Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2017-10-20 14:40:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Fri Oct 20 14:40:35 2017 rev:384 rq:534919 version:4.13.8 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2017-10-18 12:35:55.292133324 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2017-10-20 14:40:37.062985255 +0200 @@ -1,0 +2,112 @@ +Wed Oct 18 11:53:30 CEST 2017 - [email protected] + +- Linux 4.13.8 (bnc#1012628). +- USB: dummy-hcd: Fix deadlock caused by disconnect detection + (bnc#1012628). +- MIPS: math-emu: Remove pr_err() calls from fpu_emu() + (bnc#1012628). +- MIPS: bpf: Fix uninitialised target compiler error + (bnc#1012628). +- mei: always use domain runtime pm callbacks (bnc#1012628). +- dmaengine: edma: Align the memcpy acnt array size with the + transfer (bnc#1012628). +- dmaengine: ti-dma-crossbar: Fix possible race condition with + dma_inuse (bnc#1012628). +- NFS: Fix uninitialized rpc_wait_queue (bnc#1012628). +- nfs/filelayout: fix oops when freeing filelayout segment + (bnc#1012628). +- HID: usbhid: fix out-of-bounds bug (bnc#1012628). +- crypto: skcipher - Fix crash on zero-length input (bnc#1012628). +- crypto: shash - Fix zero-length shash ahash digest crash + (bnc#1012628). +- KVM: MMU: always terminate page walks at level 1 (bnc#1012628). +- KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit + (bnc#1012628). +- usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length + packet (bnc#1012628). +- pinctrl/amd: Fix build dependency on pinmux code (bnc#1012628). +- iommu/amd: Finish TLB flush in amd_iommu_unmap() (bnc#1012628). +- device property: Track owner device of device property + (bnc#1012628). +- Revert "vmalloc: back off when the current task is killed" + (bnc#1012628). +- fs/mpage.c: fix mpage_writepage() for pages with buffers + (bnc#1012628). +- ALSA: usb-audio: Kill stray URB at exiting (bnc#1012628). +- ALSA: seq: Fix copy_from_user() call inside lock (bnc#1012628). +- ALSA: caiaq: Fix stray URB at probe error path (bnc#1012628). +- ALSA: line6: Fix NULL dereference at podhd_disconnect() + (bnc#1012628). +- ALSA: line6: Fix missing initialization before error path + (bnc#1012628). +- ALSA: line6: Fix leftover URB at error-path during probe + (bnc#1012628). +- drm/atomic: Unref duplicated drm_atomic_state in + drm_atomic_helper_resume() (bnc#1012628). +- drm/i915/edp: Get the Panel Power Off timestamp after panel + is off (bnc#1012628). +- drm/i915: Read timings from the correct transcoder in + intel_crtc_mode_get() (bnc#1012628). +- drm/i915/bios: parse DDI ports also for CHV for HDMI DDC pin + and DP AUX channel (bnc#1012628). +- drm/i915: Use crtc_state_is_legacy_gamma in intel_color_check + (bnc#1012628). +- usb: gadget: configfs: Fix memory leak of interface directory + data (bnc#1012628). +- usb: gadget: composite: Fix use-after-free in + usb_composite_overwrite_options (bnc#1012628). +- PCI: aardvark: Move to struct pci_host_bridge IRQ mapping + functions (bnc#1012628). +- Revert "PCI: tegra: Do not allocate MSI target memory" + (bnc#1012628). +- direct-io: Prevent NULL pointer access in submit_page_section + (bnc#1012628). +- fix unbalanced page refcounting in bio_map_user_iov + (bnc#1012628). +- more bio_map_user_iov() leak fixes (bnc#1012628). +- bio_copy_user_iov(): don't ignore ->iov_offset (bnc#1012628). +- perf script: Add missing separator for "-F ip,brstack" (and + brstackoff) (bnc#1012628). +- genirq/cpuhotplug: Enforce affinity setting on startup of + managed irqs (bnc#1012628). +- genirq/cpuhotplug: Add sanity check for effective affinity mask + (bnc#1012628). +- USB: serial: ftdi_sio: add id for Cypress WICED dev board + (bnc#1012628). +- USB: serial: cp210x: fix partnum regression (bnc#1012628). +- USB: serial: cp210x: add support for ELV TFD500 (bnc#1012628). +- USB: serial: option: add support for TP-Link LTE module + (bnc#1012628). +- USB: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012628). +- USB: serial: console: fix use-after-free on disconnect + (bnc#1012628). +- USB: serial: console: fix use-after-free after failed setup + (bnc#1012628). +- RAS/CEC: Use the right length for "cec_disable" (bnc#1012628). +- x86/microcode: Do the family check first (bnc#1012628). +- x86/alternatives: Fix alt_max_short macro to really be a max() + (bnc#1012628). +- KVM: nVMX: update last_nonleaf_level when initializing nested + EPT (bnc#1012628). +- commit 569e26e + +------------------------------------------------------------------- +Wed Oct 18 02:36:43 CEST 2017 - [email protected] + +- xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). +- commit a1a185d + +------------------------------------------------------------------- +Mon Oct 16 15:08:41 CEST 2017 - [email protected] + +- futex: Remove duplicated code and fix undefined behaviour + (bnc#1005915). +- commit b17692d + +------------------------------------------------------------------- +Sun Oct 15 14:07:51 CEST 2017 - [email protected] + +- Linux 4.13.7 (bnc#1012628). +- commit 031d6da + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.466592021 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.470591833 +0200 @@ -17,7 +17,7 @@ %define srcversion 4.13 -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb}) Name: dtb-aarch64 -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.542588465 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.542588465 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.622584722 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.622584722 +0200 @@ -17,7 +17,7 @@ %define srcversion 4.13 -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.650583411 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.654583224 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.678582101 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.682581914 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %define vanilla_only 0 @@ -57,9 +57,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.706580791 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.710580604 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.730579668 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.734579481 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.754578545 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.758578358 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.782577235 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.786577048 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.13.6 +Version: 4.13.8 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:45.814575738 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:45.818575551 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.6 +%define patchversion 4.13.8 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.13.6 +Version: 4.13.8 %if 0%{?is_kotd} -Release: <RELEASE>.ga8d2202 +Release: <RELEASE>.g569e26e %else Release: 0 %endif kernel-vanilla.spec: same change kernel-zfcpdump.spec: same change ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ALSA-seq-Fix-use-after-free-at-creating-a-port new/patches.fixes/ALSA-seq-Fix-use-after-free-at-creating-a-port --- old/patches.fixes/ALSA-seq-Fix-use-after-free-at-creating-a-port 2017-10-13 11:38:39.000000000 +0200 +++ new/patches.fixes/ALSA-seq-Fix-use-after-free-at-creating-a-port 1970-01-01 01:00:00.000000000 +0100 @@ -1,138 +0,0 @@ -From 71105998845fb012937332fe2e806d443c09e026 Mon Sep 17 00:00:00 2001 -From: Takashi Iwai <[email protected]> -Date: Mon, 9 Oct 2017 11:09:20 +0200 -Subject: [PATCH] ALSA: seq: Fix use-after-free at creating a port -Patch-mainline: Queued in subsystem maintainer repository -Git-commit: 71105998845fb012937332fe2e806d443c09e026 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -References: CVE-2017-15265, bsc#1062520 - -There is a potential race window opened at creating and deleting a -port via ioctl, as spotted by fuzzing. snd_seq_create_port() creates -a port object and returns its pointer, but it doesn't take the -refcount, thus it can be deleted immediately by another thread. -Meanwhile, snd_seq_ioctl_create_port() still calls the function -snd_seq_system_client_ev_port_start() with the created port object -that is being deleted, and this triggers use-after-free like: - - BUG: KASAN: use-after-free in snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] at addr ffff8801f2241cb1 - ============================================================================= - BUG kmalloc-512 (Tainted: G B ): kasan: bad access detected - ----------------------------------------------------------------------------- - INFO: Allocated in snd_seq_create_port+0x94/0x9b0 [snd_seq] age=1 cpu=3 pid=4511 - ___slab_alloc+0x425/0x460 - __slab_alloc+0x20/0x40 - kmem_cache_alloc_trace+0x150/0x190 - snd_seq_create_port+0x94/0x9b0 [snd_seq] - snd_seq_ioctl_create_port+0xd1/0x630 [snd_seq] - snd_seq_do_ioctl+0x11c/0x190 [snd_seq] - snd_seq_ioctl+0x40/0x80 [snd_seq] - do_vfs_ioctl+0x54b/0xda0 - SyS_ioctl+0x79/0x90 - entry_SYSCALL_64_fastpath+0x16/0x75 - INFO: Freed in port_delete+0x136/0x1a0 [snd_seq] age=1 cpu=2 pid=4717 - __slab_free+0x204/0x310 - kfree+0x15f/0x180 - port_delete+0x136/0x1a0 [snd_seq] - snd_seq_delete_port+0x235/0x350 [snd_seq] - snd_seq_ioctl_delete_port+0xc8/0x180 [snd_seq] - snd_seq_do_ioctl+0x11c/0x190 [snd_seq] - snd_seq_ioctl+0x40/0x80 [snd_seq] - do_vfs_ioctl+0x54b/0xda0 - SyS_ioctl+0x79/0x90 - entry_SYSCALL_64_fastpath+0x16/0x75 - Call Trace: - [<ffffffff81b03781>] dump_stack+0x63/0x82 - [<ffffffff81531b3b>] print_trailer+0xfb/0x160 - [<ffffffff81536db4>] object_err+0x34/0x40 - [<ffffffff815392d3>] kasan_report.part.2+0x223/0x520 - [<ffffffffa07aadf4>] ? snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] - [<ffffffff815395fe>] __asan_report_load1_noabort+0x2e/0x30 - [<ffffffffa07aadf4>] snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] - [<ffffffffa07aa8f0>] ? snd_seq_ioctl_delete_port+0x180/0x180 [snd_seq] - [<ffffffff8136be50>] ? taskstats_exit+0xbc0/0xbc0 - [<ffffffffa07abc5c>] snd_seq_do_ioctl+0x11c/0x190 [snd_seq] - [<ffffffffa07abd10>] snd_seq_ioctl+0x40/0x80 [snd_seq] - [<ffffffff8136d433>] ? acct_account_cputime+0x63/0x80 - [<ffffffff815b515b>] do_vfs_ioctl+0x54b/0xda0 - ..... - -We may fix this in a few different ways, and in this patch, it's fixed -simply by taking the refcount properly at snd_seq_create_port() and -letting the caller unref the object after use. Also, there is another -potential use-after-free by sprintf() call in snd_seq_create_port(), -and this is moved inside the lock. - -This fix covers CVE-2017-15265. - -Reported-and-tested-by: Michael23 Yu <[email protected]> -Suggested-by: Linus Torvalds <[email protected]> -Cc: <[email protected]> -Signed-off-by: Takashi Iwai <[email protected]> - ---- - sound/core/seq/seq_clientmgr.c | 6 +++++- - sound/core/seq/seq_ports.c | 7 +++++-- - 2 files changed, 10 insertions(+), 3 deletions(-) - ---- a/sound/core/seq/seq_clientmgr.c -+++ b/sound/core/seq/seq_clientmgr.c -@@ -1259,6 +1259,7 @@ static int snd_seq_ioctl_create_port(str - struct snd_seq_port_info *info = arg; - struct snd_seq_client_port *port; - struct snd_seq_port_callback *callback; -+ int port_idx; - - /* it is not allowed to create the port for an another client */ - if (info->addr.client != client->number) -@@ -1269,7 +1270,9 @@ static int snd_seq_ioctl_create_port(str - return -ENOMEM; - - if (client->type == USER_CLIENT && info->kernel) { -- snd_seq_delete_port(client, port->addr.port); -+ port_idx = port->addr.port; -+ snd_seq_port_unlock(port); -+ snd_seq_delete_port(client, port_idx); - return -EINVAL; - } - if (client->type == KERNEL_CLIENT) { -@@ -1290,6 +1293,7 @@ static int snd_seq_ioctl_create_port(str - - snd_seq_set_port_info(port, info); - snd_seq_system_client_ev_port_start(port->addr.client, port->addr.port); -+ snd_seq_port_unlock(port); - - return 0; - } ---- a/sound/core/seq/seq_ports.c -+++ b/sound/core/seq/seq_ports.c -@@ -122,7 +122,9 @@ static void port_subs_info_init(struct s - } - - --/* create a port, port number is returned (-1 on failure) */ -+/* create a port, port number is returned (-1 on failure); -+ * the caller needs to unref the port via snd_seq_port_unlock() appropriately -+ */ - struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client, - int port) - { -@@ -151,6 +153,7 @@ struct snd_seq_client_port *snd_seq_crea - snd_use_lock_init(&new_port->use_lock); - port_subs_info_init(&new_port->c_src); - port_subs_info_init(&new_port->c_dest); -+ snd_use_lock_use(&new_port->use_lock); - - num = port >= 0 ? port : 0; - mutex_lock(&client->ports_mutex); -@@ -165,9 +168,9 @@ struct snd_seq_client_port *snd_seq_crea - list_add_tail(&new_port->list, &p->list); - client->num_ports++; - new_port->addr.port = num; /* store the port number in the port */ -+ sprintf(new_port->name, "port-%d", num); - write_unlock_irqrestore(&client->ports_lock, flags); - mutex_unlock(&client->ports_mutex); -- sprintf(new_port->name, "port-%d", num); - - return new_port; - } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/futex-Remove-duplicated-code-and-fix-undefined-behav.patch new/patches.fixes/futex-Remove-duplicated-code-and-fix-undefined-behav.patch --- old/patches.fixes/futex-Remove-duplicated-code-and-fix-undefined-behav.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/futex-Remove-duplicated-code-and-fix-undefined-behav.patch 2017-10-18 11:53:30.000000000 +0200 @@ -0,0 +1,1144 @@ +From: Jiri Slaby <[email protected]> +Date: Thu, 24 Aug 2017 09:31:05 +0200 +Subject: futex: Remove duplicated code and fix undefined behaviour +Git-commit: 30d6e0a4190d37740e9447e4e4815f06992dd8c3 +Patch-mainline: v4.14-rc1 +References: bnc#1005915 + +There is code duplicated over all architecture's headers for +futex_atomic_op_inuser. Namely op decoding, access_ok check for uaddr, +and comparison of the result. + +Remove this duplication and leave up to the arches only the needed +assembly which is now in arch_futex_atomic_op_inuser. + +This effectively distributes the Will Deacon's arm64 fix for undefined +behaviour reported by UBSAN to all architectures. The fix was done in +commit 5f16a046f8e1 (arm64: futex: Fix undefined behaviour with +FUTEX_OP_OPARG_SHIFT usage). Look there for an example dump. + +And as suggested by Thomas, check for negative oparg too, because it was +also reported to cause undefined behaviour report. + +Note that s390 removed access_ok check in d12a29703 ("s390/uaccess: +remove pointless access_ok() checks") as access_ok there returns true. +We introduce it back to the helper for the sake of simplicity (it gets +optimized away anyway). + +Signed-off-by: Jiri Slaby <[email protected]> +Signed-off-by: Thomas Gleixner <[email protected]> +Acked-by: Russell King <[email protected]> +Acked-by: Michael Ellerman <[email protected]> (powerpc) +Acked-by: Heiko Carstens <[email protected]> [s390] +Acked-by: Chris Metcalf <[email protected]> [for tile] +Reviewed-by: Darren Hart (VMware) <[email protected]> +Reviewed-by: Will Deacon <[email protected]> [core/arm64] +Cc: [email protected] +Cc: Rich Felker <[email protected]> +Cc: [email protected] +Cc: [email protected] +Cc: [email protected] +Cc: Benjamin Herrenschmidt <[email protected]> +Cc: Max Filippov <[email protected]> +Cc: Paul Mackerras <[email protected]> +Cc: [email protected] +Cc: Jonas Bonn <[email protected]> +Cc: [email protected] +Cc: [email protected] +Cc: Yoshinori Sato <[email protected]> +Cc: [email protected] +Cc: Helge Deller <[email protected]> +Cc: "James E.J. Bottomley" <[email protected]> +Cc: Catalin Marinas <[email protected]> +Cc: Matt Turner <[email protected]> +Cc: [email protected] +Cc: Fenghua Yu <[email protected]> +Cc: Arnd Bergmann <[email protected]> +Cc: [email protected] +Cc: Stefan Kristiansson <[email protected]> +Cc: [email protected] +Cc: Ivan Kokshaysky <[email protected]> +Cc: Stafford Horne <[email protected]> +Cc: [email protected] +Cc: Richard Henderson <[email protected]> +Cc: Chris Zankel <[email protected]> +Cc: Michal Simek <[email protected]> +Cc: Tony Luck <[email protected]> +Cc: [email protected] +Cc: Vineet Gupta <[email protected]> +Cc: Ralf Baechle <[email protected]> +Cc: Richard Kuo <[email protected]> +Cc: [email protected] +Cc: Martin Schwidefsky <[email protected]> +Cc: [email protected] +Cc: "David S. Miller" <[email protected]> +Link: http://lkml.kernel.org/r/[email protected] +--- + arch/alpha/include/asm/futex.h | 26 +++--------------- + arch/arc/include/asm/futex.h | 40 +++------------------------- + arch/arm/include/asm/futex.h | 26 ++---------------- + arch/arm64/include/asm/futex.h | 26 ++---------------- + arch/frv/include/asm/futex.h | 3 +- + arch/frv/kernel/futex.c | 27 ++----------------- + arch/hexagon/include/asm/futex.h | 38 ++------------------------- + arch/ia64/include/asm/futex.h | 25 ++---------------- + arch/microblaze/include/asm/futex.h | 38 ++------------------------- + arch/mips/include/asm/futex.h | 25 ++---------------- + arch/openrisc/include/asm/futex.h | 39 ++-------------------------- + arch/parisc/include/asm/futex.h | 26 ++---------------- + arch/powerpc/include/asm/futex.h | 26 +++--------------- + arch/s390/include/asm/futex.h | 23 +++------------- + arch/sh/include/asm/futex.h | 26 ++---------------- + arch/sparc/include/asm/futex_64.h | 26 +++--------------- + arch/tile/include/asm/futex.h | 40 +++------------------------- + arch/x86/include/asm/futex.h | 40 +++------------------------- + arch/xtensa/include/asm/futex.h | 27 +++---------------- + include/asm-generic/futex.h | 50 ++++++------------------------------ + kernel/futex.c | 39 ++++++++++++++++++++++++++++ + 21 files changed, 130 insertions(+), 506 deletions(-) + +--- a/arch/alpha/include/asm/futex.h ++++ b/arch/alpha/include/asm/futex.h +@@ -25,18 +25,10 @@ + : "r" (uaddr), "r"(oparg) \ + : "memory") + +-static inline int futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; + + pagefault_disable(); + +@@ -62,17 +54,9 @@ static inline int futex_atomic_op_inuser + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/arc/include/asm/futex.h ++++ b/arch/arc/include/asm/futex.h +@@ -73,20 +73,11 @@ + + #endif + +-static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int))) +- return -EFAULT; +- + #ifndef CONFIG_ARC_HAS_LLSC + preempt_disable(); /* to guarantee atomic r-m-w of futex op */ + #endif +@@ -118,30 +109,9 @@ static inline int futex_atomic_op_inuser + preempt_enable(); + #endif + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: +- ret = (oldval == cmparg); +- break; +- case FUTEX_OP_CMP_NE: +- ret = (oldval != cmparg); +- break; +- case FUTEX_OP_CMP_LT: +- ret = (oldval < cmparg); +- break; +- case FUTEX_OP_CMP_GE: +- ret = (oldval >= cmparg); +- break; +- case FUTEX_OP_CMP_LE: +- ret = (oldval <= cmparg); +- break; +- case FUTEX_OP_CMP_GT: +- ret = (oldval > cmparg); +- break; +- default: +- ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/arm/include/asm/futex.h ++++ b/arch/arm/include/asm/futex.h +@@ -128,20 +128,10 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, + #endif /* !SMP */ + + static inline int +-futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret, tmp; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; +- + #ifndef CONFIG_SMP + preempt_disable(); + #endif +@@ -172,17 +162,9 @@ futex_atomic_op_inuser (int encoded_op, + preempt_enable(); + #endif + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/arm64/include/asm/futex.h ++++ b/arch/arm64/include/asm/futex.h +@@ -48,20 +48,10 @@ do { \ + } while (0) + + static inline int +-futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (int)(encoded_op << 8) >> 20; +- int cmparg = (int)(encoded_op << 20) >> 20; + int oldval = 0, ret, tmp; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1U << (oparg & 0x1f); +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; +- + pagefault_disable(); + + switch (op) { +@@ -91,17 +81,9 @@ futex_atomic_op_inuser(unsigned int enco + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/frv/include/asm/futex.h ++++ b/arch/frv/include/asm/futex.h +@@ -7,7 +7,8 @@ + #include <asm/errno.h> + #include <linux/uaccess.h> + +-extern int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr); ++extern int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr); + + static inline int + futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, +--- a/arch/frv/kernel/futex.c ++++ b/arch/frv/kernel/futex.c +@@ -186,20 +186,10 @@ static inline int atomic_futex_op_xchg_x + /* + * do the futex operations + */ +-int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; +- + pagefault_disable(); + + switch (op) { +@@ -225,18 +215,9 @@ int futex_atomic_op_inuser(int encoded_o + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; break; +- } +- } ++ if (!ret) ++ *oval = oldval; + + return ret; + +-} /* end futex_atomic_op_inuser() */ ++} /* end arch_futex_atomic_op_inuser() */ +--- a/arch/hexagon/include/asm/futex.h ++++ b/arch/hexagon/include/asm/futex.h +@@ -31,18 +31,9 @@ + + + static inline int +-futex_atomic_op_inuser(int encoded_op, int __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int))) +- return -EFAULT; + + pagefault_disable(); + +@@ -72,30 +63,9 @@ futex_atomic_op_inuser(int encoded_op, i + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: +- ret = (oldval == cmparg); +- break; +- case FUTEX_OP_CMP_NE: +- ret = (oldval != cmparg); +- break; +- case FUTEX_OP_CMP_LT: +- ret = (oldval < cmparg); +- break; +- case FUTEX_OP_CMP_GE: +- ret = (oldval >= cmparg); +- break; +- case FUTEX_OP_CMP_LE: +- ret = (oldval <= cmparg); +- break; +- case FUTEX_OP_CMP_GT: +- ret = (oldval > cmparg); +- break; +- default: +- ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/ia64/include/asm/futex.h ++++ b/arch/ia64/include/asm/futex.h +@@ -45,18 +45,9 @@ do { \ + } while (0) + + static inline int +-futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; + + pagefault_disable(); + +@@ -84,17 +75,9 @@ futex_atomic_op_inuser (int encoded_op, + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/microblaze/include/asm/futex.h ++++ b/arch/microblaze/include/asm/futex.h +@@ -29,18 +29,9 @@ + }) + + static inline int +-futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; + + pagefault_disable(); + +@@ -66,30 +57,9 @@ futex_atomic_op_inuser(int encoded_op, u + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: +- ret = (oldval == cmparg); +- break; +- case FUTEX_OP_CMP_NE: +- ret = (oldval != cmparg); +- break; +- case FUTEX_OP_CMP_LT: +- ret = (oldval < cmparg); +- break; +- case FUTEX_OP_CMP_GE: +- ret = (oldval >= cmparg); +- break; +- case FUTEX_OP_CMP_LE: +- ret = (oldval <= cmparg); +- break; +- case FUTEX_OP_CMP_GT: +- ret = (oldval > cmparg); +- break; +- default: +- ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/mips/include/asm/futex.h ++++ b/arch/mips/include/asm/futex.h +@@ -83,18 +83,9 @@ + } + + static inline int +-futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; + + pagefault_disable(); + +@@ -125,17 +116,9 @@ futex_atomic_op_inuser(int encoded_op, u + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/openrisc/include/asm/futex.h ++++ b/arch/openrisc/include/asm/futex.h +@@ -30,20 +30,10 @@ + }) + + static inline int +-futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; +- + pagefault_disable(); + + switch (op) { +@@ -68,30 +58,9 @@ futex_atomic_op_inuser(int encoded_op, u + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: +- ret = (oldval == cmparg); +- break; +- case FUTEX_OP_CMP_NE: +- ret = (oldval != cmparg); +- break; +- case FUTEX_OP_CMP_LT: +- ret = (oldval < cmparg); +- break; +- case FUTEX_OP_CMP_GE: +- ret = (oldval >= cmparg); +- break; +- case FUTEX_OP_CMP_LE: +- ret = (oldval <= cmparg); +- break; +- case FUTEX_OP_CMP_GT: +- ret = (oldval > cmparg); +- break; +- default: +- ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/parisc/include/asm/futex.h ++++ b/arch/parisc/include/asm/futex.h +@@ -32,22 +32,12 @@ _futex_spin_unlock_irqrestore(u32 __user + } + + static inline int +-futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) + { + unsigned long int flags; +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval, ret; + u32 tmp; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(*uaddr))) +- return -EFAULT; +- + _futex_spin_lock_irqsave(uaddr, &flags); + pagefault_disable(); + +@@ -85,17 +75,9 @@ out_pagefault_enable: + pagefault_enable(); + _futex_spin_unlock_irqrestore(uaddr, &flags); + +- if (ret == 0) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/powerpc/include/asm/futex.h ++++ b/arch/powerpc/include/asm/futex.h +@@ -29,18 +29,10 @@ + : "b" (uaddr), "i" (-EFAULT), "r" (oparg) \ + : "cr0", "memory") + +-static inline int futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; + + pagefault_disable(); + +@@ -66,17 +58,9 @@ static inline int futex_atomic_op_inuser + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/s390/include/asm/futex.h ++++ b/arch/s390/include/asm/futex.h +@@ -21,17 +21,12 @@ + : "0" (-EFAULT), "d" (oparg), "a" (uaddr), \ + "m" (*uaddr) : "cc"); + +-static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, newval, ret; + + load_kernel_asce(); +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; + + pagefault_disable(); + switch (op) { +@@ -60,17 +55,9 @@ static inline int futex_atomic_op_inuser + } + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/sh/include/asm/futex.h ++++ b/arch/sh/include/asm/futex.h +@@ -27,21 +27,12 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, + return atomic_futex_op_cmpxchg_inatomic(uval, uaddr, oldval, newval); + } + +-static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, u32 oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- u32 oparg = (encoded_op << 8) >> 20; +- u32 cmparg = (encoded_op << 20) >> 20; + u32 oldval, newval, prev; + int ret; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; +- + pagefault_disable(); + + do { +@@ -80,17 +71,8 @@ static inline int futex_atomic_op_inuser + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = ((int)oldval < (int)cmparg); break; +- case FUTEX_OP_CMP_GE: ret = ((int)oldval >= (int)cmparg); break; +- case FUTEX_OP_CMP_LE: ret = ((int)oldval <= (int)cmparg); break; +- case FUTEX_OP_CMP_GT: ret = ((int)oldval > (int)cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; + + return ret; + } +--- a/arch/sparc/include/asm/futex_64.h ++++ b/arch/sparc/include/asm/futex_64.h +@@ -29,22 +29,14 @@ + : "r" (uaddr), "r" (oparg), "i" (-EFAULT) \ + : "memory") + +-static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret, tem; + +- if (unlikely(!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))) +- return -EFAULT; + if (unlikely((((unsigned long) uaddr) & 0x3UL))) + return -EINVAL; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- + pagefault_disable(); + + switch (op) { +@@ -69,17 +61,9 @@ static inline int futex_atomic_op_inuser + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/tile/include/asm/futex.h ++++ b/arch/tile/include/asm/futex.h +@@ -106,12 +106,9 @@ + lock = __atomic_hashed_lock((int __force *)uaddr) + #endif + +-static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, u32 oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int uninitialized_var(val), ret; + + __futex_prolog(); +@@ -119,12 +116,6 @@ static inline int futex_atomic_op_inuser + /* The 32-bit futex code makes this assumption, so validate it here. */ + BUILD_BUG_ON(sizeof(atomic_t) != sizeof(int)); + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; +- + pagefault_disable(); + switch (op) { + case FUTEX_OP_SET: +@@ -148,30 +139,9 @@ static inline int futex_atomic_op_inuser + } + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: +- ret = (val == cmparg); +- break; +- case FUTEX_OP_CMP_NE: +- ret = (val != cmparg); +- break; +- case FUTEX_OP_CMP_LT: +- ret = (val < cmparg); +- break; +- case FUTEX_OP_CMP_GE: +- ret = (val >= cmparg); +- break; +- case FUTEX_OP_CMP_LE: +- ret = (val <= cmparg); +- break; +- case FUTEX_OP_CMP_GT: +- ret = (val > cmparg); +- break; +- default: +- ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = val; ++ + return ret; + } + +--- a/arch/x86/include/asm/futex.h ++++ b/arch/x86/include/asm/futex.h +@@ -41,20 +41,11 @@ + "+m" (*uaddr), "=&r" (tem) \ + : "r" (oparg), "i" (-EFAULT), "1" (0)) + +-static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret, tem; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; +- + pagefault_disable(); + + switch (op) { +@@ -80,30 +71,9 @@ static inline int futex_atomic_op_inuser + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: +- ret = (oldval == cmparg); +- break; +- case FUTEX_OP_CMP_NE: +- ret = (oldval != cmparg); +- break; +- case FUTEX_OP_CMP_LT: +- ret = (oldval < cmparg); +- break; +- case FUTEX_OP_CMP_GE: +- ret = (oldval >= cmparg); +- break; +- case FUTEX_OP_CMP_LE: +- ret = (oldval <= cmparg); +- break; +- case FUTEX_OP_CMP_GT: +- ret = (oldval > cmparg); +- break; +- default: +- ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/arch/xtensa/include/asm/futex.h ++++ b/arch/xtensa/include/asm/futex.h +@@ -44,18 +44,10 @@ + : "r" (uaddr), "I" (-EFAULT), "r" (oparg) \ + : "memory") + +-static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, ++ u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; + + #if !XCHAL_HAVE_S32C1I + return -ENOSYS; +@@ -89,19 +81,10 @@ static inline int futex_atomic_op_inuser + + pagefault_enable(); + +- if (ret) +- return ret; +- +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: return (oldval == cmparg); +- case FUTEX_OP_CMP_NE: return (oldval != cmparg); +- case FUTEX_OP_CMP_LT: return (oldval < cmparg); +- case FUTEX_OP_CMP_GE: return (oldval >= cmparg); +- case FUTEX_OP_CMP_LE: return (oldval <= cmparg); +- case FUTEX_OP_CMP_GT: return (oldval > cmparg); +- } ++ if (!ret) ++ *oval = oldval; + +- return -ENOSYS; ++ return ret; + } + + static inline int +--- a/include/asm-generic/futex.h ++++ b/include/asm-generic/futex.h +@@ -13,7 +13,7 @@ + */ + + /** +- * futex_atomic_op_inuser() - Atomic arithmetic operation with constant ++ * arch_futex_atomic_op_inuser() - Atomic arithmetic operation with constant + * argument and comparison of the previous + * futex value with another constant. + * +@@ -25,18 +25,11 @@ + * <0 - On error + */ + static inline int +-futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, u32 oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval, ret; + u32 tmp; + +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- + preempt_disable(); + pagefault_disable(); + +@@ -74,17 +67,9 @@ out_pagefault_enable: + pagefault_enable(); + preempt_enable(); + +- if (ret == 0) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (ret == 0) ++ *oval = oldval; ++ + return ret; + } + +@@ -126,18 +111,9 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, + + #else + static inline int +-futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) ++arch_futex_atomic_op_inuser(int op, u32 oparg, int *oval, u32 __user *uaddr) + { +- int op = (encoded_op >> 28) & 7; +- int cmp = (encoded_op >> 24) & 15; +- int oparg = (encoded_op << 8) >> 20; +- int cmparg = (encoded_op << 20) >> 20; + int oldval = 0, ret; +- if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) +- oparg = 1 << oparg; +- +- if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32))) +- return -EFAULT; + + pagefault_disable(); + +@@ -153,17 +129,9 @@ futex_atomic_op_inuser (int encoded_op, + + pagefault_enable(); + +- if (!ret) { +- switch (cmp) { +- case FUTEX_OP_CMP_EQ: ret = (oldval == cmparg); break; +- case FUTEX_OP_CMP_NE: ret = (oldval != cmparg); break; +- case FUTEX_OP_CMP_LT: ret = (oldval < cmparg); break; +- case FUTEX_OP_CMP_GE: ret = (oldval >= cmparg); break; +- case FUTEX_OP_CMP_LE: ret = (oldval <= cmparg); break; +- case FUTEX_OP_CMP_GT: ret = (oldval > cmparg); break; +- default: ret = -ENOSYS; +- } +- } ++ if (!ret) ++ *oval = oldval; ++ + return ret; + } + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -1557,6 +1557,45 @@ out: + return ret; + } + ++static int futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr) ++{ ++ unsigned int op = (encoded_op & 0x70000000) >> 28; ++ unsigned int cmp = (encoded_op & 0x0f000000) >> 24; ++ int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12); ++ int cmparg = sign_extend32(encoded_op & 0x00000fff, 12); ++ int oldval, ret; ++ ++ if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { ++ if (oparg < 0 || oparg > 31) ++ return -EINVAL; ++ oparg = 1 << oparg; ++ } ++ ++ if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) ++ return -EFAULT; ++ ++ ret = arch_futex_atomic_op_inuser(op, oparg, &oldval, uaddr); ++ if (ret) ++ return ret; ++ ++ switch (cmp) { ++ case FUTEX_OP_CMP_EQ: ++ return oldval == cmparg; ++ case FUTEX_OP_CMP_NE: ++ return oldval != cmparg; ++ case FUTEX_OP_CMP_LT: ++ return oldval < cmparg; ++ case FUTEX_OP_CMP_GE: ++ return oldval >= cmparg; ++ case FUTEX_OP_CMP_LE: ++ return oldval <= cmparg; ++ case FUTEX_OP_CMP_GT: ++ return oldval > cmparg; ++ default: ++ return -ENOSYS; ++ } ++} ++ + /* + * Wake up all waiters hashed on the physical page that is mapped + * to this virtual address: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/waitid-Add-missing-access_ok-checks.patch new/patches.fixes/waitid-Add-missing-access_ok-checks.patch --- old/patches.fixes/waitid-Add-missing-access_ok-checks.patch 2017-10-13 11:38:39.000000000 +0200 +++ new/patches.fixes/waitid-Add-missing-access_ok-checks.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,44 +0,0 @@ -From: Kees Cook <[email protected]> -Date: Mon, 9 Oct 2017 11:36:52 -0700 -Subject: waitid(): Add missing access_ok() checks -Git-commit: 96ca579a1ecc943b75beba58bebb0356f6cc4b51 -Patch-mainline: 4.14-rc5 -References: bnc#1062473 CVE-2017-5123 - -Adds missing access_ok() checks. - -CVE-2017-5123 - -Reported-by: Chris Salls <[email protected]> -Signed-off-by: Kees Cook <[email protected]> -Acked-by: Al Viro <[email protected]> -Fixes: 4c48abe91be0 ("waitid(): switch copyout of siginfo to unsafe_put_user()") -Cc: [email protected] # 4.13 -Signed-off-by: Linus Torvalds <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - kernel/exit.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/kernel/exit.c -+++ b/kernel/exit.c -@@ -1611,6 +1611,9 @@ SYSCALL_DEFINE5(waitid, int, which, pid_ - if (!infop) - return err; - -+ if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop))) -+ goto Efault; -+ - user_access_begin(); - unsafe_put_user(signo, &infop->si_signo, Efault); - unsafe_put_user(0, &infop->si_errno, Efault); -@@ -1736,6 +1739,9 @@ COMPAT_SYSCALL_DEFINE5(waitid, - if (!infop) - return err; - -+ if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop))) -+ goto Efault; -+ - user_access_begin(); - unsafe_put_user(signo, &infop->si_signo, Efault); - unsafe_put_user(0, &infop->si_errno, Efault); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/watchdog-revert-itco_wdt-all-versions-count-down-twice new/patches.fixes/watchdog-revert-itco_wdt-all-versions-count-down-twice --- old/patches.fixes/watchdog-revert-itco_wdt-all-versions-count-down-twice 2017-10-13 11:38:39.000000000 +0200 +++ new/patches.fixes/watchdog-revert-itco_wdt-all-versions-count-down-twice 1970-01-01 01:00:00.000000000 +0100 @@ -1,81 +0,0 @@ -From: Wim Van Sebroeck <[email protected]> -Date: Sat, 9 Sep 2017 17:41:24 +0200 -Subject: watchdog: Revert "iTCO_wdt: all versions count down twice" -Git-commit: fc61e83a29308601e6e8a0759e24fc8fe2122692 -Patch-mainline: v4.14-rc1 -References: bsc#1061556 - -This reverts commit 1fccb73011ea8a5fa0c6d357c33fa29c695139ea. -Reported as Bug 196509 - iTCO_wdt regression reboot before timeout expire - -Signed-off-by: Wim Van Sebroeck <[email protected]> -Acked-by: Martin Wilck <[email protected]> ---- - Documentation/watchdog/watchdog-parameters.txt | 2 +- - drivers/watchdog/iTCO_wdt.c | 22 ++++++++++++---------- - 2 files changed, 13 insertions(+), 11 deletions(-) - -diff --git a/Documentation/watchdog/watchdog-parameters.txt b/Documentation/watchdog/watchdog-parameters.txt -index b3526365ea8e..6f9d7b418917 100644 ---- a/Documentation/watchdog/watchdog-parameters.txt -+++ b/Documentation/watchdog/watchdog-parameters.txt -@@ -117,7 +117,7 @@ nowayout: Watchdog cannot be stopped once started - ------------------------------------------------- - iTCO_wdt: - heartbeat: Watchdog heartbeat in seconds. -- (5<=heartbeat<=74 (TCO v1) or 1226 (TCO v2), default=30) -+ (2<heartbeat<39 (TCO v1) or 613 (TCO v2), default=30) - nowayout: Watchdog cannot be stopped once started - (default=kernel config parameter) - ------------------------------------------------- -diff --git a/drivers/watchdog/iTCO_wdt.c b/drivers/watchdog/iTCO_wdt.c -index c4f65873bfa4..347f0389b089 100644 ---- a/drivers/watchdog/iTCO_wdt.c -+++ b/drivers/watchdog/iTCO_wdt.c -@@ -306,15 +306,16 @@ static int iTCO_wdt_ping(struct watchdog_device *wd_dev) - - iTCO_vendor_pre_keepalive(p->smi_res, wd_dev->timeout); - -- /* Reset the timeout status bit so that the timer -- * needs to count down twice again before rebooting */ -- outw(0x0008, TCO1_STS(p)); /* write 1 to clear bit */ -- - /* Reload the timer by writing to the TCO Timer Counter register */ -- if (p->iTCO_version >= 2) -+ if (p->iTCO_version >= 2) { - outw(0x01, TCO_RLD(p)); -- else if (p->iTCO_version == 1) -+ } else if (p->iTCO_version == 1) { -+ /* Reset the timeout status bit so that the timer -+ * needs to count down twice again before rebooting */ -+ outw(0x0008, TCO1_STS(p)); /* write 1 to clear bit */ -+ - outb(0x01, TCO_RLD(p)); -+ } - - spin_unlock(&p->io_lock); - return 0; -@@ -327,8 +328,11 @@ static int iTCO_wdt_set_timeout(struct watchdog_device *wd_dev, unsigned int t) - unsigned char val8; - unsigned int tmrval; - -- /* The timer counts down twice before rebooting */ -- tmrval = seconds_to_ticks(p, t) / 2; -+ tmrval = seconds_to_ticks(p, t); -+ -+ /* For TCO v1 the timer counts down twice before rebooting */ -+ if (p->iTCO_version == 1) -+ tmrval /= 2; - - /* from the specs: */ - /* "Values of 0h-3h are ignored and should not be attempted" */ -@@ -381,8 +385,6 @@ static unsigned int iTCO_wdt_get_timeleft(struct watchdog_device *wd_dev) - spin_lock(&p->io_lock); - val16 = inw(TCO_RLD(p)); - val16 &= 0x3ff; -- if (!(inw(TCO1_STS(p)) & 0x0008)) -- val16 += (inw(TCOv2_TMR(p)) & 0x3ff); - spin_unlock(&p->io_lock); - - time_left = ticks_to_seconds(p, val16); - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch new/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch --- old/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch 2017-10-18 11:53:30.000000000 +0200 @@ -0,0 +1,59 @@ +From: Eric Sandeen <[email protected]> +Date: Tue, 17 Oct 2017 17:15:03 -0700 +Subject: [PATCH] xfs: handle error if xfs_btree_get_bufs fails +Patch-mainline: Not yet, it slipped through the rocks I pushed it again +References: bsc#1059863 + +Jason reported that a corrupted filesystem failed to replay +the log with a metadata block out of bounds warning: + +XFS (dm-2): _xfs_buf_find: Block out of range: block 0x80270fff8, EOFS 0x9c40000 + +_xfs_buf_find() and xfs_btree_get_bufs() return NULL if +that happens, and then when xfs_alloc_fix_freelist() calls +xfs_trans_binval() on that NULL bp, we oops with: + +BUG: unable to handle kernel NULL pointer dereference at 00000000000000f8 + +We don't handle _xfs_buf_find errors very well, every +caller higher up the stack gets to guess at why it failed. +But we should at least handle it somehow, so return +EFSCORRUPTED here. + +Reported-by: Jason L Tibbitts III <[email protected]> +Signed-off-by: Eric Sandeen <[email protected]> +Reviewed-by: Darrick J. Wong <[email protected]> +Signed-off-by: Luis R. Rodriguez <[email protected]> +--- + fs/xfs/libxfs/xfs_alloc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c +index 744dcaec34cc..f965ce832bc0 100644 +--- a/fs/xfs/libxfs/xfs_alloc.c ++++ b/fs/xfs/libxfs/xfs_alloc.c +@@ -1584,6 +1584,10 @@ xfs_alloc_ag_vextent_small( + + bp = xfs_btree_get_bufs(args->mp, args->tp, + args->agno, fbno, 0); ++ if (!bp) { ++ error = -EFSCORRUPTED; ++ goto error0; ++ } + xfs_trans_binval(args->tp, bp); + } + args->len = 1; +@@ -2141,6 +2145,10 @@ xfs_alloc_fix_freelist( + if (error) + goto out_agbp_relse; + bp = xfs_btree_get_bufs(mp, tp, args->agno, bno, 0); ++ if (!bp) { ++ error = -EFSCORRUPTED; ++ goto out_agbp_relse; ++ } + xfs_trans_binval(tp, bp); + } + +-- +2.14.2 + ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 4398 lines of diff (skipped) ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:47.086516219 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:47.090516032 +0200 @@ -533,6 +533,63 @@ patches.kernel.org/4.13.6-159-udp-fix-bcast-packet-reception.patch patches.kernel.org/4.13.6-160-base-arch_topology-fix-section-mismatch-build-.patch patches.kernel.org/4.13.6-161-Linux-4.13.6.patch + patches.kernel.org/4.13.7-001-watchdog-Revert-iTCO_wdt-all-versions-count-do.patch + patches.kernel.org/4.13.7-002-waitid-Add-missing-access_ok-checks.patch + patches.kernel.org/4.13.7-003-Linux-4.13.7.patch + patches.kernel.org/4.13.8-001-USB-dummy-hcd-Fix-deadlock-caused-by-disconnec.patch + patches.kernel.org/4.13.8-002-MIPS-math-emu-Remove-pr_err-calls-from-fpu_emu.patch + patches.kernel.org/4.13.8-003-MIPS-bpf-Fix-uninitialised-target-compiler-err.patch + patches.kernel.org/4.13.8-004-mei-always-use-domain-runtime-pm-callbacks.patch + patches.kernel.org/4.13.8-005-dmaengine-edma-Align-the-memcpy-acnt-array-siz.patch + patches.kernel.org/4.13.8-006-dmaengine-ti-dma-crossbar-Fix-possible-race-co.patch + patches.kernel.org/4.13.8-007-NFS-Fix-uninitialized-rpc_wait_queue.patch + patches.kernel.org/4.13.8-008-nfs-filelayout-fix-oops-when-freeing-filelayou.patch + patches.kernel.org/4.13.8-009-HID-usbhid-fix-out-of-bounds-bug.patch + patches.kernel.org/4.13.8-010-crypto-skcipher-Fix-crash-on-zero-length-input.patch + patches.kernel.org/4.13.8-011-crypto-shash-Fix-zero-length-shash-ahash-diges.patch + patches.kernel.org/4.13.8-012-KVM-MMU-always-terminate-page-walks-at-level-1.patch + patches.kernel.org/4.13.8-013-KVM-nVMX-fix-guest-CR4-loading-when-emulating-.patch + patches.kernel.org/4.13.8-014-usb-renesas_usbhs-Fix-DMAC-sequence-for-receiv.patch + patches.kernel.org/4.13.8-015-pinctrl-amd-Fix-build-dependency-on-pinmux-cod.patch + patches.kernel.org/4.13.8-016-iommu-amd-Finish-TLB-flush-in-amd_iommu_unmap.patch + patches.kernel.org/4.13.8-017-device-property-Track-owner-device-of-device-p.patch + patches.kernel.org/4.13.8-018-Revert-vmalloc-back-off-when-the-current-task-.patch + patches.kernel.org/4.13.8-019-fs-mpage.c-fix-mpage_writepage-for-pages-with-.patch + patches.kernel.org/4.13.8-020-ALSA-usb-audio-Kill-stray-URB-at-exiting.patch + patches.kernel.org/4.13.8-021-ALSA-seq-Fix-use-after-free-at-creating-a-port.patch + patches.kernel.org/4.13.8-022-ALSA-seq-Fix-copy_from_user-call-inside-lock.patch + patches.kernel.org/4.13.8-023-ALSA-caiaq-Fix-stray-URB-at-probe-error-path.patch + patches.kernel.org/4.13.8-024-ALSA-line6-Fix-NULL-dereference-at-podhd_disco.patch + patches.kernel.org/4.13.8-025-ALSA-line6-Fix-missing-initialization-before-e.patch + patches.kernel.org/4.13.8-026-ALSA-line6-Fix-leftover-URB-at-error-path-duri.patch + patches.kernel.org/4.13.8-027-drm-atomic-Unref-duplicated-drm_atomic_state-i.patch + patches.kernel.org/4.13.8-028-drm-i915-edp-Get-the-Panel-Power-Off-timestamp.patch + patches.kernel.org/4.13.8-029-drm-i915-Read-timings-from-the-correct-transco.patch + patches.kernel.org/4.13.8-030-drm-i915-bios-parse-DDI-ports-also-for-CHV-for.patch + patches.kernel.org/4.13.8-031-drm-i915-Use-crtc_state_is_legacy_gamma-in-int.patch + patches.kernel.org/4.13.8-032-usb-gadget-configfs-Fix-memory-leak-of-interfa.patch + patches.kernel.org/4.13.8-033-usb-gadget-composite-Fix-use-after-free-in-usb.patch + patches.kernel.org/4.13.8-034-PCI-aardvark-Move-to-struct-pci_host_bridge-IR.patch + patches.kernel.org/4.13.8-035-Revert-PCI-tegra-Do-not-allocate-MSI-target-me.patch + patches.kernel.org/4.13.8-036-direct-io-Prevent-NULL-pointer-access-in-submi.patch + patches.kernel.org/4.13.8-037-fix-unbalanced-page-refcounting-in-bio_map_use.patch + patches.kernel.org/4.13.8-038-more-bio_map_user_iov-leak-fixes.patch + patches.kernel.org/4.13.8-039-bio_copy_user_iov-don-t-ignore-iov_offset.patch + patches.kernel.org/4.13.8-040-perf-script-Add-missing-separator-for-F-ip-brs.patch + patches.kernel.org/4.13.8-041-genirq-cpuhotplug-Enforce-affinity-setting-on-.patch + patches.kernel.org/4.13.8-042-genirq-cpuhotplug-Add-sanity-check-for-effecti.patch + patches.kernel.org/4.13.8-043-USB-serial-ftdi_sio-add-id-for-Cypress-WICED-d.patch + patches.kernel.org/4.13.8-044-USB-serial-cp210x-fix-partnum-regression.patch + patches.kernel.org/4.13.8-045-USB-serial-cp210x-add-support-for-ELV-TFD500.patch + patches.kernel.org/4.13.8-046-USB-serial-option-add-support-for-TP-Link-LTE-.patch + patches.kernel.org/4.13.8-047-USB-serial-qcserial-add-Dell-DW5818-DW5819.patch + patches.kernel.org/4.13.8-048-USB-serial-console-fix-use-after-free-on-disco.patch + patches.kernel.org/4.13.8-049-USB-serial-console-fix-use-after-free-after-fa.patch + patches.kernel.org/4.13.8-050-RAS-CEC-Use-the-right-length-for-cec_disable.patch + patches.kernel.org/4.13.8-051-x86-microcode-Do-the-family-check-first.patch + patches.kernel.org/4.13.8-052-x86-alternatives-Fix-alt_max_short-macro-to-re.patch + patches.kernel.org/4.13.8-053-KVM-nVMX-update-last_nonleaf_level-when-initia.patch + patches.kernel.org/4.13.8-054-Linux-4.13.8.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -581,7 +638,7 @@ # Scheduler / Core ######################################################## patches.suse/setuid-dumpable-wrongdir - patches.fixes/waitid-Add-missing-access_ok-checks.patch + patches.fixes/futex-Remove-duplicated-code-and-fix-undefined-behav.patch ######################################################## # Architecture-specific patches. These used to be all @@ -872,7 +929,6 @@ ########################################################## patches.drivers/ALSA-hda-Implement-mic-mute-LED-mode-enum patches.drivers/ALSA-ice1712-Add-support-for-STAudio-ADCIII - patches.fixes/ALSA-seq-Fix-use-after-free-at-creating-a-port ######################################################## # Char / serial @@ -886,7 +942,6 @@ +hare patches.suse/no-partition-scan patches.fixes/platform-x86-peaq-wmi-Add-DMI-check-before-binding - patches.fixes/watchdog-revert-itco_wdt-all-versions-count-down-twice ######################################################## # Other drivers we have added to the tree @@ -1004,6 +1059,7 @@ # submitted patches.suse/0001-orc-mark-it-as-reliable.patch + patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch ######################################################## # Kdump ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.wILHAK/_old 2017-10-20 14:40:47.126514348 +0200 +++ /var/tmp/diff_new_pack.wILHAK/_new 2017-10-20 14:40:47.126514348 +0200 @@ -1,3 +1,3 @@ -2017-10-13 11:38:39 +0200 -GIT Revision: a8d2202cb84d0e74744da2c060b9c94ae8d4e713 +2017-10-18 11:53:30 +0200 +GIT Revision: 569e26e37cba0ef2809a58ea4f1ca0c558202f17 GIT Branch: stable
