected]> -Reviewed-by: Johannes Thumshirn <[email protected]> -Signed-off-by: Martin K. Petersen <[email protected]> -Acked-by: Johannes Thumshirn <[email protected]> ---- - drivers/scsi/aacraid/commctrl.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c -index b381b37..5648b71 100644 ---- a/drivers/scsi/aacraid/commctrl.c -+++ b/drivers/scsi/aacraid/commctrl.c -@@ -63,7 +63,7 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) - struct fib *fibptr; - struct hw_fib * hw_fib = (struct hw_fib *)0; - dma_addr_t hw_fib_pa = (dma_addr_t)0LL; -- unsigned size; -+ unsigned int size, osize; - int retval; - - if (dev->in_reset) { -@@ -87,7 +87,8 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) - * will not overrun the buffer when we copy the memory. Return - * an error if we would. - */ -- size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr); -+ osize = size = le16_to_cpu(kfib->header.Size) + -+ sizeof(struct aac_fibhdr); - if (size < le16_to_cpu(kfib->header.SenderSize)) - size = le16_to_cpu(kfib->header.SenderSize); - if (size > dev->max_fib_size) { -@@ -118,6 +119,14 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) - goto cleanup; - } - -+ /* Sanity check the second copy */ -+ if ((osize != le16_to_cpu(kfib->header.Size) + -+ sizeof(struct aac_fibhdr)) -+ || (size < le16_to_cpu(kfib->header.SenderSize))) { -+ retval = -EINVAL; -+ goto cleanup; -+ } -+ - if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) { - aac_adapter_interrupt(dev); - /* - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/autofs-use-dentry-flags-to-block-walks-during-expire new/patches.fixes/autofs-use-dentry-flags-to-block-walks-during-expire --- old/patches.fixes/autofs-use-dentry-flags-to-block-walks-during-expire 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/autofs-use-dentry-flags-to-block-walks-during-expire 2016-09-08 15:08:03.000000000 +0200 @@ -0,0 +1,136 @@ +From: Ian Kent <[email protected]> +Date: Thu, 1 Sep 2016 09:21:14 +0800 +Subject: [PATCH] autofs - use dentry flags to block walks during expire +Patch-mainline: Submitted, linux-fsdevel ML <[email protected]> +References: bsc#997639 + +Somewhere along the way the autofs expire operation has changed to +hold a spin lock over expired dentry selection. The autofs indirect +mount expired dentry selection is complicated and quite lengthy so +it isn't appropriate to hold a spin lock over the operation. + +Commit 47be6184 added a might_sleep() to dput() causing a BUG() +about this usage to be issued. + +But the spin lock doesn't need to be held over this check, the +autofs dentry info. flags are enough to block walks into dentrys +during the expire. + +I've left the direct mount expire as it is (for now) becuase it +is much simpler and quicker than the indirect mount expire and +adding spin lock release and re-aquires would do nothing more +than add overhead. + +Signed-off-by: Ian Kent <[email protected]> +Signed-off-by: Takashi Iwai <[email protected]> + +--- + fs/autofs4/expire.c | 55 +++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 42 insertions(+), 13 deletions(-) + +--- a/fs/autofs4/expire.c ++++ b/fs/autofs4/expire.c +@@ -417,6 +417,7 @@ static struct dentry *should_expire(stru + } + return NULL; + } ++ + /* + * Find an eligible tree to time-out + * A tree is eligible if :- +@@ -432,6 +433,7 @@ struct dentry *autofs4_expire_indirect(s + struct dentry *root = sb->s_root; + struct dentry *dentry; + struct dentry *expired; ++ struct dentry *found; + struct autofs_info *ino; + + if (!root) +@@ -442,31 +444,46 @@ struct dentry *autofs4_expire_indirect(s + + dentry = NULL; + while ((dentry = get_next_positive_subdir(dentry, root))) { ++ int flags = how; ++ + spin_lock(&sbi->fs_lock); + ino = autofs4_dentry_ino(dentry); +- if (ino->flags & AUTOFS_INF_WANT_EXPIRE) +- expired = NULL; +- else +- expired = should_expire(dentry, mnt, timeout, how); +- if (!expired) { ++ if (ino->flags & AUTOFS_INF_WANT_EXPIRE) { + spin_unlock(&sbi->fs_lock); + continue; + } ++ spin_unlock(&sbi->fs_lock); ++ ++ expired = should_expire(dentry, mnt, timeout, flags); ++ if (!expired) ++ continue; ++ ++ spin_lock(&sbi->fs_lock); + ino = autofs4_dentry_ino(expired); + ino->flags |= AUTOFS_INF_WANT_EXPIRE; + spin_unlock(&sbi->fs_lock); + synchronize_rcu(); +- spin_lock(&sbi->fs_lock); +- if (should_expire(expired, mnt, timeout, how)) { +- if (expired != dentry) +- dput(dentry); +- goto found; +- } + ++ /* Make sure a reference is not taken on found if ++ * things have changed. ++ */ ++ flags &= ~AUTOFS_EXP_LEAVES; ++ found = should_expire(expired, mnt, timeout, how); ++ if (!found || found != expired) ++ /* Something has changed, continue */ ++ goto next; ++ ++ if (expired != dentry) ++ dput(dentry); ++ ++ spin_lock(&sbi->fs_lock); ++ goto found; ++next: ++ spin_lock(&sbi->fs_lock); + ino->flags &= ~AUTOFS_INF_WANT_EXPIRE; ++ spin_unlock(&sbi->fs_lock); + if (expired != dentry) + dput(expired); +- spin_unlock(&sbi->fs_lock); + } + return NULL; + +@@ -483,6 +500,7 @@ int autofs4_expire_wait(struct dentry *d + struct autofs_sb_info *sbi = autofs4_sbi(dentry->d_sb); + struct autofs_info *ino = autofs4_dentry_ino(dentry); + int status; ++ int state; + + /* Block on any pending expire */ + if (!(ino->flags & AUTOFS_INF_WANT_EXPIRE)) +@@ -490,8 +508,19 @@ int autofs4_expire_wait(struct dentry *d + if (rcu_walk) + return -ECHILD; + ++retry: + spin_lock(&sbi->fs_lock); +- if (ino->flags & AUTOFS_INF_EXPIRING) { ++ state = ino->flags & (AUTOFS_INF_WANT_EXPIRE | AUTOFS_INF_EXPIRING); ++ if (state == AUTOFS_INF_WANT_EXPIRE) { ++ spin_unlock(&sbi->fs_lock); ++ /* ++ * Possibly being selected for expire, wait until ++ * it's selected or not. ++ */ ++ schedule_timeout_uninterruptible(HZ/10); ++ goto retry; ++ } ++ if (state & AUTOFS_INF_EXPIRING) { + spin_unlock(&sbi->fs_lock); + + pr_debug("waiting for expire %p name=%pd\n", dentry, dentry); ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 4581 lines of diff (skipped) ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:15.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:15.000000000 +0200 @@ -29,6 +29,7 @@ ######################################################## patches.kernel.org/patch-4.7.1 patches.kernel.org/patch-4.7.1-2 + patches.kernel.org/patch-4.7.2-3 ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -283,6 +284,7 @@ patches.drivers/pstore_disable_efi_backend_by_default.patch patches.suse/pstore-backend-autoaction + patches.fixes/autofs-use-dentry-flags-to-block-walks-during-expire ######################################################## # Overlayfs @@ -320,8 +322,6 @@ patches.fixes/scsi-ibmvscsi-module_alias.patch - # boo#991608 CVE-2016-6480 - patches.fixes/aacraid-check-size-values-after-double-fetch-from-user.patch ######################################################## # DRM/Video ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.1SnuSB/_old 2016-09-13 22:22:15.000000000 +0200 +++ /var/tmp/diff_new_pack.1SnuSB/_new 2016-09-13 22:22:15.000000000 +0200 @@ -1,3 +1,3 @@ -2016-08-30 01:57:41 +0200 -GIT Revision: 8a962cfa88053c89b833b7ae38ed32d14882cbae +2016-09-08 15:08:03 +0200 +GIT Revision: 7ad9c1d279240e05d3ee12487613e96414a8e321 GIT Branch: stable
