Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2017-10-30 21:18:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Mon Oct 30 21:18:03 2017 rev:386 rq:537041 version:4.13.10 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2017-10-24 22:20:47.767655014 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2017-10-30 21:18:03.892113310 +0100 @@ -1,0 +2,170 @@ +Fri Oct 27 11:03:09 CEST 2017 - [email protected] + +- Linux 4.13.10 final +- commit db36cf8 + +------------------------------------------------------------------- +Fri Oct 27 09:37:37 CEST 2017 - [email protected] + +- scripts/stableids: revert unwanted change +- commit d6206ec + +------------------------------------------------------------------- +Fri Oct 27 09:26:52 CEST 2017 - [email protected] + +- futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1064590). +- commit 0d29474 + +------------------------------------------------------------------- +Wed Oct 25 14:47:02 CEST 2017 - [email protected] + +- Linux 4.13.10 (bnc#1012628). +- staging: bcm2835-audio: Fix memory corruption (bnc#1012628). +- USB: devio: Revert "USB: devio: Don't corrupt user memory" + (bnc#1012628). +- USB: core: fix out-of-bounds access bug in + usb_get_bos_descriptor() (bnc#1012628). +- USB: serial: metro-usb: add MS7820 device id (bnc#1012628). +- usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012628). +- usb: quirks: add quirk for WORLDE MINI MIDI keyboard + (bnc#1012628). +- usb: hub: Allow reset retry for USB2 devices on connect bounce + (bnc#1012628). +- ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box + S2 Digital (bnc#1012628). +- can: gs_usb: fix busy loop if no more TX context is available + (bnc#1012628). +- scsi: qla2xxx: Fix uninitialized work element (bnc#1012628). +- nbd: don't set the device size until we're connected + (bnc#1012628). +- s390/cputime: fix guest/irq/softirq times after CPU hotplug + (bnc#1012628). +- parisc: Fix double-word compare and exchange in LWS code on + 32-bit kernels (bnc#1012628). +- parisc: Fix detection of nonsynchronous cr16 cycle counters + (bnc#1012628). +- iio: dummy: events: Add missing break (bnc#1012628). +- usb: musb: sunxi: Explicitly release USB PHY on exit + (bnc#1012628). +- USB: musb: fix session-bit runtime-PM quirk (bnc#1012628). +- USB: musb: fix late external abort on suspend (bnc#1012628). +- usb: musb: musb_cppi41: Fix the address of teardown and autoreq + registers (bnc#1012628). +- usb: musb: musb_cppi41: Fix cppi41_set_dma_mode() for DA8xx + (bnc#1012628). +- usb: musb: musb_cppi41: Configure the number of channels for + DA8xx (bnc#1012628). +- usb: musb: Check for host-mode using is_host_active() on reset + interrupt (bnc#1012628). +- xhci: Identify USB 3.1 capable hosts by their port protocol + capability (bnc#1012628). +- xhci: Cleanup current_cmd in xhci_cleanup_command_queue() + (bnc#1012628). +- usb: xhci: Reset halted endpoint if trb is noop (bnc#1012628). +- usb: xhci: Handle error condition in xhci_stop_device() + (bnc#1012628). +- can: esd_usb2: Fix can_dlc value for received RTR, frames + (bnc#1012628). +- can: af_can: can_pernet_init(): add missing error handling + for kzalloc returning NULL (bnc#1012628). +- can: flexcan: fix state transition regression (bnc#1012628). +- can: flexcan: rename legacy error state quirk (bnc#1012628). +- can: flexcan: implement error passive state quirk (bnc#1012628). +- can: flexcan: fix i.MX6 state transition issue (bnc#1012628). +- can: flexcan: fix i.MX28 state transition issue (bnc#1012628). +- can: flexcan: fix p1010 state transition issue (bnc#1012628). +- KEYS: encrypted: fix dereference of NULL user_key_payload + (bnc#1012628). +- mmc: sdhci-pci: Fix default d3_retune for Intel host controllers + (bnc#1012628). +- drm/i915: Use bdw_ddi_translations_fdi for Broadwell + (bnc#1012628). +- drm/nouveau/kms/nv50: fix oops during DP IRQ handling on + non-MST boards (bnc#1012628). +- drm/nouveau/bsp/g92: disable by default (bnc#1012628). +- drm/nouveau/mmu: flush tlbs before deleting page tables + (bnc#1012628). +- media: s5p-cec: add NACK detection support (bnc#1012628). +- media: cec: Respond to unregistered initiators, when applicable + (bnc#1012628). +- media: dvb: i2c transfers over usb cannot be done from stack + (bnc#1012628). +- tracing/samples: Fix creation and deletion of simple_thread_fn + creation (bnc#1012628). +- ALSA: seq: Enable 'use' locking in all configurations + (bnc#1012628). +- ALSA: hda: Remove superfluous '-' added by printk conversion + (bnc#1012628). +- i2c: ismt: Separate I2C block read from SMBus block read + (bnc#1012628). +- i2c: piix4: Fix SMBus port selection for AMD Family 17h chips + (bnc#1012628). +- Revert "tools/power turbostat: stop migrating, unless '-m'" + (bnc#1012628). +- Input: stmfts - fix setting ABS_MT_POSITION_* maximum size + (bnc#1012628). +- brcmfmac: Add check for short event packets (bnc#1012628). +- brcmsmac: make some local variables 'static const' to reduce + stack size (bnc#1012628). +- ARM: dts: sun6i: Fix endpoint IDs in second display pipeline + (bnc#1012628). +- bus: mbus: fix window size calculation for 4GB windows + (bnc#1012628). +- clockevents/drivers/cs5535: Improve resilience to spurious + interrupts (bnc#1012628). +- rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012628). +- x86/microcode/intel: Disable late loading on model 79 + (bnc#1012628). +- lib/digsig: fix dereference of NULL user_key_payload + (bnc#1012628). +- fscrypt: fix dereference of NULL user_key_payload (bnc#1012628). +- ecryptfs: fix dereference of NULL user_key_payload + (bnc#1012628). +- KEYS: Fix race between updating and finding a negative key + (bnc#1012628). +- FS-Cache: fix dereference of NULL user_key_payload + (bnc#1012628). +- KEYS: don't let add_key() update an uninstantiated key + (bnc#1012628). +- pkcs7: Prevent NULL pointer dereference, since sinfo is not + always set (bnc#1012628). +- arm64: dts: rockchip: correct vqmmc voltage for rk3399 platforms + (bnc#1012628). +- ALSA: hda - Fix incorrect TLV callback check introduced during + set_fs() removal (bnc#1012628). +- iomap_dio_rw: Allocate AIO completion queue before submitting + dio (bnc#1012628). +- xfs: don't unconditionally clear the reflink flag on zero-block + files (bnc#1012628). +- xfs: evict CoW fork extents when performing finsert/fcollapse + (bnc#1012628). +- fs/xfs: Use %pS printk format for direct addresses + (bnc#1012628). +- xfs: report zeroed or not correctly in xfs_zero_range() + (bnc#1012628). +- xfs: update i_size after unwritten conversion in dio completion + (bnc#1012628). +- xfs: perag initialization should only touch m_ag_max_usable + for AG 0 (bnc#1012628). +- xfs: Capture state of the right inode in xfs_iflush_done + (bnc#1012628). +- xfs: always swap the cow forks when swapping extents + (bnc#1012628). +- xfs: handle racy AIO in xfs_reflink_end_cow (bnc#1012628). +- xfs: Don't log uninitialised fields in inode structures + (bnc#1012628). +- xfs: move more RT specific code under CONFIG_XFS_RT + (bnc#1012628). +- xfs: don't change inode mode if ACL update fails (bnc#1012628). +- xfs: reinit btree pointer on attr tree inactivation walk + (bnc#1012628). +- xfs: handle error if xfs_btree_get_bufs fails (bnc#1012628 + bsc#1059863). +- xfs: cancel dirty pages on invalidation (bnc#1012628). +- xfs: trim writepage mapping to within eof (bnc#1012628). +- xfs: move two more RT specific functions into CONFIG_XFS_RT + (bnc#1012628). +- scripts/stableids: +- commit e760ea6 + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.423694036 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.431693745 +0100 @@ -17,7 +17,7 @@ %define srcversion 4.13 -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb}) Name: dtb-aarch64 -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.555689237 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.567688801 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.699684001 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.703683856 +0100 @@ -17,7 +17,7 @@ %define srcversion 4.13 -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.743682402 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.747682256 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.791680657 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.799680366 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %define vanilla_only 0 @@ -57,9 +57,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.859678184 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.867677893 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.915676148 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.919676003 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.955674694 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.959674548 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:15.995673239 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:15.999673094 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.13.9 +Version: 4.13.10 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:16.055671058 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:16.059670913 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.13 -%define patchversion 4.13.9 +%define patchversion 4.13.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.13.9 +Version: 4.13.10 %if 0%{?is_kotd} -Release: <RELEASE>.ge7d7106 +Release: <RELEASE>.gdb36cf8 %else Release: 0 %endif kernel-vanilla.spec: same change kernel-zfcpdump.spec: same change ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Abort-capability-probe-at-invalid-register- new/patches.drivers/ALSA-hda-Abort-capability-probe-at-invalid-register- --- old/patches.drivers/ALSA-hda-Abort-capability-probe-at-invalid-register- 2017-10-18 12:43:48.000000000 +0200 +++ new/patches.drivers/ALSA-hda-Abort-capability-probe-at-invalid-register- 1970-01-01 01:00:00.000000000 +0100 @@ -1,49 +0,0 @@ -From 098a0a62c1554f5a3813ef1b8539563214ada8f6 Mon Sep 17 00:00:00 2001 -From: Takashi Iwai <[email protected]> -Date: Tue, 17 Oct 2017 16:38:55 +0200 -Subject: [PATCH] ALSA: hda: Abort capability probe at invalid register read -Patch-mainline: Queued in subsystem maintainer repository -Git-commit: 098a0a62c1554f5a3813ef1b8539563214ada8f6 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -References: bsc#1064017 - -The loop in snd_hdac_bus_parse_capabilities() may go to nirvana when -it hits an invalid register value read: - - BUG: unable to handle kernel paging request at ffffad5dc41f3fff - IP: pci_azx_readl+0x5/0x10 [snd_hda_intel] - Call Trace: - snd_hdac_bus_parse_capabilities+0x3c/0x1f0 [snd_hda_core] - azx_probe_continue+0x7d5/0x940 [snd_hda_intel] - ..... - -This happened on a new Intel machine, and we need to check the value -and abort the loop accordingly. - -[note: the fixes tag below indicates only the commit where this patch - can be applied; the original problem was introduced even before that - commit] - -Fixes: 6720b38420a0 ("ALSA: hda - move bus_parse_capabilities to core") -Cc: <[email protected]> -Acked-by: Vinod Koul <[email protected]> -Signed-off-by: Takashi Iwai <[email protected]> - ---- - sound/hda/hdac_controller.c | 5 +++++ - 1 file changed, 5 insertions(+) - ---- a/sound/hda/hdac_controller.c -+++ b/sound/hda/hdac_controller.c -@@ -284,6 +284,11 @@ int snd_hdac_bus_parse_capabilities(stru - dev_dbg(bus->dev, "HDA capability ID: 0x%x\n", - (cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF); - -+ if (cur_cap == -1) { -+ dev_dbg(bus->dev, "Invalid capability reg read\n"); -+ break; -+ } -+ - switch ((cur_cap & AZX_CAP_HDR_ID_MASK) >> AZX_CAP_HDR_ID_OFF) { - case AZX_ML_CAP_ID: - dev_dbg(bus->dev, "Found ML capability\n"); ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch new/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch --- old/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch 2017-10-18 22:21:40.000000000 +0200 +++ new/patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,59 +0,0 @@ -From: Eric Sandeen <[email protected]> -Date: Tue, 17 Oct 2017 17:15:03 -0700 -Subject: [PATCH] xfs: handle error if xfs_btree_get_bufs fails -Patch-mainline: Not yet, it slipped through the rocks I pushed it again -References: bsc#1059863 - -Jason reported that a corrupted filesystem failed to replay -the log with a metadata block out of bounds warning: - -XFS (dm-2): _xfs_buf_find: Block out of range: block 0x80270fff8, EOFS 0x9c40000 - -_xfs_buf_find() and xfs_btree_get_bufs() return NULL if -that happens, and then when xfs_alloc_fix_freelist() calls -xfs_trans_binval() on that NULL bp, we oops with: - -BUG: unable to handle kernel NULL pointer dereference at 00000000000000f8 - -We don't handle _xfs_buf_find errors very well, every -caller higher up the stack gets to guess at why it failed. -But we should at least handle it somehow, so return -EFSCORRUPTED here. - -Reported-by: Jason L Tibbitts III <[email protected]> -Signed-off-by: Eric Sandeen <[email protected]> -Reviewed-by: Darrick J. Wong <[email protected]> -Signed-off-by: Luis R. Rodriguez <[email protected]> ---- - fs/xfs/libxfs/xfs_alloc.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/fs/xfs/libxfs/xfs_alloc.c b/fs/xfs/libxfs/xfs_alloc.c -index 744dcaec34cc..f965ce832bc0 100644 ---- a/fs/xfs/libxfs/xfs_alloc.c -+++ b/fs/xfs/libxfs/xfs_alloc.c -@@ -1584,6 +1584,10 @@ xfs_alloc_ag_vextent_small( - - bp = xfs_btree_get_bufs(args->mp, args->tp, - args->agno, fbno, 0); -+ if (!bp) { -+ error = -EFSCORRUPTED; -+ goto error0; -+ } - xfs_trans_binval(args->tp, bp); - } - args->len = 1; -@@ -2141,6 +2145,10 @@ xfs_alloc_fix_freelist( - if (error) - goto out_agbp_relse; - bp = xfs_btree_get_bufs(mp, tp, args->agno, bno, 0); -+ if (!bp) { -+ error = -EFSCORRUPTED; -+ goto out_agbp_relse; -+ } - xfs_trans_binval(tp, bp); - } - --- -2.14.2 - ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 7409 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-futex-futex_wake_op-do-not-fail-on-invalid-op.patch new/patches.suse/0001-futex-futex_wake_op-do-not-fail-on-invalid-op.patch --- old/patches.suse/0001-futex-futex_wake_op-do-not-fail-on-invalid-op.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/0001-futex-futex_wake_op-do-not-fail-on-invalid-op.patch 2017-10-27 09:27:49.000000000 +0200 @@ -0,0 +1,81 @@ +From: Jiri Slaby <[email protected]> +Date: Mon, 23 Oct 2017 09:53:49 +0200 +Subject: futex: futex_wake_op, do not fail on invalid op +Patch-mainline: submitted on 2017/10/23 +References: bnc#1064590 + +In 30d6e0a4190d ("futex: Remove duplicated code and fix undefined +behaviour"), I let FUTEX_WAKE_OP to fail on invalid op. Namely when +op should be considered as shift and the shift is out of range (< 0 or +> 31). + +But strace's test suite does this madness: +futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xa0caffee); +futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xbadfaced); +futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xffffffff); + +When I pick the first 0xa0caffee, it decodes as: +0x80000000 & 0xa0caffee: oparg is shift +0x70000000 & 0xa0caffee: op is FUTEX_OP_OR +0x0f000000 & 0xa0caffee: cmp is FUTEX_OP_CMP_EQ +0x00fff000 & 0xa0caffee: oparg is sign-extended 0xcaf = -849 +0x00000fff & 0xa0caffee: cmparg is sign-extended 0xfee = -18 + +That means the op tries to do this: + (futex |= (1 << (-849))) == -18 +which is completely bogus. The new check of op in the code is: + if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { + if (oparg < 0 || oparg > 31) + return -EINVAL; + oparg = 1 << oparg; + } + +which results obviously in the "Invalid argument" errno: +----8<--------8<--------8<--------8<--------8<---- +FAIL: futex +=========== + +futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xa0caffee) = -1: Invalid argument +futex.test: failed test: ../futex failed with code 1 +----8<--------8<--------8<--------8<--------8<---- + +So let us soften the failure to print only a (ratelimited) message, +crop the value and continue as if it were right. When userspace keeps +up, we can switch this to return -EINVAL again. + +[v2] +Do not return 0 immediatelly, proceed with the cropped value. + +Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour") +Signed-off-by: Jiri Slaby <[email protected]> +Cc: Ingo Molnar <[email protected]> +Cc: Peter Zijlstra <[email protected]> +Cc: Darren Hart <[email protected]> +Cc: Linus Torvalds <[email protected]> + +Signed-off-by: Jiri Slaby <[email protected]> +--- + kernel/futex.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -1566,8 +1566,16 @@ static int futex_atomic_op_inuser(unsign + int oldval, ret; + + if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { +- if (oparg < 0 || oparg > 31) +- return -EINVAL; ++ if (oparg < 0 || oparg > 31) { ++ char comm[sizeof(current->comm)]; ++ /* ++ * kill this print and return -EINVAL when userspace ++ * is sane again ++ */ ++ pr_info_ratelimited("futex_wake_op: %s tries to shift op by %d; fix this program\n", ++ get_task_comm(comm, current), oparg); ++ oparg &= 31; ++ } + oparg = 1 << oparg; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch new/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch --- old/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch 2017-10-27 09:27:49.000000000 +0200 @@ -0,0 +1,36 @@ +From: Jiri Slaby <[email protected]> +Date: Mon, 23 Oct 2017 13:13:24 +0200 +Subject: futex: futex_wake_op, fix sign_extend32 sign bits +Patch-mainline: submitted on 2017/10/23 +References: bnc#1064590 + +sign_extend32 counts the sign bit parameter from 0, not from 1. So we +have to use "11" for 12th bit, not "12". + +This mistake means we have not allowed negative op and cmp args since +commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined +behaviour") till now. + +Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour") +Signed-off-by: Jiri Slaby <[email protected]> +Cc: Ingo Molnar <[email protected]> +Cc: Peter Zijlstra <[email protected]> +Cc: Darren Hart <[email protected]> +Cc: Linus Torvalds <[email protected]> +--- + kernel/futex.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -1561,8 +1561,8 @@ static int futex_atomic_op_inuser(unsign + { + unsigned int op = (encoded_op & 0x70000000) >> 28; + unsigned int cmp = (encoded_op & 0x0f000000) >> 24; +- int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12); +- int cmparg = sign_extend32(encoded_op & 0x00000fff, 12); ++ int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11); ++ int cmparg = sign_extend32(encoded_op & 0x00000fff, 11); + int oldval, ret; + + if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/futex-do-not-fail-on-invalid-op.patch new/patches.suse/futex-do-not-fail-on-invalid-op.patch --- old/patches.suse/futex-do-not-fail-on-invalid-op.patch 2017-10-23 11:44:25.000000000 +0200 +++ new/patches.suse/futex-do-not-fail-on-invalid-op.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,77 +0,0 @@ -From: Jiri Slaby <[email protected]> -Date: Mon, 23 Oct 2017 09:53:49 +0200 -Subject: futex: do not fail on invalid op -Patch-mainline: submitted on 2017/10/23 -References: bnc#1064590 - -In 30d6e0a4190d ("futex: Remove duplicated code and fix undefined -behaviour"), I let FUTEX_WAKE_OP to fail on invalid op. Namely when -op should be considered as shift and the shift is out of range (< 0 or -> 31). - -But strace's test suite does this madness: -futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xa0caffee); -futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xbadfaced); -futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xffffffff); - -When I pick the first 0xa0caffee, it decodes as: -0x80000000 & 0xa0caffee: oparg is shift -0x70000000 & 0xa0caffee: op is FUTEX_OP_OR -0x0f000000 & 0xa0caffee: cmp is FUTEX_OP_CMP_EQ -0x00fff000 & 0xa0caffee: oparg is sign-extended 0xcaf = -849 -0x00000fff & 0xa0caffee: cmparg is sign-extended 0xfee = -18 - -That means the op tries to do this: - (futex |= (1 << (-849))) == -18 -which is completely bogus. The new check of op in the code is: - if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { - if (oparg < 0 || oparg > 31) - return -EINVAL; - oparg = 1 << oparg; - } - -which results obviously in the "Invalid argument" errno: -----8<--------8<--------8<--------8<--------8<---- -FAIL: futex -=========== - -futex(0x7fabd78bcffc, 0x5, 0xfacefeed, 0xb, 0x7fabd78bcffc, 0xa0caffee) = -1: Invalid argument -futex.test: failed test: ../futex failed with code 1 -----8<--------8<--------8<--------8<--------8<---- - -So let us soften the failure to print only a (ratelimited) message and -return 0 silently in these cases until userspace keeps up. - -Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour") -Signed-off-by: Jiri Slaby <[email protected]> -Cc: Ingo Molnar <[email protected]> -Cc: Peter Zijlstra <[email protected]> -Cc: Darren Hart <[email protected]> -Cc: Linus Torvalds <[email protected]> - -Signed-off-by: Jiri Slaby <[email protected]> ---- - kernel/futex.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - ---- a/kernel/futex.c -+++ b/kernel/futex.c -@@ -1570,8 +1570,16 @@ static int futex_atomic_op_inuser(unsign - int oldval, ret; - - if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { -- if (oparg < 0 || oparg > 31) -- return -EINVAL; -+ if (oparg < 0 || oparg > 31) { -+ char comm[sizeof(current->comm)]; -+ /* -+ * kill this print and return -EINVAL when userspace -+ * is sane again -+ */ -+ pr_info_ratelimited("futex_wake_op: %s tries to shift op by %d, ignoring this request; fix this program\n", -+ get_task_comm(comm, current), oparg); -+ return 0; -+ } - oparg = 1 << oparg; - } - ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:18.031599216 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:18.031599216 +0100 @@ -602,6 +602,92 @@ patches.kernel.org/4.13.9-010-vmbus-eliminate-duplicate-cached-index.patch patches.kernel.org/4.13.9-011-vmbus-more-host-signalling-avoidance.patch patches.kernel.org/4.13.9-012-Linux-4.13.9.patch + patches.kernel.org/4.13.10-001-staging-bcm2835-audio-Fix-memory-corruption.patch + patches.kernel.org/4.13.10-002-USB-devio-Revert-USB-devio-Don-t-corrupt-user.patch + patches.kernel.org/4.13.10-003-USB-core-fix-out-of-bounds-access-bug-in-usb_.patch + patches.kernel.org/4.13.10-004-USB-serial-metro-usb-add-MS7820-device-id.patch + patches.kernel.org/4.13.10-005-usb-cdc_acm-Add-quirk-for-Elatec-TWN3.patch + patches.kernel.org/4.13.10-006-usb-quirks-add-quirk-for-WORLDE-MINI-MIDI-key.patch + patches.kernel.org/4.13.10-007-usb-hub-Allow-reset-retry-for-USB2-devices-on.patch + patches.kernel.org/4.13.10-008-ALSA-usb-audio-Add-native-DSD-support-for-Pro.patch + patches.kernel.org/4.13.10-009-can-gs_usb-fix-busy-loop-if-no-more-TX-contex.patch + patches.kernel.org/4.13.10-010-scsi-qla2xxx-Fix-uninitialized-work-element.patch + patches.kernel.org/4.13.10-011-nbd-don-t-set-the-device-size-until-we-re-con.patch + patches.kernel.org/4.13.10-012-s390-cputime-fix-guest-irq-softirq-times-afte.patch + patches.kernel.org/4.13.10-013-parisc-Fix-double-word-compare-and-exchange-i.patch + patches.kernel.org/4.13.10-014-parisc-Fix-detection-of-nonsynchronous-cr16-c.patch + patches.kernel.org/4.13.10-015-iio-dummy-events-Add-missing-break.patch + patches.kernel.org/4.13.10-016-usb-musb-sunxi-Explicitly-release-USB-PHY-on-.patch + patches.kernel.org/4.13.10-017-USB-musb-fix-session-bit-runtime-PM-quirk.patch + patches.kernel.org/4.13.10-018-USB-musb-fix-late-external-abort-on-suspend.patch + patches.kernel.org/4.13.10-019-usb-musb-musb_cppi41-Fix-the-address-of-teard.patch + patches.kernel.org/4.13.10-020-usb-musb-musb_cppi41-Fix-cppi41_set_dma_mode-.patch + patches.kernel.org/4.13.10-021-usb-musb-musb_cppi41-Configure-the-number-of-.patch + patches.kernel.org/4.13.10-022-usb-musb-Check-for-host-mode-using-is_host_ac.patch + patches.kernel.org/4.13.10-023-xhci-Identify-USB-3.1-capable-hosts-by-their-.patch + patches.kernel.org/4.13.10-024-xhci-Cleanup-current_cmd-in-xhci_cleanup_comm.patch + patches.kernel.org/4.13.10-025-usb-xhci-Reset-halted-endpoint-if-trb-is-noop.patch + patches.kernel.org/4.13.10-026-usb-xhci-Handle-error-condition-in-xhci_stop_.patch + patches.kernel.org/4.13.10-027-can-esd_usb2-Fix-can_dlc-value-for-received-R.patch + patches.kernel.org/4.13.10-028-can-af_can-can_pernet_init-add-missing-error-.patch + patches.kernel.org/4.13.10-029-can-flexcan-fix-state-transition-regression.patch + patches.kernel.org/4.13.10-030-can-flexcan-rename-legacy-error-state-quirk.patch + patches.kernel.org/4.13.10-031-can-flexcan-implement-error-passive-state-qui.patch + patches.kernel.org/4.13.10-032-can-flexcan-fix-i.MX6-state-transition-issue.patch + patches.kernel.org/4.13.10-033-can-flexcan-fix-i.MX28-state-transition-issue.patch + patches.kernel.org/4.13.10-034-can-flexcan-fix-p1010-state-transition-issue.patch + patches.kernel.org/4.13.10-035-KEYS-encrypted-fix-dereference-of-NULL-user_k.patch + patches.kernel.org/4.13.10-036-mmc-sdhci-pci-Fix-default-d3_retune-for-Intel.patch + patches.kernel.org/4.13.10-037-drm-i915-Use-bdw_ddi_translations_fdi-for-Bro.patch + patches.kernel.org/4.13.10-038-drm-nouveau-kms-nv50-fix-oops-during-DP-IRQ-h.patch + patches.kernel.org/4.13.10-039-drm-nouveau-bsp-g92-disable-by-default.patch + patches.kernel.org/4.13.10-040-drm-nouveau-mmu-flush-tlbs-before-deleting-pa.patch + patches.kernel.org/4.13.10-041-media-s5p-cec-add-NACK-detection-support.patch + patches.kernel.org/4.13.10-042-media-cec-Respond-to-unregistered-initiators-.patch + patches.kernel.org/4.13.10-043-media-dvb-i2c-transfers-over-usb-cannot-be-do.patch + patches.kernel.org/4.13.10-044-tracing-samples-Fix-creation-and-deletion-of-.patch + patches.kernel.org/4.13.10-045-ALSA-seq-Enable-use-locking-in-all-configurat.patch + patches.kernel.org/4.13.10-046-ALSA-hda-Remove-superfluous-added-by-printk-c.patch + patches.kernel.org/4.13.10-047-ALSA-hda-Abort-capability-probe-at-invalid-re.patch + patches.kernel.org/4.13.10-048-i2c-ismt-Separate-I2C-block-read-from-SMBus-b.patch + patches.kernel.org/4.13.10-049-i2c-piix4-Fix-SMBus-port-selection-for-AMD-Fa.patch + patches.kernel.org/4.13.10-050-Revert-tools-power-turbostat-stop-migrating-u.patch + patches.kernel.org/4.13.10-051-Input-stmfts-fix-setting-ABS_MT_POSITION_-max.patch + patches.kernel.org/4.13.10-052-brcmfmac-Add-check-for-short-event-packets.patch + patches.kernel.org/4.13.10-053-brcmsmac-make-some-local-variables-static-con.patch + patches.kernel.org/4.13.10-054-ARM-dts-sun6i-Fix-endpoint-IDs-in-second-disp.patch + patches.kernel.org/4.13.10-055-bus-mbus-fix-window-size-calculation-for-4GB-.patch + patches.kernel.org/4.13.10-056-clockevents-drivers-cs5535-Improve-resilience.patch + patches.kernel.org/4.13.10-057-rtlwifi-rtl8821ae-Fix-connection-lost-problem.patch + patches.kernel.org/4.13.10-058-x86-microcode-intel-Disable-late-loading-on-m.patch + patches.kernel.org/4.13.10-059-lib-digsig-fix-dereference-of-NULL-user_key_p.patch + patches.kernel.org/4.13.10-060-fscrypt-fix-dereference-of-NULL-user_key_payl.patch + patches.kernel.org/4.13.10-061-ecryptfs-fix-dereference-of-NULL-user_key_pay.patch + patches.kernel.org/4.13.10-062-KEYS-Fix-race-between-updating-and-finding-a-.patch + patches.kernel.org/4.13.10-063-FS-Cache-fix-dereference-of-NULL-user_key_pay.patch + patches.kernel.org/4.13.10-064-KEYS-don-t-let-add_key-update-an-uninstantiat.patch + patches.kernel.org/4.13.10-065-pkcs7-Prevent-NULL-pointer-dereference-since-.patch + patches.kernel.org/4.13.10-066-arm64-dts-rockchip-correct-vqmmc-voltage-for-.patch + patches.kernel.org/4.13.10-067-ALSA-hda-Fix-incorrect-TLV-callback-check-int.patch + patches.kernel.org/4.13.10-068-iomap_dio_rw-Allocate-AIO-completion-queue-be.patch + patches.kernel.org/4.13.10-069-xfs-don-t-unconditionally-clear-the-reflink-f.patch + patches.kernel.org/4.13.10-070-xfs-evict-CoW-fork-extents-when-performing-fi.patch + patches.kernel.org/4.13.10-071-fs-xfs-Use-pS-printk-format-for-direct-addres.patch + patches.kernel.org/4.13.10-072-xfs-report-zeroed-or-not-correctly-in-xfs_zer.patch + patches.kernel.org/4.13.10-073-xfs-update-i_size-after-unwritten-conversion-.patch + patches.kernel.org/4.13.10-074-xfs-perag-initialization-should-only-touch-m_.patch + patches.kernel.org/4.13.10-075-xfs-Capture-state-of-the-right-inode-in-xfs_i.patch + patches.kernel.org/4.13.10-076-xfs-always-swap-the-cow-forks-when-swapping-e.patch + patches.kernel.org/4.13.10-077-xfs-handle-racy-AIO-in-xfs_reflink_end_cow.patch + patches.kernel.org/4.13.10-078-xfs-Don-t-log-uninitialised-fields-in-inode-s.patch + patches.kernel.org/4.13.10-079-xfs-move-more-RT-specific-code-under-CONFIG_X.patch + patches.kernel.org/4.13.10-080-xfs-don-t-change-inode-mode-if-ACL-update-fai.patch + patches.kernel.org/4.13.10-081-xfs-reinit-btree-pointer-on-attr-tree-inactiv.patch + patches.kernel.org/4.13.10-082-xfs-handle-error-if-xfs_btree_get_bufs-fails.patch + patches.kernel.org/4.13.10-083-xfs-cancel-dirty-pages-on-invalidation.patch + patches.kernel.org/4.13.10-084-xfs-trim-writepage-mapping-to-within-eof.patch + patches.kernel.org/4.13.10-085-xfs-move-two-more-RT-specific-functions-into-.patch + patches.kernel.org/4.13.10-086-Linux-4.13.10.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -651,7 +737,8 @@ ######################################################## patches.suse/setuid-dumpable-wrongdir patches.fixes/futex-Remove-duplicated-code-and-fix-undefined-behav.patch - patches.suse/futex-do-not-fail-on-invalid-op.patch + patches.suse/0001-futex-futex_wake_op-do-not-fail-on-invalid-op.patch + patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch ######################################################## # Architecture-specific patches. These used to be all @@ -943,7 +1030,6 @@ ########################################################## patches.drivers/ALSA-hda-Implement-mic-mute-LED-mode-enum patches.drivers/ALSA-ice1712-Add-support-for-STAudio-ADCIII - patches.drivers/ALSA-hda-Abort-capability-probe-at-invalid-register- ######################################################## # Char / serial @@ -1074,7 +1160,6 @@ # submitted patches.suse/0001-orc-mark-it-as-reliable.patch - patches.fixes/xfs-handle-error-if-xfs_btree_get_bufs-fails.patch ######################################################## # Kdump ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.f39aXw/_old 2017-10-30 21:18:18.087597180 +0100 +++ /var/tmp/diff_new_pack.f39aXw/_new 2017-10-30 21:18:18.087597180 +0100 @@ -1,3 +1,3 @@ -2017-10-23 11:44:25 +0200 -GIT Revision: e7d71063ecf68f95aca8efd745790e08a8f93e30 +2017-10-27 11:03:09 +0200 +GIT Revision: db36cf83181a996bfdb86b3c32dc376d7b6922f0 GIT Branch: stable
