Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2017-04-03 11:04:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Mon Apr 3 11:04:53 2017 rev:358 rq:484248 version:4.10.8 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2017-03-29 13:23:44.583481810 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2017-04-03 11:04:54.405388226 +0200 @@ -1,0 +2,72 @@ +Fri Mar 31 19:16:00 CEST 2017 - [email protected] + +- Update patches.kernel.org/patch-4.10.7-8 references (add CVE-2017-7184 bsc#1030573). +- commit ea9dcd4 + +------------------------------------------------------------------- +Fri Mar 31 18:33:34 CEST 2017 - [email protected] + +- tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS (CVE-2017-7277 + bsc#1031265). +- tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs + (CVE-2017-7277 bsc#1031265). +- commit 37681e8 + +------------------------------------------------------------------- +Fri Mar 31 18:25:50 CEST 2017 - [email protected] + +- net/packet: fix overflow in check for tp_reserve (CVE-2017-7308 + bsc#1031579). +- net/packet: fix overflow in check for tp_frame_nr (CVE-2017-7308 + bsc#1031579). +- net/packet: fix overflow in check for priv area size + (CVE-2017-7308 bsc#1031579). +- commit fbe9fc9 + +------------------------------------------------------------------- +Fri Mar 31 18:17:42 CEST 2017 - [email protected] + +- ping: implement proper locking (bsc#1031003). +- commit 3ea493f + +------------------------------------------------------------------- +Fri Mar 31 12:00:42 CEST 2017 - [email protected] + +- Linux 4.10.8 (bnc#1012628). +- commit fd89662 + +------------------------------------------------------------------- +Thu Mar 30 11:49:42 CEST 2017 - [email protected] + +- drm/i915: disable KASAN for handlers (bnc#1025903). +- commit 0161cd4 + +------------------------------------------------------------------- +Thu Mar 30 11:43:27 CEST 2017 - [email protected] + +- Linux 4.10.7 (bnc#1007962 bnc#1012628 bsc#1013576 bsc#1028489 + bsc#1000619). +- Delete patches.drivers/drm-reference-count-event-completion. +- Delete patches.drivers/fbcon-Fix-vc-attr-at-deinit. +- Delete + patches.fixes/crypto-algif_hash-avoid-zero-sized-array.patch. +- Delete + patches.fixes/genetlink-fix-counting-regression-on-ctrl_dumpfamily.patch. +- commit 24e2bda + +------------------------------------------------------------------- +Sun Mar 26 20:39:41 CEST 2017 - [email protected] + +- Linux 4.10.6 (bnc#1012628 bnc#1025903). +- Delete + patches.rpmify/give-up-on-gcc-ilog2-constant-optimizations.patch. +- commit e326586 + +------------------------------------------------------------------- +Fri Mar 24 12:46:53 CET 2017 - [email protected] + +- genetlink: fix counting regression on ctrl_dumpfamily() + (bsc#1028489). +- commit 5182272 + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.036592636 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.036592636 +0200 @@ -16,15 +16,15 @@ # -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define vanilla_only 0 %include %_sourcedir/kernel-spec-macros Name: dtb-aarch64 -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.124580205 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.124580205 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.10 -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.204568904 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.208568339 +0200 @@ -16,7 +16,7 @@ # -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -42,9 +42,9 @@ Summary: Kernel Documentation (man pages) License: GPL-2.0 Group: Documentation/Man -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.228565514 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.232564949 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.10 -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.252562124 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.252562124 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %define vanilla_only 0 @@ -57,9 +57,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.276558733 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.276558733 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.300555343 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.304554778 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.10 -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.328551388 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.332550823 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.10 -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.360546867 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.360546867 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.10.5 +Version: 4.10.8 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:00.380544042 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:00.384543477 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.10 -%define patchversion 4.10.5 +%define patchversion 4.10.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.10.5 +Version: 4.10.8 %if 0%{?is_kotd} -Release: <RELEASE>.gf3fbfc6 +Release: <RELEASE>.gea9dcd4 %else Release: 0 %endif kernel-vanilla.spec: same change ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/drm-reference-count-event-completion new/patches.drivers/drm-reference-count-event-completion --- old/patches.drivers/drm-reference-count-event-completion 2017-01-30 17:46:39.000000000 +0100 +++ new/patches.drivers/drm-reference-count-event-completion 1970-01-01 01:00:00.000000000 +0100 @@ -1,99 +0,0 @@ -From 24835e442f289813aa568d142a755672a740503c Mon Sep 17 00:00:00 2001 -From: Daniel Vetter <[email protected]> -Date: Wed, 21 Dec 2016 11:23:30 +0100 -Subject: [PATCH] drm: reference count event->completion -Git-commit: 24835e442f289813aa568d142a755672a740503c -References: bsc#1013576 -Git-repo: git://anongit.freedesktop.org/drm-intel -Patch-mainline: Queued in subsystem maintainer repository - -When writing the generic nonblocking commit code I assumed that -through clever lifetime management I can assure that the completion -(stored in drm_crtc_commit) only gets freed after it is completed. And -that worked. - -I also wanted to make nonblocking helpers resilient against driver -bugs, by having timeouts everywhere. And that worked too. - -Unfortunately taking boths things together results in oopses :( Well, -at least sometimes: What seems to happen is that the drm event hangs -around forever stuck in limbo land. The nonblocking helpers eventually -time out, move on and release it. Now the bug I tested all this -against is drivers that just entirely fail to deliver the vblank -events like they should, and in those cases the event is simply -leaked. But what seems to happen, at least sometimes, on i915 is that -the event is set up correctly, but somohow the vblank fails to fire in -time. Which means the event isn't leaked, it's still there waiting for -eventually a vblank to fire. That tends to happen when re-enabling the -pipe, and then the trap springs and the kernel oopses. - -The correct fix here is simply to refcount the crtc commit to make -sure that the event sticks around even for drivers which only -sometimes fail to deliver vblanks for some arbitrary reasons. Since -crtc commits are already refcounted that's easy to do. - -Reference: https://bugs.freedesktop.org/show_bug.cgi?id=96781 -Cc: Jim Rees <[email protected]> -Cc: Chris Wilson <[email protected]> -Cc: Maarten Lankhorst <[email protected]> -Cc: Jani Nikula <[email protected]> -Reviewed-by: Maarten Lankhorst <[email protected]> -Signed-off-by: Daniel Vetter <[email protected]> -Link: http://patchwork.freedesktop.org/patch/msgid/[email protected] -Acked-by: Takashi Iwai <[email protected]> - ---- - drivers/gpu/drm/drm_atomic_helper.c | 11 +++++++++++ - drivers/gpu/drm/drm_fops.c | 2 +- - include/drm/drmP.h | 1 + - 3 files changed, 13 insertions(+), 1 deletion(-) - ---- a/drivers/gpu/drm/drm_atomic_helper.c -+++ b/drivers/gpu/drm/drm_atomic_helper.c -@@ -1389,6 +1389,15 @@ static int stall_checks(struct drm_crtc - return ret < 0 ? ret : 0; - } - -+void release_crtc_commit(struct completion *completion) -+{ -+ struct drm_crtc_commit *commit = container_of(completion, -+ typeof(*commit), -+ flip_done); -+ -+ drm_crtc_commit_put(commit); -+} -+ - /** - * drm_atomic_helper_setup_commit - setup possibly nonblocking commit - * @state: new modeset state to be committed -@@ -1481,6 +1490,8 @@ int drm_atomic_helper_setup_commit(struc - } - - crtc_state->event->base.completion = &commit->flip_done; -+ crtc_state->event->base.completion_release = release_crtc_commit; -+ drm_crtc_commit_get(commit); - } - - return 0; ---- a/drivers/gpu/drm/drm_fops.c -+++ b/drivers/gpu/drm/drm_fops.c -@@ -689,8 +689,8 @@ void drm_send_event_locked(struct drm_de - assert_spin_locked(&dev->event_lock); - - if (e->completion) { -- /* ->completion might disappear as soon as it signalled. */ - complete_all(e->completion); -+ e->completion_release(e->completion); - e->completion = NULL; - } - ---- a/include/drm/drmP.h -+++ b/include/drm/drmP.h -@@ -360,6 +360,7 @@ struct drm_ioctl_desc { - /* Event queued up for userspace to read */ - struct drm_pending_event { - struct completion *completion; -+ void (*completion_release)(struct completion *completion); - struct drm_event *event; - struct dma_fence *fence; - struct list_head link; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/fbcon-Fix-vc-attr-at-deinit new/patches.drivers/fbcon-Fix-vc-attr-at-deinit --- old/patches.drivers/fbcon-Fix-vc-attr-at-deinit 2017-01-30 17:46:39.000000000 +0100 +++ new/patches.drivers/fbcon-Fix-vc-attr-at-deinit 1970-01-01 01:00:00.000000000 +0100 @@ -1,142 +0,0 @@ -From: Takashi Iwai <[email protected]> -Date: Tue, 3 Jan 2017 14:47:46 +0100 -Subject: [PATCH] fbcon: Fix vc attr at deinit -Message-Id: <[email protected]> -Patch-mainline: Submitted, linux-fbdev ML -References: bsc#1000619 - -fbcon can deal with vc_hi_font_mask (the upper 256 chars) and adjust -the vc attrs dynamically when vc_hi_font_mask is changed at -fbcon_init(). When the vc_hi_font_mask is set, it remaps the attrs in -the existing console buffer with one bit shift up (for 9 bits), while -it remaps with one bit shift down (for 8 bits) when the value is -cleared. It works fine as long as the font gets updated after fbcon -was initialized. - -However, we hit a bizarre problem when the console is switched to -another fb driver (typically from vesafb or efifb to drmfb). At -switching to the new fb driver, we temporarily rebind the console to -the dummy console, then rebind to the new driver. During the -switching, we leave the modified attrs as is. Thus, the new fbcon -takes over the old buffer as if it were to contain 8 bits chars -(although the attrs are still shifted for 9 bits), and effectively -this results in the yellow color texts instead of the original white -color, as found in the bugzilla entry below. - -An easy fix for this is to re-adjust the attrs before leaving the -fbcon at con_deinit callback. Since the code to adjust the attrs is -already present in the current fbcon code, in this patch, we simply -factor out the relevant code, and call it from fbcon_deinit(). - -Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000619 -Signed-off-by: Takashi Iwai <[email protected]> ---- - drivers/video/console/fbcon.c | 67 +++++++++++++++++++++++++----------------- - 1 file changed, 40 insertions(+), 27 deletions(-) - ---- a/drivers/video/console/fbcon.c -+++ b/drivers/video/console/fbcon.c -@@ -1165,6 +1165,8 @@ static void fbcon_free_font(struct displ - p->userfont = 0; - } - -+static void set_vc_hi_font(struct vc_data *vc, bool set); -+ - static void fbcon_deinit(struct vc_data *vc) - { - struct display *p = &fb_display[vc->vc_num]; -@@ -1200,6 +1202,9 @@ finished: - if (free_font) - vc->vc_font.data = NULL; - -+ if (vc->vc_hi_font_mask) -+ set_vc_hi_font(vc, false); -+ - if (!con_is_bound(&fb_con)) - fbcon_exit(); - -@@ -2436,32 +2441,10 @@ static int fbcon_get_font(struct vc_data - return 0; - } - --static int fbcon_do_set_font(struct vc_data *vc, int w, int h, -- const u8 * data, int userfont) -+/* set/clear vc_hi_font_mask and update vc attrs accordingly */ -+static void set_vc_hi_font(struct vc_data *vc, bool set) - { -- struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]]; -- struct fbcon_ops *ops = info->fbcon_par; -- struct display *p = &fb_display[vc->vc_num]; -- int resize; -- int cnt; -- char *old_data = NULL; -- -- if (con_is_visible(vc) && softback_lines) -- fbcon_set_origin(vc); -- -- resize = (w != vc->vc_font.width) || (h != vc->vc_font.height); -- if (p->userfont) -- old_data = vc->vc_font.data; -- if (userfont) -- cnt = FNTCHARCNT(data); -- else -- cnt = 256; -- vc->vc_font.data = (void *)(p->fontdata = data); -- if ((p->userfont = userfont)) -- REFCOUNT(data)++; -- vc->vc_font.width = w; -- vc->vc_font.height = h; -- if (vc->vc_hi_font_mask && cnt == 256) { -+ if (!set) { - vc->vc_hi_font_mask = 0; - if (vc->vc_can_do_color) { - vc->vc_complement_mask >>= 1; -@@ -2484,7 +2467,7 @@ static int fbcon_do_set_font(struct vc_d - ((c & 0xfe00) >> 1) | (c & 0xff); - vc->vc_attr >>= 1; - } -- } else if (!vc->vc_hi_font_mask && cnt == 512) { -+ } else { - vc->vc_hi_font_mask = 0x100; - if (vc->vc_can_do_color) { - vc->vc_complement_mask <<= 1; -@@ -2516,8 +2499,38 @@ static int fbcon_do_set_font(struct vc_d - } else - vc->vc_video_erase_char = c & ~0x100; - } -- - } -+} -+ -+static int fbcon_do_set_font(struct vc_data *vc, int w, int h, -+ const u8 * data, int userfont) -+{ -+ struct fb_info *info = registered_fb[con2fb_map[vc->vc_num]]; -+ struct fbcon_ops *ops = info->fbcon_par; -+ struct display *p = &fb_display[vc->vc_num]; -+ int resize; -+ int cnt; -+ char *old_data = NULL; -+ -+ if (con_is_visible(vc) && softback_lines) -+ fbcon_set_origin(vc); -+ -+ resize = (w != vc->vc_font.width) || (h != vc->vc_font.height); -+ if (p->userfont) -+ old_data = vc->vc_font.data; -+ if (userfont) -+ cnt = FNTCHARCNT(data); -+ else -+ cnt = 256; -+ vc->vc_font.data = (void *)(p->fontdata = data); -+ if ((p->userfont = userfont)) -+ REFCOUNT(data)++; -+ vc->vc_font.width = w; -+ vc->vc_font.height = h; -+ if (vc->vc_hi_font_mask && cnt == 256) -+ set_vc_hi_font(vc, false); -+ else if (!vc->vc_hi_font_mask && cnt == 512) -+ set_vc_hi_font(vc, true); - - if (resize) { - int cols, rows; ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/crypto-algif_hash-avoid-zero-sized-array.patch new/patches.fixes/crypto-algif_hash-avoid-zero-sized-array.patch --- old/patches.fixes/crypto-algif_hash-avoid-zero-sized-array.patch 2017-03-22 14:15:00.000000000 +0100 +++ new/patches.fixes/crypto-algif_hash-avoid-zero-sized-array.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,66 +0,0 @@ -From: Jiri Slaby <[email protected]> -Date: Thu, 15 Dec 2016 14:31:01 +0100 -Subject: crypto: algif_hash - avoid zero-sized array -Git-commit: 6207119444595d287b1e9e83a2066c17209698f3 -Patch-mainline: 4.11-rc1 -References: bnc#1007962 - -With this reproducer: - struct sockaddr_alg alg = { - .salg_family = 0x26, - .salg_type = "hash", - .salg_feat = 0xf, - .salg_mask = 0x5, - .salg_name = "digest_null", - }; - int sock, sock2; - - sock = socket(AF_ALG, SOCK_SEQPACKET, 0); - bind(sock, (struct sockaddr *)&alg, sizeof(alg)); - sock2 = accept(sock, NULL, NULL); - setsockopt(sock, SOL_ALG, ALG_SET_KEY, "\x9b\xca", 2); - accept(sock2, NULL, NULL); - -==== 8< ======== 8< ======== 8< ======== 8< ==== - -one can immediatelly see an UBSAN warning: -UBSAN: Undefined behaviour in crypto/algif_hash.c:187:7 -variable length array bound value 0 <= 0 -CPU: 0 PID: 15949 Comm: syz-executor Tainted: G E 4.4.30-0-default #1 -... -Call Trace: -... - [<ffffffff81d598fd>] ? __ubsan_handle_vla_bound_not_positive+0x13d/0x188 - [<ffffffff81d597c0>] ? __ubsan_handle_out_of_bounds+0x1bc/0x1bc - [<ffffffffa0e2204d>] ? hash_accept+0x5bd/0x7d0 [algif_hash] - [<ffffffffa0e2293f>] ? hash_accept_nokey+0x3f/0x51 [algif_hash] - [<ffffffffa0e206b0>] ? hash_accept_parent_nokey+0x4a0/0x4a0 [algif_hash] - [<ffffffff8235c42b>] ? SyS_accept+0x2b/0x40 - -It is a correct warning, as hash state is propagated to accept as zero, -but creating a zero-length variable array is not allowed in C. - -Fix this as proposed by Herbert -- do "?: 1" on that site. No sizeof or -similar happens in the code there, so we just allocate one byte even -though we do not use the array. - -Signed-off-by: Jiri Slaby <[email protected]> -Cc: Herbert Xu <[email protected]> -Cc: "David S. Miller" <[email protected]> (maintainer:CRYPTO API) -Reported-by: Sasha Levin <[email protected]> -Signed-off-by: Herbert Xu <[email protected]> ---- - crypto/algif_hash.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/crypto/algif_hash.c -+++ b/crypto/algif_hash.c -@@ -245,7 +245,7 @@ static int hash_accept(struct socket *so - struct alg_sock *ask = alg_sk(sk); - struct hash_ctx *ctx = ask->private; - struct ahash_request *req = &ctx->req; -- char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req))]; -+ char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req)) ? : 1]; - struct sock *sk2; - struct alg_sock *ask2; - struct hash_ctx *ctx2; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/net-packet-fix-overflow-in-check-for-priv-area-size.patch new/patches.fixes/net-packet-fix-overflow-in-check-for-priv-area-size.patch --- old/patches.fixes/net-packet-fix-overflow-in-check-for-priv-area-size.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/net-packet-fix-overflow-in-check-for-priv-area-size.patch 2017-03-31 19:14:49.000000000 +0200 @@ -0,0 +1,44 @@ +From: Andrey Konovalov <[email protected]> +Date: Wed, 29 Mar 2017 16:11:20 +0200 +Subject: net/packet: fix overflow in check for priv area size +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git +Git-commit: 2b6867c2ce76c596676bec7d2d525af525fdc6e2 +References: CVE-2017-7308 bsc#1031579 + +Subtracting tp_sizeof_priv from tp_block_size and casting to int +to check whether one is less then the other doesn't always work +(both of them are unsigned ints). + +Compare them as is instead. + +Also cast tp_sizeof_priv to u64 before using BLK_PLUS_PRIV, as +it can overflow inside BLK_PLUS_PRIV otherwise. + +Signed-off-by: Andrey Konovalov <[email protected]> +Acked-by: Eric Dumazet <[email protected]> +Signed-off-by: David S. Miller <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + net/packet/af_packet.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index c59fcc79ba32..5c919933a39b 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -4177,8 +4177,8 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + if (unlikely(!PAGE_ALIGNED(req->tp_block_size))) + goto out; + if (po->tp_version >= TPACKET_V3 && +- (int)(req->tp_block_size - +- BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) ++ req->tp_block_size <= ++ BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv)) + goto out; + if (unlikely(req->tp_frame_size < po->tp_hdrlen + + po->tp_reserve)) +-- +2.12.2 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch new/patches.fixes/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch --- old/patches.fixes/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch 2017-03-31 19:14:49.000000000 +0200 @@ -0,0 +1,41 @@ +From: Andrey Konovalov <[email protected]> +Date: Wed, 29 Mar 2017 16:11:21 +0200 +Subject: net/packet: fix overflow in check for tp_frame_nr +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git +Git-commit: 8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b +References: CVE-2017-7308 bsc#1031579 + +When calculating rb->frames_per_block * req->tp_block_nr the result +can overflow. + +Add a check that tp_block_size * tp_block_nr <= UINT_MAX. + +Since frames_per_block <= tp_block_size, the expression would +never overflow. + +Signed-off-by: Andrey Konovalov <[email protected]> +Acked-by: Eric Dumazet <[email protected]> +Signed-off-by: David S. Miller <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + net/packet/af_packet.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 5c919933a39b..624d188bf705 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -4189,6 +4189,8 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + rb->frames_per_block = req->tp_block_size / req->tp_frame_size; + if (unlikely(rb->frames_per_block == 0)) + goto out; ++ if (unlikely(req->tp_block_size > UINT_MAX / req->tp_block_nr)) ++ goto out; + if (unlikely((rb->frames_per_block * req->tp_block_nr) != + req->tp_frame_nr)) + goto out; +-- +2.12.2 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/net-packet-fix-overflow-in-check-for-tp_reserve.patch new/patches.fixes/net-packet-fix-overflow-in-check-for-tp_reserve.patch --- old/patches.fixes/net-packet-fix-overflow-in-check-for-tp_reserve.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/net-packet-fix-overflow-in-check-for-tp_reserve.patch 2017-03-31 19:14:49.000000000 +0200 @@ -0,0 +1,37 @@ +From: Andrey Konovalov <[email protected]> +Date: Wed, 29 Mar 2017 16:11:22 +0200 +Subject: net/packet: fix overflow in check for tp_reserve +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git +Git-commit: bcc5364bdcfe131e6379363f089e7b4108d35b70 +References: CVE-2017-7308 bsc#1031579 + +When calculating po->tp_hdrlen + po->tp_reserve the result can overflow. + +Fix by checking that tp_reserve <= INT_MAX on assign. + +Signed-off-by: Andrey Konovalov <[email protected]> +Acked-by: Eric Dumazet <[email protected]> +Signed-off-by: David S. Miller <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + net/packet/af_packet.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 624d188bf705..0f074c96f43f 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -3644,6 +3644,8 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv + return -EBUSY; + if (copy_from_user(&val, optval, sizeof(val))) + return -EFAULT; ++ if (val > INT_MAX) ++ return -EINVAL; + po->tp_reserve = val; + return 0; + } +-- +2.12.2 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ping-implement-proper-locking.patch new/patches.fixes/ping-implement-proper-locking.patch --- old/patches.fixes/ping-implement-proper-locking.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/ping-implement-proper-locking.patch 2017-03-31 19:14:49.000000000 +0200 @@ -0,0 +1,58 @@ +From: Eric Dumazet <[email protected]> +Date: Fri, 24 Mar 2017 19:36:13 -0700 +Subject: ping: implement proper locking +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git +Git-commit: 43a6684519ab0a6c52024b5e25322476cabad893 +References: bsc#1031003 + +We got a report of yet another bug in ping + +http://www.openwall.com/lists/oss-security/2017/03/24/6 + +->disconnect() is not called with socket lock held. + +Fix this by acquiring ping rwlock earlier. + +Thanks to Daniel, Alexander and Andrey for letting us know this problem. + +Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") +Signed-off-by: Eric Dumazet <[email protected]> +Reported-by: Daniel Jiang <[email protected]> +Reported-by: Solar Designer <[email protected]> +Reported-by: Andrey Konovalov <[email protected]> +Signed-off-by: David S. Miller <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + net/ipv4/ping.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c +index 68d77b1f1495..51e2f3c5e954 100644 +--- a/net/ipv4/ping.c ++++ b/net/ipv4/ping.c +@@ -156,17 +156,18 @@ int ping_hash(struct sock *sk) + void ping_unhash(struct sock *sk) + { + struct inet_sock *isk = inet_sk(sk); ++ + pr_debug("ping_unhash(isk=%p,isk->num=%u)\n", isk, isk->inet_num); ++ write_lock_bh(&ping_table.lock); + if (sk_hashed(sk)) { +- write_lock_bh(&ping_table.lock); + hlist_nulls_del(&sk->sk_nulls_node); + sk_nulls_node_init(&sk->sk_nulls_node); + sock_put(sk); + isk->inet_num = 0; + isk->inet_sport = 0; + sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); +- write_unlock_bh(&ping_table.lock); + } ++ write_unlock_bh(&ping_table.lock); + } + EXPORT_SYMBOL_GPL(ping_unhash); + +-- +2.12.2 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/tcp-fix-SCM_TIMESTAMPING_OPT_STATS-for-normal-skbs.patch new/patches.fixes/tcp-fix-SCM_TIMESTAMPING_OPT_STATS-for-normal-skbs.patch --- old/patches.fixes/tcp-fix-SCM_TIMESTAMPING_OPT_STATS-for-normal-skbs.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/tcp-fix-SCM_TIMESTAMPING_OPT_STATS-for-normal-skbs.patch 2017-03-31 19:14:49.000000000 +0200 @@ -0,0 +1,99 @@ +From: Soheil Hassas Yeganeh <[email protected]> +Date: Sat, 18 Mar 2017 17:02:59 -0400 +Subject: tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs +Patch-mainline: v4.11-rc4 +Git-commit: 8605330aac5a5785630aec8f64378a54891937cc +References: CVE-2017-7277 bsc#1031265 + +__sock_recv_timestamp can be called for both normal skbs (for +receive timestamps) and for skbs on the error queue (for transmit +timestamps). + +Commit 1c885808e456 +(tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING) +assumes any skb passed to __sock_recv_timestamp are from +the error queue, containing OPT_STATS in the content of the skb. +This results in accessing invalid memory or generating junk +data. + +To fix this, set skb->pkt_type to PACKET_OUTGOING for packets +on the error queue. This is safe because on the receive path +on local sockets skb->pkt_type is never set to PACKET_OUTGOING. +With that, copy OPT_STATS from a packet, only if its pkt_type +is PACKET_OUTGOING. + +Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING") +Reported-by: JongHwan Kim <[email protected]> +Signed-off-by: Soheil Hassas Yeganeh <[email protected]> +Signed-off-by: Eric Dumazet <[email protected]> +Signed-off-by: Willem de Bruijn <[email protected]> +Signed-off-by: David S. Miller <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + net/core/skbuff.c | 10 ++++++++++ + net/socket.c | 13 ++++++++++++- + 2 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index aa3a13378c90..f21a29efdfc9 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -3690,6 +3690,15 @@ static void sock_rmem_free(struct sk_buff *skb) + atomic_sub(skb->truesize, &sk->sk_rmem_alloc); + } + ++static void skb_set_err_queue(struct sk_buff *skb) ++{ ++ /* pkt_type of skbs received on local sockets is never PACKET_OUTGOING. ++ * So, it is safe to (mis)use it to mark skbs on the error queue. ++ */ ++ skb->pkt_type = PACKET_OUTGOING; ++ BUILD_BUG_ON(PACKET_OUTGOING == 0); ++} ++ + /* + * Note: We dont mem charge error packets (no sk_forward_alloc changes) + */ +@@ -3703,6 +3712,7 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb) + skb->sk = sk; + skb->destructor = sock_rmem_free; + atomic_add(skb->truesize, &sk->sk_rmem_alloc); ++ skb_set_err_queue(skb); + + /* before exiting rcu section, make sure dst is refcounted */ + skb_dst_force(skb); +diff --git a/net/socket.c b/net/socket.c +index 02bd9249e295..bfdb35898e4c 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -654,6 +654,16 @@ int kernel_sendmsg(struct socket *sock, struct msghdr *msg, + } + EXPORT_SYMBOL(kernel_sendmsg); + ++static bool skb_is_err_queue(const struct sk_buff *skb) ++{ ++ /* pkt_type of skbs enqueued on the error queue are set to ++ * PACKET_OUTGOING in skb_set_err_queue(). This is only safe to do ++ * in recvmsg, since skbs received on a local socket will never ++ * have a pkt_type of PACKET_OUTGOING. ++ */ ++ return skb->pkt_type == PACKET_OUTGOING; ++} ++ + /* + * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP) + */ +@@ -697,7 +707,8 @@ void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk, + put_cmsg(msg, SOL_SOCKET, + SCM_TIMESTAMPING, sizeof(tss), &tss); + +- if (skb->len && (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS)) ++ if (skb_is_err_queue(skb) && skb->len && ++ (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS)) + put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS, + skb->len, skb->data); + } +-- +2.12.2 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/tcp-mark-skbs-with-SCM_TIMESTAMPING_OPT_STATS.patch new/patches.fixes/tcp-mark-skbs-with-SCM_TIMESTAMPING_OPT_STATS.patch --- old/patches.fixes/tcp-mark-skbs-with-SCM_TIMESTAMPING_OPT_STATS.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/tcp-mark-skbs-with-SCM_TIMESTAMPING_OPT_STATS.patch 2017-03-31 19:14:49.000000000 +0200 @@ -0,0 +1,125 @@ +From: Soheil Hassas Yeganeh <[email protected]> +Date: Sat, 18 Mar 2017 17:03:00 -0400 +Subject: tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS +Patch-mainline: v4.11-rc4 +Git-commit: 4ef1b2869447411ad3ef91ad7d4891a83c1a509a +References: CVE-2017-7277 bsc#1031265 + +SOF_TIMESTAMPING_OPT_STATS can be enabled and disabled +while packets are collected on the error queue. +So, checking SOF_TIMESTAMPING_OPT_STATS in sk->sk_tsflags +is not enough to safely assume that the skb contains +OPT_STATS data. + +Add a bit in sock_exterr_skb to indicate whether the +skb contains opt_stats data. + +Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING") +Reported-by: JongHwan Kim <[email protected]> +Signed-off-by: Soheil Hassas Yeganeh <[email protected]> +Signed-off-by: Eric Dumazet <[email protected]> +Signed-off-by: Willem de Bruijn <[email protected]> +Signed-off-by: David S. Miller <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + include/linux/errqueue.h | 2 ++ + net/core/skbuff.c | 17 +++++++++++------ + net/socket.c | 2 +- + 3 files changed, 14 insertions(+), 7 deletions(-) + +diff --git a/include/linux/errqueue.h b/include/linux/errqueue.h +index 9ca23fcfb5d7..6fdfc884fdeb 100644 +--- a/include/linux/errqueue.h ++++ b/include/linux/errqueue.h +@@ -20,6 +20,8 @@ struct sock_exterr_skb { + struct sock_extended_err ee; + u16 addr_offset; + __be16 port; ++ u8 opt_stats:1, ++ unused:7; + }; + + #endif +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index f21a29efdfc9..941b8c76739d 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -3789,16 +3789,20 @@ EXPORT_SYMBOL(skb_clone_sk); + + static void __skb_complete_tx_timestamp(struct sk_buff *skb, + struct sock *sk, +- int tstype) ++ int tstype, ++ bool opt_stats) + { + struct sock_exterr_skb *serr; + int err; + ++ BUILD_BUG_ON(sizeof(struct sock_exterr_skb) > sizeof(skb->cb)); ++ + serr = SKB_EXT_ERR(skb); + memset(serr, 0, sizeof(*serr)); + serr->ee.ee_errno = ENOMSG; + serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; + serr->ee.ee_info = tstype; ++ serr->opt_stats = opt_stats; + if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) { + serr->ee.ee_data = skb_shinfo(skb)->tskey; + if (sk->sk_protocol == IPPROTO_TCP && +@@ -3839,7 +3843,7 @@ void skb_complete_tx_timestamp(struct sk_buff *skb, + */ + if (likely(atomic_inc_not_zero(&sk->sk_refcnt))) { + *skb_hwtstamps(skb) = *hwtstamps; +- __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND); ++ __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND, false); + sock_put(sk); + } + } +@@ -3850,7 +3854,7 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb, + struct sock *sk, int tstype) + { + struct sk_buff *skb; +- bool tsonly; ++ bool tsonly, opt_stats = false; + + if (!sk) + return; +@@ -3863,9 +3867,10 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb, + #ifdef CONFIG_INET + if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS) && + sk->sk_protocol == IPPROTO_TCP && +- sk->sk_type == SOCK_STREAM) ++ sk->sk_type == SOCK_STREAM) { + skb = tcp_get_timestamping_opt_stats(sk); +- else ++ opt_stats = true; ++ } else + #endif + skb = alloc_skb(0, GFP_ATOMIC); + } else { +@@ -3884,7 +3889,7 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb, + else + skb->tstamp = ktime_get_real(); + +- __skb_complete_tx_timestamp(skb, sk, tstype); ++ __skb_complete_tx_timestamp(skb, sk, tstype, opt_stats); + } + EXPORT_SYMBOL_GPL(__skb_tstamp_tx); + +diff --git a/net/socket.c b/net/socket.c +index bfdb35898e4c..6361d3161120 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -708,7 +708,7 @@ void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk, + SCM_TIMESTAMPING, sizeof(tss), &tss); + + if (skb_is_err_queue(skb) && skb->len && +- (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS)) ++ SKB_EXT_ERR(skb)->opt_stats) + put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS, + skb->len, skb->data); + } +-- +2.12.2 + ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 6800 lines of diff (skipped) ++++++ patches.rpmify.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/drm-i915-disable-KASAN-for-handlers.patch new/patches.rpmify/drm-i915-disable-KASAN-for-handlers.patch --- old/patches.rpmify/drm-i915-disable-KASAN-for-handlers.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.rpmify/drm-i915-disable-KASAN-for-handlers.patch 2017-03-30 11:49:42.000000000 +0200 @@ -0,0 +1,40 @@ +From: Jiri Slaby <[email protected]> +Date: Thu, 30 Mar 2017 10:52:48 +0200 +Subject: drm/i915: disable KASAN for handlers +Patch-mainline: submitted, https://lkml.kernel.org/r/<[email protected]> +References: bnc#1025903 + +Handlers are currently the only blocker to compile the kernel with gcc 7 +and KASAN+use-after-scope enabled: +drivers/gpu/drm/i915/gvt/handlers.c:2200:1: error: the frame size of 43760 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] +drivers/gpu/drm/i915/gvt/handlers.c:2402:1: error: the frame size of 9400 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] +drivers/gpu/drm/i915/gvt/handlers.c:2628:1: error: the frame size of 11256 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] + +It is due to many expansions of MMIO_* macros in init_generic_mmio_info. +INTEL_GVT_MMIO_OFFSET generates for each such line a __reg and an +offset. There are too many for KASAN to keep up. + +So disable KASAN for this file. + +Signed-off-by: Jiri Slaby <[email protected]> +Cc: Martin Liska <[email protected]> +Cc: Zhenyu Wang <[email protected]> +Cc: Zhi Wang <[email protected]> +Cc: Daniel Vetter <[email protected]> +Cc: Jani Nikula <[email protected]> +Cc: David Airlie <[email protected]> +Cc: [email protected] +Cc: [email protected] +Cc: [email protected] +--- + drivers/gpu/drm/i915/gvt/Makefile | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/gpu/drm/i915/gvt/Makefile ++++ b/drivers/gpu/drm/i915/gvt/Makefile +@@ -6,3 +6,5 @@ GVT_SOURCE := gvt.o aperture_gm.o handle + ccflags-y += -I$(src) -I$(src)/$(GVT_DIR) -Wall + i915-y += $(addprefix $(GVT_DIR)/, $(GVT_SOURCE)) + obj-$(CONFIG_DRM_I915_GVT_KVMGT) += $(GVT_DIR)/kvmgt.o ++ ++KASAN_SANITIZE_handlers.o := n diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/give-up-on-gcc-ilog2-constant-optimizations.patch new/patches.rpmify/give-up-on-gcc-ilog2-constant-optimizations.patch --- old/patches.rpmify/give-up-on-gcc-ilog2-constant-optimizations.patch 2017-03-20 11:31:28.000000000 +0100 +++ new/patches.rpmify/give-up-on-gcc-ilog2-constant-optimizations.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,123 +0,0 @@ -From: Linus Torvalds <[email protected]> -Date: Thu, 2 Mar 2017 12:17:22 -0800 -Subject: give up on gcc ilog2() constant optimizations -Git-commit: 474c90156c8dcc2fa815e6716cc9394d7930cb9c -Patch-mainline: v4.11-rc1 -References: bnc#1025903 - -gcc-7 has an "optimization" pass that completely screws up, and -generates the code expansion for the (impossible) case of calling -ilog2() with a zero constant, even when the code gcc compiles does not -actually have a zero constant. - -And we try to generate a compile-time error for anybody doing ilog2() on -a constant where that doesn't make sense (be it zero or negative). So -now gcc7 will fail the build due to our sanity checking, because it -created that constant-zero case that didn't actually exist in the source -code. - -There's a whole long discussion on the kernel mailing about how to work -around this gcc bug. The gcc people themselevs have discussed their -"feature" in - - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72785 - -but it's all water under the bridge, because while it looked at one -point like it would be solved by the time gcc7 was released, that was -not to be. - -So now we have to deal with this compiler braindamage. - -And the only simple approach seems to be to just delete the code that -tries to warn about bad uses of ilog2(). - -So now "ilog2()" will just return 0 not just for the value 1, but for -any non-positive value too. - -It's not like I can recall anybody having ever actually tried to use -this function on any invalid value, but maybe the sanity check just -meant that such code never made it out in public. - -Reported-by: Laura Abbott <[email protected]> -Cc: John Stultz <[email protected]>, -Cc: Thomas Gleixner <[email protected]> -Cc: Ard Biesheuvel <[email protected]> -Signed-off-by: Linus Torvalds <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - include/linux/log2.h | 13 ++----------- - tools/include/linux/log2.h | 13 ++----------- - 2 files changed, 4 insertions(+), 22 deletions(-) - ---- a/include/linux/log2.h -+++ b/include/linux/log2.h -@@ -16,12 +16,6 @@ - #include <linux/bitops.h> - - /* -- * deal with unrepresentable constant logarithms -- */ --extern __attribute__((const, noreturn)) --int ____ilog2_NaN(void); -- --/* - * non-constant log of base 2 calculators - * - the arch may override these in asm/bitops.h if they can be implemented - * more efficiently than using fls() and fls64() -@@ -85,7 +79,7 @@ unsigned long __rounddown_pow_of_two(uns - #define ilog2(n) \ - ( \ - __builtin_constant_p(n) ? ( \ -- (n) < 1 ? ____ilog2_NaN() : \ -+ (n) < 2 ? 0 : \ - (n) & (1ULL << 63) ? 63 : \ - (n) & (1ULL << 62) ? 62 : \ - (n) & (1ULL << 61) ? 61 : \ -@@ -148,10 +142,7 @@ unsigned long __rounddown_pow_of_two(uns - (n) & (1ULL << 4) ? 4 : \ - (n) & (1ULL << 3) ? 3 : \ - (n) & (1ULL << 2) ? 2 : \ -- (n) & (1ULL << 1) ? 1 : \ -- (n) & (1ULL << 0) ? 0 : \ -- ____ilog2_NaN() \ -- ) : \ -+ 1 ) : \ - (sizeof(n) <= 4) ? \ - __ilog2_u32(n) : \ - __ilog2_u64(n) \ ---- a/tools/include/linux/log2.h -+++ b/tools/include/linux/log2.h -@@ -13,12 +13,6 @@ - #define _TOOLS_LINUX_LOG2_H - - /* -- * deal with unrepresentable constant logarithms -- */ --extern __attribute__((const, noreturn)) --int ____ilog2_NaN(void); -- --/* - * non-constant log of base 2 calculators - * - the arch may override these in asm/bitops.h if they can be implemented - * more efficiently than using fls() and fls64() -@@ -78,7 +72,7 @@ unsigned long __rounddown_pow_of_two(uns - #define ilog2(n) \ - ( \ - __builtin_constant_p(n) ? ( \ -- (n) < 1 ? ____ilog2_NaN() : \ -+ (n) < 2 ? 0 : \ - (n) & (1ULL << 63) ? 63 : \ - (n) & (1ULL << 62) ? 62 : \ - (n) & (1ULL << 61) ? 61 : \ -@@ -141,10 +135,7 @@ unsigned long __rounddown_pow_of_two(uns - (n) & (1ULL << 4) ? 4 : \ - (n) & (1ULL << 3) ? 3 : \ - (n) & (1ULL << 2) ? 2 : \ -- (n) & (1ULL << 1) ? 1 : \ -- (n) & (1ULL << 0) ? 0 : \ -- ____ilog2_NaN() \ -- ) : \ -+ 1 ) : \ - (sizeof(n) <= 4) ? \ - __ilog2_u32(n) : \ - __ilog2_u64(n) \ ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:01.440394304 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:01.440394304 +0200 @@ -32,13 +32,15 @@ patches.kernel.org/patch-4.10.2-3 patches.kernel.org/patch-4.10.3-4 patches.kernel.org/patch-4.10.4-5 + patches.kernel.org/patch-4.10.5-6 + patches.kernel.org/patch-4.10.6-7 + patches.kernel.org/patch-4.10.7-8 ######################################################## # Build fixes that apply to the vanilla kernel too. # Patches in patches.rpmify are applied to both -vanilla # and patched flavors. ######################################################## - patches.rpmify/give-up-on-gcc-ilog2-constant-optimizations.patch ######################################################## # kABI consistency patches @@ -56,6 +58,7 @@ patches.rpmify/firmware-path patches.rpmify/cloneconfig.diff patches.rpmify/get_builtin_firmware-gcc-7.patch + patches.rpmify/drm-i915-disable-KASAN-for-handlers.patch ######################################################## # kbuild/module infrastructure fixes @@ -184,7 +187,6 @@ ######################################################## patches.suse/connector-read-mostly patches.suse/kbd-ignore-gfx.patch - patches.fixes/crypto-algif_hash-avoid-zero-sized-array.patch ######################################################## # @@ -215,6 +217,12 @@ # Networking, IPv6 ######################################################## patches.fixes/openvswitch-Set-internal-device-max-mtu-to-ETH_MAX_M.patch + patches.fixes/ping-implement-proper-locking.patch + patches.fixes/net-packet-fix-overflow-in-check-for-priv-area-size.patch + patches.fixes/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch + patches.fixes/net-packet-fix-overflow-in-check-for-tp_reserve.patch + patches.fixes/tcp-fix-SCM_TIMESTAMPING_OPT_STATS-for-normal-skbs.patch + patches.fixes/tcp-mark-skbs-with-SCM_TIMESTAMPING_OPT_STATS.patch ######################################################## # Netfilter @@ -321,7 +329,6 @@ # DRM/Video ######################################################## patches.fixes/drm-i915-Fix-S4-resume-breakage - patches.drivers/drm-reference-count-event-completion ######################################################## # video4linux @@ -375,7 +382,6 @@ ######################################################## # Char / serial ######################################################## - patches.drivers/fbcon-Fix-vc-attr-at-deinit ######################################################## # Other driver fixes ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.NjYCQA/_old 2017-04-03 11:05:01.480388653 +0200 +++ /var/tmp/diff_new_pack.NjYCQA/_new 2017-04-03 11:05:01.484388088 +0200 @@ -1,3 +1,3 @@ -2017-03-22 14:15:00 +0100 -GIT Revision: f3fbfc6e0759d457c1c47e1ac5a962624a67e66d +2017-03-31 19:16:00 +0200 +GIT Revision: ea9dcd468d472551aa10e99534387143f44aa33f GIT Branch: stable
