Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2018-02-01 21:27:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Thu Feb 1 21:27:18 2018 rev:404 rq:571520 version:4.15.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2018-01-31 19:48:59.913548906 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2018-02-01 21:27:25.446583179 +0100 @@ -1,0 +2,26 @@ +Wed Jan 31 07:51:04 CET 2018 - [email protected] + +- Update to 4.15-final. +- Eliminated 5 patches. +- Config changes: + - Security: + - GENERIC_CPU_VULNERABILITIES=y +- commit 978c9b0 + +------------------------------------------------------------------- +Tue Jan 30 13:15:01 CET 2018 - [email protected] + +- Update + patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch + upstream references (add CVE-2018-5332 bsc#1075621). +- commit 510de01 + +------------------------------------------------------------------- +Tue Jan 30 13:13:54 CET 2018 - [email protected] + +- Update + patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch + upstream references (add CVE-2018-5333 bsc#1075617). +- commit e6cf845 + +------------------------------------------------------------------- @@ -24 +50 @@ -- commit 6f87133 +- commit 13295d4 @@ -135,0 +162,115 @@ +Thu Jan 25 08:23:15 CET 2018 - [email protected] + +- x86/cpufeature: Move processor tracing out of scattered features + (bsc#1068032 CVE-2017-5753). +- Refresh + patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch. +- Refresh + patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch. +- commit 8d8b718 + +------------------------------------------------------------------- +Wed Jan 24 20:19:27 CET 2018 - [email protected] + +- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB + macros (bsc#1068032 CVE-2017-5753). +- commit 8dc7c71 + +------------------------------------------------------------------- +Wed Jan 24 20:17:09 CET 2018 - [email protected] + +- x86/vmx: Direct access to MSR_IA32_SPEC_CTRL (bsc#1068032 + CVE-2017-5753). +- x86/ibrs: Add new helper macros to save/restore + MSR_IA32_SPEC_CTRL (bsc#1068032 CVE-2017-5753). +- x86/enter: Use IBRS on syscall and interrupts (bsc#1068032 + CVE-2017-5753). +- x86/enter: Create macros to restrict/unrestrict Indirect Branch + Speculation (bsc#1068032 CVE-2017-5753). +- x86/idle: Control Indirect Branch Speculation in idle + (bsc#1068032 CVE-2017-5753). +- x86: Simplify spectre_v2 command line parsing (bsc#1068032 + CVE-2017-5753). +- x86/speculation: Add inlines to control Indirect Branch + Speculation (bsc#1068032 CVE-2017-5753). +- x86/speculation: Add basic IBRS support infrastructure + (bsc#1068032 CVE-2017-5753). +- x86/mm: Only flush indirect branches when switching into non + dumpable process (bsc#1068032 CVE-2017-5753). +- x86/speculation: Use Indirect Branch Prediction Barrier in + context switch (bsc#1068032 CVE-2017-5753). +- x86/kvm: Add IBPB support (bsc#1068032 CVE-2017-5753). +- x86/speculation: Add basic IBPB (Indirect Branch Prediction + Barrier) support (bsc#1068032 CVE-2017-5753). +- x86/cpufeature: Blacklist SPEC_CTRL on early Spectre v2 + microcodes (bsc#1068032 CVE-2017-5753). +- x86/pti: Do not enable PTI on processors which are not + vulnerable to Meltdown (bsc#1068032 CVE-2017-5753). +- x86/msr: Add definitions for new speculation control MSRs + (bsc#1068032 CVE-2017-5753). +- x86/cpufeatures: Add AMD feature bits for Speculation Control + (bsc#1068032 CVE-2017-5753). +- x86/cpufeatures: Add Intel feature bits for Speculation Control + (bsc#1068032 CVE-2017-5753). +- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bsc#1068032 + CVE-2017-5753). +- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB + (bsc#1068032 CVE-2017-5753). +- x86/retpoline: Fill RSB on context switch for affected CPUs + (bsc#1068032 CVE-2017-5753). +- commit e36ab4f + +------------------------------------------------------------------- +Wed Jan 24 19:41:00 CET 2018 - [email protected] + +- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715). +- asm/nospec, array_ptr: sanitize speculative array de-references + (bsc#1068032 CVE-2017-5715). +- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715). +- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032 + CVE-2017-5715). +- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032 + CVE-2017-5715). +- x86, get_user: use pointer masking to limit speculation + (bsc#1068032 CVE-2017-5715). +- x86: narrow out of bounds syscalls to sys_read under speculation + (bsc#1068032 CVE-2017-5715). +- vfs, fdtable: prevent bounds-check bypass via speculative + execution (bsc#1068032 CVE-2017-5715). +- kvm, x86: update spectre-v1 mitigation (bsc#1068032 + CVE-2017-5715). +- nl80211: sanitize array index in parse_txq_params (bsc#1068032 + CVE-2017-5715). +- Delete + patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch. +- Delete + patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch. +- Delete + patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch. +- Delete + patches.suse/0006-uvcvideo-prevent-speculative-execution.patch. +- Delete + patches.suse/0007-carl9170-prevent-speculative-execution.patch. +- Delete + patches.suse/0008-p54-prevent-speculative-execution.patch. +- Delete + patches.suse/0009-qla2xxx-prevent-speculative-execution.patch. +- Delete + patches.suse/0010-cw1200-prevent-speculative-execution.patch. +- Delete + patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch. +- Delete + patches.suse/0012-ipv4-prevent-speculative-execution.patch. +- Delete + patches.suse/0013-ipv6-prevent-speculative-execution.patch. +- Delete patches.suse/0014-fs-prevent-speculative-execution.patch. +- Delete + patches.suse/0015-net-mpls-prevent-speculative-execution.patch. +- Delete + patches.suse/0016-udf-prevent-speculative-execution.patch. +- Delete + patches.suse/0017-userns-prevent-speculative-execution.patch. + Replace by the potential upstream solution. +- commit 804f8a1 + +------------------------------------------------------------------- @@ -339,0 +481,7 @@ +Mon Jan 22 13:29:31 CET 2018 - [email protected] + +- rpm/mkspec-dtb: Remove COPYING file (bsc#1076905). + It conflicts between different versions of dtb package. +- commit 0e5fcf9 + +------------------------------------------------------------------- @@ -394,0 +543,21 @@ +Thu Jan 18 11:20:11 CET 2018 - [email protected] + +- Update config files (bsc#1068032 CVE-2017-5715). + Enable RETPOLINE -- the compiler is capable of them already. +- commit 5d5345e + +------------------------------------------------------------------- +Wed Jan 17 16:02:16 CET 2018 - [email protected] + +- kernel-obs-build.spec.in: enable xfs module + This allows the public cloud team to build images with XFS + as root filesystem +- commit 95a2d6f + +------------------------------------------------------------------- +Wed Jan 17 15:19:38 CET 2018 - [email protected] + +- macros.kernel-source: pass -f properly in module subpackage (boo#1076393). +- commit 66bd9b8 + +------------------------------------------------------------------- @@ -627,0 +797,11 @@ +Mon Jan 15 15:08:48 CET 2018 - [email protected] + +- Update to 4.15-rc8. +- Eliminated 3 patches. +- Config changes: + - Security: + - BPF_JIT_ALWAYS_ON=y + - RETPOLINE=n (depends on gcc with -mindirect-branch=thunk-extern) +- commit 05e4405 + +------------------------------------------------------------------- @@ -651 +831,9 @@ -- commit 77de35d +- commit 0eca303 + +------------------------------------------------------------------- +Thu Jan 11 19:57:16 CET 2018 - [email protected] + +- config: arm64: Enable Aardvark PCIe controller + Aardvark PCIe controller is a part of Marvel Armada 3700 SoC. + This option is required to support PCIe for JeOS-espressobin. ++++ 280 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change Old: ---- linux-4.14.tar.xz New: ---- linux-4.15.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.705262423 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:53.709262236 +0100 @@ -16,8 +16,8 @@ # -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb}) Name: dtb-aarch64 -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -362,6 +362,7 @@ for dts in al/*.dts allwinner/*.dts altera/*.dts amd/*.dts amlogic/*.dts apm/*.dts arm/*.dts broadcom/*.dts cavium/*.dts exynos/*.dts freescale/*.dts hisilicon/*.dts lg/*.dts marvell/*.dts mediatek/*.dts nvidia/*.dts qcom/*.dts renesas/*.dts rockchip/*.dts socionext/*.dts sprd/*.dts xilinx/*.dts zte/*.dts ; do target=${dts%*.dts} install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target) + # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target) install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target) %ifarch aarch64 # HACK: work around U-Boot ignoring vendor dir @@ -540,7 +541,6 @@ %files -n dtb-al %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/al @@ -552,7 +552,6 @@ %files -n dtb-allwinner %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/allwinner @@ -564,7 +563,6 @@ %files -n dtb-altera %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/altera @@ -576,7 +574,6 @@ %files -n dtb-amd %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/amd @@ -588,7 +585,6 @@ %files -n dtb-amlogic %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/amlogic @@ -600,7 +596,6 @@ %files -n dtb-apm %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/apm @@ -612,7 +607,6 @@ %files -n dtb-arm %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/arm @@ -624,7 +618,6 @@ %files -n dtb-broadcom %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/broadcom @@ -636,7 +629,6 @@ %files -n dtb-cavium %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/cavium @@ -648,7 +640,6 @@ %files -n dtb-exynos %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/exynos @@ -660,7 +651,6 @@ %files -n dtb-freescale %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/freescale @@ -672,7 +662,6 @@ %files -n dtb-hisilicon %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/hisilicon @@ -684,7 +673,6 @@ %files -n dtb-lg %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/lg @@ -696,7 +684,6 @@ %files -n dtb-marvell %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/marvell @@ -708,7 +695,6 @@ %files -n dtb-mediatek %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/mediatek @@ -720,7 +706,6 @@ %files -n dtb-nvidia %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/nvidia @@ -732,7 +717,6 @@ %files -n dtb-qcom %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/qcom @@ -744,7 +728,6 @@ %files -n dtb-renesas %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/renesas @@ -756,7 +739,6 @@ %files -n dtb-rockchip %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/rockchip @@ -768,7 +750,6 @@ %files -n dtb-socionext %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/socionext @@ -780,7 +761,6 @@ %files -n dtb-sprd %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/sprd @@ -792,7 +772,6 @@ %files -n dtb-xilinx %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/xilinx @@ -804,7 +783,6 @@ %files -n dtb-zte %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %dir %{dtbdir}/zte ++++++ dtb-armv6l.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.745260554 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:53.749260367 +0100 @@ -16,8 +16,8 @@ # -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb}) Name: dtb-armv6l -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -159,6 +159,7 @@ for dts in bcm2835*.dts ; do target=${dts%*.dts} install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target) + # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target) install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target) %ifarch aarch64 # HACK: work around U-Boot ignoring vendor dir @@ -183,7 +184,6 @@ %files -n dtb-bcm2835 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/bcm2835*.dtb ++++++ dtb-armv7l.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.773259245 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:53.777259058 +0100 @@ -16,8 +16,8 @@ # -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb}) Name: dtb-armv7l -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -530,6 +530,7 @@ for dts in am335x-*.dts am3517*.dts am57xx-*.dts armada-370-*.dts armada-375-*.dts armada-385-*.dts armada-388-*.dts armada-398-*.dts armada-xp-*.dts bcm2836*.dts dove-*.dts exynos4*.dts exynos5*.dts imx5*.dts imx6*.dts imx7*.dts keystone-*.dts meson6-*.dts meson8-*.dts meson8b-*.dts omap3*.dts omap4*.dts omap5*.dts qcom-*.dts rk3*.dts socfpga_*.dts ste-*.dts sun4i-*.dts sun5i-*.dts sun6i-*.dts sun7i-*.dts sun8i-*.dts sun9i-*.dts tegra20-*.dts tegra30-*.dts tegra114-*.dts tegra124-*.dts vexpress-*.dts vf500-*.dts vf610-*.dts xenvm-*.dts zynq-*.dts ; do target=${dts%*.dts} install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target) + # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target) install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target) %ifarch aarch64 # HACK: work around U-Boot ignoring vendor dir @@ -841,7 +842,6 @@ %files -n dtb-am335x %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/am335x-*.dtb @@ -852,7 +852,6 @@ %files -n dtb-am3517 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/am3517*.dtb @@ -863,7 +862,6 @@ %files -n dtb-am57xx %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/am57xx-*.dtb @@ -874,7 +872,6 @@ %files -n dtb-armada-370 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/armada-370-*.dtb @@ -885,7 +882,6 @@ %files -n dtb-armada-375 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/armada-375-*.dtb @@ -896,7 +892,6 @@ %files -n dtb-armada-385 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/armada-385-*.dtb @@ -907,7 +902,6 @@ %files -n dtb-armada-388 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/armada-388-*.dtb @@ -918,7 +912,6 @@ %files -n dtb-armada-398 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/armada-398-*.dtb @@ -929,7 +922,6 @@ %files -n dtb-armada-xp %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/armada-xp-*.dtb @@ -940,7 +932,6 @@ %files -n dtb-bcm2836 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/bcm2836*.dtb @@ -951,7 +942,6 @@ %files -n dtb-dove %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/dove-*.dtb @@ -962,7 +952,6 @@ %files -n dtb-exynos4 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/exynos4*.dtb @@ -973,7 +962,6 @@ %files -n dtb-exynos5 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/exynos5*.dtb @@ -984,7 +972,6 @@ %files -n dtb-imx5 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/imx5*.dtb @@ -995,7 +982,6 @@ %files -n dtb-imx6 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/imx6*.dtb @@ -1006,7 +992,6 @@ %files -n dtb-imx7 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/imx7*.dtb @@ -1017,7 +1002,6 @@ %files -n dtb-keystone %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/keystone-*.dtb @@ -1028,7 +1012,6 @@ %files -n dtb-meson6 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/meson6-*.dtb @@ -1039,7 +1022,6 @@ %files -n dtb-meson8 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/meson8-*.dtb @@ -1050,7 +1032,6 @@ %files -n dtb-meson8b %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/meson8b-*.dtb @@ -1061,7 +1042,6 @@ %files -n dtb-omap3 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/omap3*.dtb @@ -1072,7 +1052,6 @@ %files -n dtb-omap4 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/omap4*.dtb @@ -1083,7 +1062,6 @@ %files -n dtb-omap5 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/omap5*.dtb @@ -1094,7 +1072,6 @@ %files -n dtb-qcom %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/qcom-*.dtb @@ -1105,7 +1082,6 @@ %files -n dtb-rk3 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/rk3*.dtb @@ -1116,7 +1092,6 @@ %files -n dtb-socfpga %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/socfpga_*.dtb @@ -1127,7 +1102,6 @@ %files -n dtb-ste %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/ste-*.dtb @@ -1138,7 +1112,6 @@ %files -n dtb-sun4i %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/sun4i-*.dtb @@ -1149,7 +1122,6 @@ %files -n dtb-sun5i %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/sun5i-*.dtb @@ -1160,7 +1132,6 @@ %files -n dtb-sun6i %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/sun6i-*.dtb @@ -1171,7 +1142,6 @@ %files -n dtb-sun7i %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/sun7i-*.dtb @@ -1182,7 +1152,6 @@ %files -n dtb-sun8i %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/sun8i-*.dtb @@ -1193,7 +1162,6 @@ %files -n dtb-sun9i %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/sun9i-*.dtb @@ -1204,7 +1172,6 @@ %files -n dtb-tegra2 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/tegra20-*.dtb @@ -1215,7 +1182,6 @@ %files -n dtb-tegra3 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/tegra30-*.dtb @@ -1226,7 +1192,6 @@ %files -n dtb-tegra114 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/tegra114-*.dtb @@ -1237,7 +1202,6 @@ %files -n dtb-tegra124 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/tegra124-*.dtb @@ -1248,7 +1212,6 @@ %files -n dtb-vexpress %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/vexpress-*.dtb @@ -1259,7 +1222,6 @@ %files -n dtb-vf500 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/vf500-*.dtb @@ -1270,7 +1232,6 @@ %files -n dtb-vf6 %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/vf610-*.dtb @@ -1281,7 +1242,6 @@ %files -n dtb-xenvm %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/xenvm-*.dtb @@ -1292,7 +1252,6 @@ %files -n dtb-zynq %endif %defattr(-,root,root) -%doc COPYING %ghost /boot/dtb %dir %{dtbdir} %{dtbdir}/zynq-*.dtb ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.809257563 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:53.813257376 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -1164,10 +1164,10 @@ Group: System/Kernel Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) -Provides: kernel-default-kgraft -Provides: kernel-xen-kgraft -Obsoletes: kernel-default-kgraft < 4.12 -Obsoletes: kernel-xen-kgraft < 4.12 +Provides: kernel-default-kgraft = %version +Provides: kernel-xen-kgraft = %version +Obsoletes: kernel-default-kgraft < %version +Obsoletes: kernel-xen-kgraft < %version %description livepatch This is a metapackage that pulls in the matching kernel-livepatch package for a kernel-debug.spec: same change ++++++ kernel-default.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.905253076 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:53.909252889 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: The Standard Kernel License: GPL-2.0 Group: System/Kernel -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -1279,10 +1279,10 @@ Group: System/Kernel Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) -Provides: kernel-default-kgraft -Provides: kernel-xen-kgraft -Obsoletes: kernel-default-kgraft < 4.12 -Obsoletes: kernel-xen-kgraft < 4.12 +Provides: kernel-default-kgraft = %version +Provides: kernel-xen-kgraft = %version +Obsoletes: kernel-default-kgraft < %version +Obsoletes: kernel-xen-kgraft < %version %description livepatch This is a metapackage that pulls in the matching kernel-livepatch package for a ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.941251394 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:53.945251207 +0100 @@ -16,8 +16,8 @@ # -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.969250085 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:53.973249898 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -1158,10 +1158,10 @@ Group: System/Kernel Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) -Provides: kernel-default-kgraft -Provides: kernel-xen-kgraft -Obsoletes: kernel-default-kgraft < 4.12 -Obsoletes: kernel-xen-kgraft < 4.12 +Provides: kernel-default-kgraft = %version +Provides: kernel-xen-kgraft = %version +Obsoletes: kernel-default-kgraft < %version +Obsoletes: kernel-xen-kgraft < %version %description livepatch This is a metapackage that pulls in the matching kernel-livepatch package for a ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:53.997248776 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.001248589 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.14.15 +%define patchversion 4.15.0 %define variant %{nil} %define vanilla_only 0 @@ -32,13 +32,20 @@ %if 0%{?suse_version} %if %vanilla_only -BuildRequires: kernel-vanilla %define kernel_flavor -vanilla %else -BuildRequires: kernel-default +%ifarch %ix86 +%define kernel_flavor -pae +%else +%ifarch armv7l armv7hl +%define kernel_flavor -lpae +%else %define kernel_flavor -default %endif %endif +%endif +%endif +BuildRequires: kernel%kernel_flavor %if 0%{?rhel_version} BuildRequires: kernel @@ -57,9 +64,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -109,7 +116,7 @@ # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env. # this list of modules where available on build workers of build.opensuse.org, so we stay compatible. -export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth" +export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs xfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth" # manually load all modules to make sure they're available for i in $KERNEL_MODULES; do @@ -139,7 +146,7 @@ -m "$KERNEL_MODULES" \ -k /boot/%{kernel_name}-*-default -M /boot/System.map-*-default -i /tmp/initrd.kvm -B %else -dracut --host-only --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'` +dracut --host-only --no-hostonly-cmdline --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'` %endif #cleanup ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.021247655 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.025247468 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.14.15 +%define patchversion 4.15.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.049246346 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.053246159 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -1228,10 +1228,10 @@ Group: System/Kernel Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) -Provides: kernel-default-kgraft -Provides: kernel-xen-kgraft -Obsoletes: kernel-default-kgraft < 4.12 -Obsoletes: kernel-xen-kgraft < 4.12 +Provides: kernel-default-kgraft = %version +Provides: kernel-xen-kgraft = %version +Obsoletes: kernel-default-kgraft < %version +Obsoletes: kernel-xen-kgraft < %version %description livepatch This is a metapackage that pulls in the matching kernel-livepatch package for a ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.089244477 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.093244290 +0100 @@ -17,8 +17,8 @@ # icecream 0 -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.137242234 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.137242234 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.14.15 +Version: 4.15.0 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.157241299 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.165240925 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.14 -%define patchversion 4.14.15 +%define srcversion 4.15 +%define patchversion 4.15.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.14.15 +Version: 4.15.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9a6fca5 +Release: <RELEASE>.gac01747 %else Release: 0 %endif @@ -1161,10 +1161,10 @@ Group: System/Kernel Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) -Provides: kernel-default-kgraft -Provides: kernel-xen-kgraft -Obsoletes: kernel-default-kgraft < 4.12 -Obsoletes: kernel-xen-kgraft < 4.12 +Provides: kernel-default-kgraft = %version +Provides: kernel-xen-kgraft = %version +Obsoletes: kernel-default-kgraft < %version +Obsoletes: kernel-xen-kgraft < %version %description livepatch This is a metapackage that pulls in the matching kernel-livepatch package for a kernel-vanilla.spec: same change kernel-zfcpdump.spec: same change ++++++ config.sh ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.453227465 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.457227278 +0100 @@ -1,5 +1,5 @@ # The version of the main tarball to use -SRCVERSION=4.14 +SRCVERSION=4.15 # variant of the kernel-source package, either empty or "-rt" VARIANT= # buildservice projects to build the kernel against ++++++ config.tar.bz2 ++++++ ++++ 7419 lines of diff (skipped) ++++++ dtb.spec.in.in ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.733214379 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.733214379 +0100 @@ -89,6 +89,7 @@ for dts in $ALL_SUPPORTED_DTB; do target=${dts%*.dts} install -m 700 -d %{buildroot}%{dtbdir}/$(dirname $target) + # install -m 644 COPYING %{buildroot}%{dtbdir}/$(dirname $target) install -m 644 $target.dtb %{buildroot}%{dtbdir}/$(dirname $target) %ifarch aarch64 # HACK: work around U-Boot ignoring vendor dir ++++++ kernel-binary.spec.in ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.809210827 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.813210640 +0100 @@ -978,10 +978,10 @@ Group: System/Kernel Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) -Provides: kernel-default-kgraft -Provides: kernel-xen-kgraft -Obsoletes: kernel-default-kgraft < 4.12 -Obsoletes: kernel-xen-kgraft < 4.12 +Provides: kernel-default-kgraft = %version +Provides: kernel-xen-kgraft = %version +Obsoletes: kernel-default-kgraft < %version +Obsoletes: kernel-xen-kgraft < %version %description livepatch This is a metapackage that pulls in the matching kernel-livepatch package for a ++++++ kernel-obs-build.spec.in ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:54.909206154 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:54.913205967 +0100 @@ -32,13 +32,20 @@ %if 0%{?suse_version} %if %vanilla_only -BuildRequires: kernel-vanilla %define kernel_flavor -vanilla %else -BuildRequires: kernel-default +%ifarch %ix86 +%define kernel_flavor -pae +%else +%ifarch armv7l armv7hl +%define kernel_flavor -lpae +%else %define kernel_flavor -default %endif %endif +%endif +%endif +BuildRequires: kernel%kernel_flavor %if 0%{?rhel_version} BuildRequires: kernel @@ -109,7 +116,7 @@ # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env. # this list of modules where available on build workers of build.opensuse.org, so we stay compatible. -export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth" +export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs btrfs xfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi sd_mod e1000 ibmveth" # manually load all modules to make sure they're available for i in $KERNEL_MODULES; do @@ -139,7 +146,7 @@ -m "$KERNEL_MODULES" \ -k /boot/%{kernel_name}-*-default -M /boot/System.map-*-default -i /tmp/initrd.kvm -B %else -dracut --host-only --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'` +dracut --host-only --no-hostonly-cmdline --drivers="$KERNEL_MODULES" --force /tmp/initrd.kvm `echo /boot/%{kernel_name}-*%{kernel_flavor} | sed -n -e 's,[^-]*-\(.*'%{kernel_flavor}'\),\1,p'` %endif #cleanup ++++++ linux-4.14.tar.xz -> linux-4.15.tar.xz ++++++ /work/SRC/openSUSE:Factory/kernel-source/linux-4.14.tar.xz /work/SRC/openSUSE:Factory/.kernel-source.new/linux-4.15.tar.xz differ: char 15, line 1 ++++++ macros.kernel-source ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:55.169194003 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:55.169194003 +0100 @@ -19,7 +19,7 @@ krel=$(make -s -C /usr/src/linux-obj/%_target_cpu/$flavor kernelrelease) \ kver=${krel%%-*} \ flavors_to_build="$flavors_to_build $flavor" \ - echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name} -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-p} %{-b} %{-c:-c} $flavor $kver" \ + echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name} -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-f} %{-p} %{-b} %{-c:-c} $flavor $kver" \ done \ echo "%%global flavors_to_build${flavors_to_build:-%%nil}" \ echo "%%{expand:%%(test -z '%flavors_to_build' && echo %%%%internal_kmp_error)}" \ ++++++ mkspec-dtb ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:55.225191385 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:55.229191198 +0100 @@ -161,7 +161,6 @@ "%files -n $PKG_NAME\n" . "%endif\n" . "%defattr(-,root,root)\n" . - "%doc COPYING\n" . "%ghost /boot/dtb\n" . "%dir %{dtbdir}\n" . $dtb_subdir . ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 134527 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch new/patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch --- old/patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0001-x86-cpufeatures-Add-CPUID_7_EDX-CPUID-leaf.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 0715cb3212839630877817e59cb46bee3f2bf341 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 This is a pure feature bits leaf. We have two AVX512 feature bits in it already which were handled as scattered bits, and I'm about to add three @@ -87,9 +87,9 @@ */ --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h -@@ -71,6 +71,7 @@ +@@ -77,6 +77,7 @@ #define DISABLED_MASK15 0 - #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57) + #define DISABLED_MASK16 (DISABLE_PKU|DISABLE_OSPKE|DISABLE_LA57|DISABLE_UMIP) #define DISABLED_MASK17 0 -#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 18) +#define DISABLED_MASK18 0 @@ -109,7 +109,7 @@ #endif /* _ASM_X86_REQUIRED_FEATURES_H */ --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c -@@ -745,6 +745,7 @@ void get_cpu_cap(struct cpuinfo_x86 *c) +@@ -769,6 +769,7 @@ void get_cpu_cap(struct cpuinfo_x86 *c) cpuid_count(0x00000007, 0, &eax, &ebx, &ecx, &edx); c->x86_capability[CPUID_7_0_EBX] = ebx; c->x86_capability[CPUID_7_ECX] = ecx; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch new/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch --- old/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,36 +0,0 @@ -From: Jiri Slaby <[email protected]> -Date: Mon, 23 Oct 2017 13:13:24 +0200 -Subject: futex: futex_wake_op, fix sign_extend32 sign bits -Patch-mainline: submitted on 2017/10/23 -References: bnc#1064590 - -sign_extend32 counts the sign bit parameter from 0, not from 1. So we -have to use "11" for 12th bit, not "12". - -This mistake means we have not allowed negative op and cmp args since -commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined -behaviour") till now. - -Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour") -Signed-off-by: Jiri Slaby <[email protected]> -Cc: Ingo Molnar <[email protected]> -Cc: Peter Zijlstra <[email protected]> -Cc: Darren Hart <[email protected]> -Cc: Linus Torvalds <[email protected]> ---- - kernel/futex.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/kernel/futex.c -+++ b/kernel/futex.c -@@ -1561,8 +1561,8 @@ static int futex_atomic_op_inuser(unsign - { - unsigned int op = (encoded_op & 0x70000000) >> 28; - unsigned int cmp = (encoded_op & 0x0f000000) >> 24; -- int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12); -- int cmparg = sign_extend32(encoded_op & 0x00000fff, 12); -+ int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11); -+ int cmparg = sign_extend32(encoded_op & 0x00000fff, 11); - int oldval, ret; - - if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch new/patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch --- old/patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0002-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 4df4ced97da5c1e14a488ddfd7ebafe213b54ba3 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Add three feature bits exposed by new microcode on Intel CPUs for speculation control. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch new/patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch --- old/patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0003-x86-cpufeatures-Add-AMD-feature-bits-for-Speculation.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 2618db59c2c6061694463fb1811716fdf0912776 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 AMD exposes the PRED_CMD/SPEC_CTRL MSRs slightly differently to Intel. See http://lkml.kernel.org/r/[email protected] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch new/patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch --- old/patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0004-x86-msr-Add-definitions-for-new-speculation-control-.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 5054290b87d0a542f1588c3690d24d6c27db7894 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Add MSR and bit definitions for SPEC_CTRL, PRED_CMD and ARCH_CAPABILITIES. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch new/patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch --- old/patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0005-x86-pti-Do-not-enable-PTI-on-processors-which-are-no.patch 2018-01-31 07:59:46.000000000 +0100 @@ -5,7 +5,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 1665d40b7240918ef63c0a3db9154b5c3305a298 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Some old Atoms, anything in family 5 or 4, and newer CPUs when they advertise the IA32_ARCH_CAPABILITIES MSR and it has the RDCL_NO bit set, are not vulnerable. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0005-x86-stacktrace-orc-mark-it-as-reliable.patch new/patches.suse/0005-x86-stacktrace-orc-mark-it-as-reliable.patch --- old/patches.suse/0005-x86-stacktrace-orc-mark-it-as-reliable.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0005-x86-stacktrace-orc-mark-it-as-reliable.patch 2018-01-31 07:59:46.000000000 +0100 @@ -21,7 +21,7 @@ --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -171,7 +171,7 @@ config X86 +@@ -172,7 +172,7 @@ config X86 select HAVE_PERF_USER_STACK_DUMP select HAVE_RCU_TABLE_FREE select HAVE_REGS_AND_STACK_ACCESS_API diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch new/patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch --- old/patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0006-x86-cpufeature-Blacklist-SPEC_CTRL-on-early-Spectre-.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 807b29d5bd1e4971f04812d4c207ee8151522eaf Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 We don't refuse to load the affected microcodes; just refuse to use SPEC_CTRL if they're detected. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch new/patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch --- old/patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0007-x86-speculation-Add-basic-IBPB-Indirect-Branch-Predi.patch 2018-01-31 07:59:46.000000000 +0100 @@ -5,7 +5,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 94edcab6f527728e0936147c905b62ca5a232c58 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Expose indirect_branch_prediction_barrier() for use in subsequent patches. @@ -35,7 +35,7 @@ --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h -@@ -218,5 +218,18 @@ static inline void vmexit_fill_RSB(void) +@@ -215,5 +215,18 @@ static inline void vmexit_fill_RSB(void) #endif } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0008-x86-kvm-Add-IBPB-support.patch new/patches.suse/0008-x86-kvm-Add-IBPB-support.patch --- old/patches.suse/0008-x86-kvm-Add-IBPB-support.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0008-x86-kvm-Add-IBPB-support.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 44edbb289056e36b10a3756652196e69476c6457 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Add MSR passthrough for MSR_IA32_PRED_CMD and place branch predictor barriers on switching between VMs to avoid inter VM specte-v2 attacks. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch new/patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch --- old/patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0009-x86-speculation-Use-Indirect-Branch-Prediction-Barri.patch 2018-01-31 07:59:46.000000000 +0100 @@ -5,7 +5,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: a4c996dcc365b5d50453903df0f72bdee17b1a5b Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 [peterz: comment] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch new/patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch --- old/patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0010-x86-mm-Only-flush-indirect-branches-when-switching-i.patch 2018-01-31 07:59:46.000000000 +0100 @@ -5,7 +5,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: eb052500e0d28e8b90d4a7de0f6303f54224b84f Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Flush indirect branches when switching into a process that marked itself non dumpable. This protects high value processes like gpg diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch new/patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch --- old/patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0011-x86-speculation-Add-basic-IBRS-support-infrastructur.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 227c845f041e1b86ba25425a31393af032795543 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Not functional yet; just add the handling for it in the Spectre v2 mitigation selection, and the X86_FEATURE_IBRS flag which will control diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0012-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch new/patches.suse/0012-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch --- old/patches.suse/0012-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0012-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch 2018-01-31 07:59:46.000000000 +0100 @@ -7,7 +7,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 0022cdd96fe7cbac0d900a525f9690f82e9d328c Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 XX: I am utterly unconvinced that having "friendly, self-explanatory" names for the IBRS-frobbing inlines is useful. There be dragons diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0013-x86-Simplify-spectre_v2-command-line-parsing.patch new/patches.suse/0013-x86-Simplify-spectre_v2-command-line-parsing.patch --- old/patches.suse/0013-x86-Simplify-spectre_v2-command-line-parsing.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0013-x86-Simplify-spectre_v2-command-line-parsing.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: aac293424e30098bf91d86ddbe92ebd85b7867e2 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 [dwmw2: Don't allow IBRS if no CPU support] Signed-off-by: KarimAllah Ahmed <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0014-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch new/patches.suse/0014-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch --- old/patches.suse/0014-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0014-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 98fb68267f4d4e4d91ef449f4b4143ac4004b382 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Indirect Branch Speculation (IBS) is controlled per physical core. If one thread disables it then it's disabled for the core. If a thread enters idle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0015-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch new/patches.suse/0015-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch --- old/patches.suse/0015-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0015-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch 2018-01-31 07:59:46.000000000 +0100 @@ -5,7 +5,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 5328486188fb080dab86fa05c98d307378b61b4f Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Create macros to control Indirect Branch Speculation. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0016-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch new/patches.suse/0016-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch --- old/patches.suse/0016-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0016-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: f473ac94b4e13d8583a9ada1b4c8defd382ca4a4 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Stop Indirect Branch Speculation on every user space to kernel space transition and reenable it when returning to user space./ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch new/patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch --- old/patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0017-x86-ibrs-Add-new-helper-macros-to-save-restore-MSR_I.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: e987e4ee03081997b8385ac90dc2aa0bee2a6ee8 Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Add some helper macros to save/restore MSR_IA32_SPEC_CTRL. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch new/patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch --- old/patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/0018-x86-vmx-Direct-access-to-MSR_IA32_SPEC_CTRL.patch 2018-01-31 07:59:46.000000000 +0100 @@ -4,7 +4,7 @@ Git-repo: git://git.infradead.org/users/dwmw2/linux-retpoline.git Git-commit: 1ee306bcac933ae1778c412f52b8f93ce81aafeb Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5715 +References: bsc#1068032 CVE-2017-5753 Add direct access to MSR_IA32_SPEC_CTRL from a guest. Also save/restore IBRS values during exits and guest resume path. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/VFS-Handle-lazytime-in-do_mount.patch new/patches.suse/VFS-Handle-lazytime-in-do_mount.patch --- old/patches.suse/VFS-Handle-lazytime-in-do_mount.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/VFS-Handle-lazytime-in-do_mount.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,37 +0,0 @@ -From c737a3cd87a122fc7f85307e9b6ea17c5bf09f57 Mon Sep 17 00:00:00 2001 -From: Markus Trippelsdorf <[email protected]> -Date: Tue, 19 Sep 2017 12:37:24 +0200 -Subject: [PATCH] VFS: Handle lazytime in do_mount() -Patch-mainline: Submitted, https://patchwork.kernel.org/patch/9958653/ -References: boo#1068256 - -Since commit e462ec50cb5fa ("VFS: Differentiate mount flags (MS_*) from -internal superblock flags") the lazytime mount option didn't get passed -on anymore. - -Fix the issue by handling the option in do_mount(). - -Signed-off-by: Markus Trippelsdorf <[email protected]> -Reviewed-by: Lukas Czerner <[email protected]> -Acked-by: Goldwyn Rodrigues <[email protected]> ---- - fs/namespace.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/fs/namespace.c b/fs/namespace.c -index 23cdf6c62895..9c254f515fb6 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -2826,7 +2826,8 @@ long do_mount(const char *dev_name, const char __user *dir_name, - SB_DIRSYNC | - SB_SILENT | - SB_POSIXACL | -- SB_I_VERSION); -+ SB_I_VERSION | -+ SB_LAZYTIME); - - if (flags & MS_REMOUNT) - retval = do_remount(&path, flags, sb_flags, mnt_flags, --- -2.13.6 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-8447-serialize-subvolume-mounts-with-potentially-mi.patch new/patches.suse/btrfs-8447-serialize-subvolume-mounts-with-potentially-mi.patch --- old/patches.suse/btrfs-8447-serialize-subvolume-mounts-with-potentially-mi.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/btrfs-8447-serialize-subvolume-mounts-with-potentially-mi.patch 2018-01-31 07:59:46.000000000 +0100 @@ -16,7 +16,7 @@ --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c -@@ -1284,6 +1284,7 @@ static struct dentry *mount_subvol(const +@@ -1409,6 +1409,7 @@ static struct dentry *mount_subvol(const struct vfsmount *mnt = NULL; char *newargs; int ret; @@ -24,7 +24,7 @@ newargs = setup_root_args(data); if (!newargs) { -@@ -1291,6 +1292,24 @@ static struct dentry *mount_subvol(const +@@ -1416,6 +1417,24 @@ static struct dentry *mount_subvol(const goto out; } @@ -48,8 +48,8 @@ + mnt = vfs_kern_mount(&btrfs_fs_type, flags, device_name, newargs); if (PTR_ERR_OR_ZERO(mnt) == -EBUSY) { - if (flags & MS_RDONLY) { -@@ -1302,6 +1321,7 @@ static struct dentry *mount_subvol(const + if (flags & SB_RDONLY) { +@@ -1427,6 +1446,7 @@ static struct dentry *mount_subvol(const if (IS_ERR(mnt)) { root = ERR_CAST(mnt); mnt = NULL; @@ -57,7 +57,7 @@ goto out; } -@@ -1310,10 +1330,13 @@ static struct dentry *mount_subvol(const +@@ -1435,10 +1455,13 @@ static struct dentry *mount_subvol(const up_write(&mnt->mnt_sb->s_umount); if (ret < 0) { root = ERR_PTR(ret); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch new/patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch --- old/patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch 2018-01-31 07:59:46.000000000 +0100 @@ -28,8 +28,8 @@ --- a/fs/super.c +++ b/fs/super.c -@@ -154,6 +154,59 @@ static void destroy_super_rcu(struct rcu - schedule_work(&s->destroy_work); +@@ -137,6 +137,59 @@ static unsigned long super_cache_count(s + return total_objects; } +static bool super_dev_match(struct super_block *sb, dev_t dev) @@ -85,18 +85,18 @@ +} +EXPORT_SYMBOL_GPL(remove_anon_sbdev); + - /** - * destroy_super - frees a superblock - * @s: superblock to free -@@ -166,6 +219,7 @@ static void destroy_super(struct super_b + static void destroy_super_work(struct work_struct *work) + { + struct super_block *s = container_of(work, struct super_block, +@@ -164,6 +217,7 @@ static void destroy_unused_super(struct + list_lru_destroy(&s->s_dentry_lru); list_lru_destroy(&s->s_inode_lru); security_sb_free(s); - WARN_ON(!list_empty(&s->s_mounts)); + WARN_ON(!list_empty(&s->s_sbdevs)); put_user_ns(s->s_user_ns); kfree(s->s_subtype); - call_rcu(&s->rcu, destroy_super_rcu); -@@ -214,6 +268,7 @@ static struct super_block *alloc_super(s + /* no delays needed */ +@@ -213,6 +267,7 @@ static struct super_block *alloc_super(s spin_lock_init(&s->s_inode_list_lock); INIT_LIST_HEAD(&s->s_inodes_wb); spin_lock_init(&s->s_inode_wblist_lock); @@ -104,7 +104,7 @@ if (list_lru_init_memcg(&s->s_dentry_lru)) goto fail; -@@ -780,7 +835,7 @@ rescan: +@@ -777,7 +832,7 @@ rescan: list_for_each_entry(sb, &super_blocks, s_list) { if (hlist_unhashed(&sb->s_instances)) continue; @@ -115,7 +115,7 @@ down_read(&sb->s_umount); --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1305,6 +1305,14 @@ struct sb_writers { +@@ -1334,6 +1334,14 @@ struct sb_writers { struct percpu_rw_semaphore rw_sem[SB_FREEZE_LEVELS]; }; @@ -130,7 +130,7 @@ struct super_block { struct list_head s_list; /* Keep this first */ dev_t s_dev; /* search index; _not_ kdev_t */ -@@ -1331,6 +1339,7 @@ struct super_block { +@@ -1360,6 +1368,7 @@ struct super_block { const struct fscrypt_operations *s_cop; struct hlist_bl_head s_anon; /* anonymous dentries for (nfs) exporting */ @@ -138,7 +138,7 @@ struct list_head s_mounts; /* list of mounts; _not_ for fs use */ struct block_device *s_bdev; struct backing_dev_info *s_bdi; -@@ -2088,6 +2097,17 @@ void deactivate_locked_super(struct supe +@@ -2134,6 +2143,17 @@ void deactivate_locked_super(struct supe int set_anon_super(struct super_block *s, void *data); int get_anon_bdev(dev_t *); void free_anon_bdev(dev_t); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/crasher.patch new/patches.suse/crasher.patch --- old/patches.suse/crasher.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/crasher.patch 2018-01-31 07:59:46.000000000 +0100 @@ -28,7 +28,7 @@ --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig -@@ -590,6 +590,12 @@ config DEVPORT +@@ -575,6 +575,12 @@ config DEVPORT source "drivers/s390/char/Kconfig" @@ -43,7 +43,7 @@ depends on TILE --- a/drivers/char/Makefile +++ b/drivers/char/Makefile -@@ -52,6 +52,7 @@ obj-$(CONFIG_PCMCIA) += pcmcia/ +@@ -51,6 +51,7 @@ obj-$(CONFIG_PCMCIA) += pcmcia/ obj-$(CONFIG_HANGCHECK_TIMER) += hangcheck-timer.o obj-$(CONFIG_TCG_TPM) += tpm/ @@ -236,12 +236,12 @@ + return 0; +} + -+static void crash_timer_cb(unsigned long unused) ++static void crash_timer_cb(struct timer_list *unused) +{ + crash_now(); +} + -+static DEFINE_TIMER(crash_timer, crash_timer_cb, 0, 0); ++static DEFINE_TIMER(crash_timer, crash_timer_cb); + +static int __init crasher_init(void) +{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch new/patches.suse/dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch --- old/patches.suse/dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,46 +0,0 @@ -From: Mohamed Ghannam <[email protected]> -Date: Tue, 5 Dec 2017 20:58:35 +0000 -Subject: dccp: CVE-2017-8824: use-after-free in DCCP code -Patch-mainline: v4.15-rc3 -Git-commit: 69c64866ce072dea1d1e59a0d61e0f66c0dffb76 -References: CVE-2017-8824 bsc#1070771 - -Whenever the sock object is in DCCP_CLOSED state, -dccp_disconnect() must free dccps_hc_tx_ccid and -dccps_hc_rx_ccid and set to NULL. - -Signed-off-by: Mohamed Ghannam <[email protected]> -Reviewed-by: Eric Dumazet <[email protected]> -Signed-off-by: David S. Miller <[email protected]> -Acked-by: Michal Kubecek <[email protected]> - ---- - net/dccp/proto.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/net/dccp/proto.c b/net/dccp/proto.c -index b68168fcc06a..9d43c1f40274 100644 ---- a/net/dccp/proto.c -+++ b/net/dccp/proto.c -@@ -259,6 +259,7 @@ int dccp_disconnect(struct sock *sk, int flags) - { - struct inet_connection_sock *icsk = inet_csk(sk); - struct inet_sock *inet = inet_sk(sk); -+ struct dccp_sock *dp = dccp_sk(sk); - int err = 0; - const int old_state = sk->sk_state; - -@@ -278,6 +279,10 @@ int dccp_disconnect(struct sock *sk, int flags) - sk->sk_err = ECONNRESET; - - dccp_clear_xmit_timers(sk); -+ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); -+ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); -+ dp->dccps_hc_rx_ccid = NULL; -+ dp->dccps_hc_tx_ccid = NULL; - - __skb_queue_purge(&sk->sk_receive_queue); - __skb_queue_purge(&sk->sk_write_queue); --- -2.15.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/dm-mpath-accept-failed-paths new/patches.suse/dm-mpath-accept-failed-paths --- old/patches.suse/dm-mpath-accept-failed-paths 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/dm-mpath-accept-failed-paths 2018-01-31 07:59:46.000000000 +0100 @@ -13,9 +13,9 @@ Signed-off-by: Hannes Reinecke <[email protected]> --- - drivers/md/dm-mpath.c | 112 +++++++++++++++++++++++++++++++++++++------------- - drivers/md/dm-mpath.h | 1 - drivers/md/dm-table.c | 3 + + drivers/md/dm-mpath.c | 112 +++++++++++++++++++++++++++++++++++++------------- + drivers/md/dm-mpath.h | 1 + + drivers/md/dm-table.c | 3 ++ 3 files changed, 88 insertions(+), 28 deletions(-) --- a/drivers/md/dm-mpath.c @@ -40,7 +40,7 @@ if (unlikely(READ_ONCE(m->current_pg) != pg)) { /* Only update current_pgpath if pg changed */ spin_lock_irqsave(&m->lock, flags); -@@ -469,7 +473,7 @@ static int multipath_clone_and_map(struc +@@ -501,7 +505,7 @@ static int multipath_clone_and_map(struc struct pgpath *pgpath; struct block_device *bdev; struct dm_mpath_io *mpio = get_mpio(map_context); @@ -49,7 +49,7 @@ struct request *clone; /* Do we need to select a new pgpath? */ -@@ -493,12 +497,16 @@ static int multipath_clone_and_map(struc +@@ -525,12 +529,16 @@ static int multipath_clone_and_map(struc mpio->pgpath = pgpath; mpio->nr_bytes = nr_bytes; @@ -70,16 +70,16 @@ if (queue_dying) { atomic_inc(&m->pg_init_in_progress); activate_or_offline_path(pgpath); -@@ -552,7 +560,7 @@ static int __multipath_map_bio(struct mu +@@ -584,7 +592,7 @@ static int __multipath_map_bio(struct mu return DM_MAPIO_SUBMITTED; } - if (!pgpath) { + if (!pgpath || !pgpath->path.dev) { - if (test_bit(MPATHF_QUEUE_IF_NO_PATH, &m->flags)) + if (must_push_back_bio(m)) return DM_MAPIO_REQUEUE; dm_report_EIO(m); -@@ -734,6 +742,7 @@ static struct pgpath *parse_path(struct +@@ -757,6 +765,7 @@ static struct pgpath *parse_path(struct { int r; struct pgpath *p; @@ -87,7 +87,7 @@ struct multipath *m = ti->private; struct request_queue *q = NULL; const char *attached_handler_name; -@@ -748,17 +757,40 @@ static struct pgpath *parse_path(struct +@@ -771,17 +780,40 @@ static struct pgpath *parse_path(struct if (!p) return ERR_PTR(-ENOMEM); @@ -133,7 +133,7 @@ retain: attached_handler_name = scsi_dh_attached_handler_name(q, GFP_KERNEL); if (attached_handler_name) { -@@ -782,7 +814,7 @@ retain: +@@ -805,7 +837,7 @@ retain: } } @@ -142,7 +142,7 @@ r = scsi_dh_attach(q, m->hw_handler_name); if (r == -EBUSY) { char b[BDEVNAME_SIZE]; -@@ -810,10 +842,16 @@ retain: +@@ -833,10 +865,16 @@ retain: r = ps->type->add_path(ps, &p->path, as->argc, as->argv, &ti->error); if (r) { @@ -160,7 +160,7 @@ return p; bad: -@@ -1158,10 +1196,10 @@ static int fail_path(struct pgpath *pgpa +@@ -1181,10 +1219,10 @@ static int fail_path(struct pgpath *pgpa spin_lock_irqsave(&m->lock, flags); @@ -173,7 +173,7 @@ pgpath->pg->ps.type->fail_path(&pgpath->pg->ps, &pgpath->path); pgpath->is_active = false; -@@ -1173,7 +1211,7 @@ static int fail_path(struct pgpath *pgpa +@@ -1196,7 +1234,7 @@ static int fail_path(struct pgpath *pgpa m->current_pgpath = NULL; dm_path_uevent(DM_UEVENT_PATH_FAILED, m->ti, @@ -182,7 +182,7 @@ schedule_work(&m->trigger_event); -@@ -1198,7 +1236,13 @@ static int reinstate_path(struct pgpath +@@ -1221,7 +1259,13 @@ static int reinstate_path(struct pgpath if (pgpath->is_active) goto out; @@ -197,7 +197,7 @@ r = pgpath->pg->ps.type->reinstate_path(&pgpath->pg->ps, &pgpath->path); if (r) -@@ -1216,7 +1260,7 @@ static int reinstate_path(struct pgpath +@@ -1239,7 +1283,7 @@ static int reinstate_path(struct pgpath } dm_path_uevent(DM_UEVENT_PATH_REINSTATED, m->ti, @@ -206,7 +206,7 @@ schedule_work(&m->trigger_event); -@@ -1240,6 +1284,9 @@ static int action_dev(struct multipath * +@@ -1263,6 +1307,9 @@ static int action_dev(struct multipath * struct pgpath *pgpath; struct priority_group *pg; @@ -216,7 +216,7 @@ list_for_each_entry(pg, &m->priority_groups, list) { list_for_each_entry(pgpath, &pg->pgpaths, list) { if (pgpath->path.dev == dev) -@@ -1436,12 +1483,15 @@ out: +@@ -1459,12 +1506,15 @@ out: static void activate_or_offline_path(struct pgpath *pgpath) { @@ -237,7 +237,7 @@ } static void activate_path_work(struct work_struct *work) -@@ -1693,7 +1743,7 @@ static void multipath_status(struct dm_t +@@ -1720,7 +1770,7 @@ static void multipath_status(struct dm_t pg->ps.type->info_args); list_for_each_entry(p, &pg->pgpaths, list) { @@ -246,7 +246,7 @@ p->is_active ? "A" : "F", p->fail_count); if (pg->ps.type->status) -@@ -1719,7 +1769,7 @@ static void multipath_status(struct dm_t +@@ -1746,7 +1796,7 @@ static void multipath_status(struct dm_t pg->ps.type->table_args); list_for_each_entry(p, &pg->pgpaths, list) { @@ -255,7 +255,7 @@ if (pg->ps.type->status) sz += pg->ps.type->status(&pg->ps, &p->path, type, result + sz, -@@ -1806,7 +1856,7 @@ static int multipath_prepare_ioctl(struc +@@ -1833,7 +1883,7 @@ static int multipath_prepare_ioctl(struc if (!current_pgpath) current_pgpath = choose_pgpath(m, 0); @@ -264,7 +264,7 @@ if (!test_bit(MPATHF_QUEUE_IO, &m->flags)) { *bdev = current_pgpath->path.dev->bdev; *mode = current_pgpath->path.dev->mode; -@@ -1852,6 +1902,8 @@ static int multipath_iterate_devices(str +@@ -1879,6 +1929,8 @@ static int multipath_iterate_devices(str list_for_each_entry(pg, &m->priority_groups, list) { list_for_each_entry(p, &pg->pgpaths, list) { @@ -273,7 +273,7 @@ ret = fn(ti, p->path.dev, ti->begin, ti->len, data); if (ret) goto out; -@@ -1864,8 +1916,12 @@ out: +@@ -1891,8 +1943,12 @@ out: static int pgpath_busy(struct pgpath *pgpath) { @@ -299,7 +299,7 @@ }; --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c -@@ -504,6 +504,9 @@ void dm_put_device(struct dm_target *ti, +@@ -505,6 +505,9 @@ void dm_put_device(struct dm_target *ti, struct list_head *devices = &ti->table->devices; struct dm_dev_internal *dd; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/dm-table-switch-to-readonly new/patches.suse/dm-table-switch-to-readonly --- old/patches.suse/dm-table-switch-to-readonly 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/dm-table-switch-to-readonly 2018-01-31 07:59:46.000000000 +0100 @@ -15,9 +15,21 @@ drivers/md/dm.c | 17 +++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) +--- a/drivers/md/dm-table.c ++++ b/drivers/md/dm-table.c +@@ -451,6 +451,9 @@ int dm_get_device(struct dm_target *ti, + return r; + } + ++ if (dd->dm_dev->mode != mode) ++ t->mode = dd->dm_dev->mode; ++ + refcount_set(&dd->count, 1); + list_add(&dd->list, &t->devices); + goto out; --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -397,16 +397,25 @@ int dm_deleting_md(struct mapped_device +@@ -301,16 +301,25 @@ int dm_deleting_md(struct mapped_device static int dm_blk_open(struct block_device *bdev, fmode_t mode) { struct mapped_device *md; @@ -44,7 +56,7 @@ goto out; } -@@ -416,7 +425,7 @@ static int dm_blk_open(struct block_devi +@@ -319,7 +328,7 @@ static int dm_blk_open(struct block_devi out: spin_unlock(&_minor_lock); @@ -53,7 +65,7 @@ } static void dm_blk_close(struct gendisk *disk, fmode_t mode) -@@ -752,7 +761,12 @@ int dm_get_table_device(struct mapped_de +@@ -678,7 +687,12 @@ int dm_get_table_device(struct mapped_de td->dm_dev.mode = mode; td->dm_dev.bdev = NULL; @@ -67,7 +79,7 @@ mutex_unlock(&md->table_devices_lock); kfree(td); return r; -@@ -2347,6 +2361,10 @@ static struct dm_table *__bind(struct ma +@@ -1926,6 +1940,10 @@ static struct dm_table *__bind(struct ma md->immutable_target_type = dm_table_get_immutable_target_type(t); dm_table_set_restrictions(t, q, limits); @@ -78,15 +90,3 @@ if (old_map) dm_sync_table(md); ---- a/drivers/md/dm-table.c -+++ b/drivers/md/dm-table.c -@@ -404,6 +404,9 @@ int dm_get_device(struct dm_target *ti, - return r; - } - -+ if (dd->dm_dev->mode != mode) -+ t->mode = dd->dm_dev->mode; -+ - atomic_set(&dd->count, 0); - list_add(&dd->list, &t->devices); - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch new/patches.suse/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch --- old/patches.suse/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/netfilter-nfnetlink_cthelper-Add-missing-permission-.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,82 +0,0 @@ -From: Kevin Cernekee <[email protected]> -Date: Sun, 3 Dec 2017 12:12:45 -0800 -Subject: netfilter: nfnetlink_cthelper: Add missing permission checks -Patch-mainline: 4.15-rc4 -Git-commit: 4b380c42f7d00a395feede754f0bc2292eebe6e5 -References: CVE-2017-17448 bsc#1071693 - -The capability check in nfnetlink_rcv() verifies that the caller -has CAP_NET_ADMIN in the namespace that "owns" the netlink socket. -However, nfnl_cthelper_list is shared by all net namespaces on the -system. An unprivileged user can create user and net namespaces -in which he holds CAP_NET_ADMIN to bypass the netlink_net_capable() -check: - - $ nfct helper list - nfct v1.4.4: netlink error: Operation not permitted - $ vpnns -- nfct helper list - { - .name = ftp, - .queuenum = 0, - .l3protonum = 2, - .l4protonum = 6, - .priv_data_len = 24, - .status = enabled, - }; - -Add capable() checks in nfnetlink_cthelper, as this is cleaner than -trying to generalize the solution. - -Signed-off-by: Kevin Cernekee <[email protected]> -Signed-off-by: Pablo Neira Ayuso <[email protected]> -Acked-by: Michal Kubecek <[email protected]> - ---- - net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c -index 41628b393673..d33ce6d5ebce 100644 ---- a/net/netfilter/nfnetlink_cthelper.c -+++ b/net/netfilter/nfnetlink_cthelper.c -@@ -17,6 +17,7 @@ - #include <linux/types.h> - #include <linux/list.h> - #include <linux/errno.h> -+#include <linux/capability.h> - #include <net/netlink.h> - #include <net/sock.h> - -@@ -407,6 +408,9 @@ static int nfnl_cthelper_new(struct net *net, struct sock *nfnl, - struct nfnl_cthelper *nlcth; - int ret = 0; - -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; -+ - if (!tb[NFCTH_NAME] || !tb[NFCTH_TUPLE]) - return -EINVAL; - -@@ -611,6 +615,9 @@ static int nfnl_cthelper_get(struct net *net, struct sock *nfnl, - struct nfnl_cthelper *nlcth; - bool tuple_set = false; - -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; -+ - if (nlh->nlmsg_flags & NLM_F_DUMP) { - struct netlink_dump_control c = { - .dump = nfnl_cthelper_dump_table, -@@ -678,6 +685,9 @@ static int nfnl_cthelper_del(struct net *net, struct sock *nfnl, - struct nfnl_cthelper *nlcth, *n; - int j = 0, ret; - -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; -+ - if (tb[NFCTH_NAME]) - helper_name = nla_data(tb[NFCTH_NAME]); - --- -2.15.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/netfilter-xt_osf-Add-missing-permission-checks.patch new/patches.suse/netfilter-xt_osf-Add-missing-permission-checks.patch --- old/patches.suse/netfilter-xt_osf-Add-missing-permission-checks.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/netfilter-xt_osf-Add-missing-permission-checks.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,64 +0,0 @@ -From: Kevin Cernekee <[email protected]> -Date: Tue, 5 Dec 2017 15:42:41 -0800 -Subject: netfilter: xt_osf: Add missing permission checks -Patch-mainline: 4.15-rc4 -Git-commit: 916a27901de01446bcf57ecca4783f6cff493309 -References: CVE-2017-17450 bsc#1071695 - -The capability check in nfnetlink_rcv() verifies that the caller -has CAP_NET_ADMIN in the namespace that "owns" the netlink socket. -However, xt_osf_fingers is shared by all net namespaces on the -system. An unprivileged user can create user and net namespaces -in which he holds CAP_NET_ADMIN to bypass the netlink_net_capable() -check: - - vpnns -- nfnl_osf -f /tmp/pf.os - - vpnns -- nfnl_osf -f /tmp/pf.os -d - -These non-root operations successfully modify the systemwide OS -fingerprint list. Add new capable() checks so that they can't. - -Signed-off-by: Kevin Cernekee <[email protected]> -Signed-off-by: Pablo Neira Ayuso <[email protected]> -Acked-by: Michal Kubecek <[email protected]> - ---- - net/netfilter/xt_osf.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c -index 36e14b1f061d..a34f314a8c23 100644 ---- a/net/netfilter/xt_osf.c -+++ b/net/netfilter/xt_osf.c -@@ -19,6 +19,7 @@ - #include <linux/module.h> - #include <linux/kernel.h> - -+#include <linux/capability.h> - #include <linux/if.h> - #include <linux/inetdevice.h> - #include <linux/ip.h> -@@ -70,6 +71,9 @@ static int xt_osf_add_callback(struct net *net, struct sock *ctnl, - struct xt_osf_finger *kf = NULL, *sf; - int err = 0; - -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; -+ - if (!osf_attrs[OSF_ATTR_FINGER]) - return -EINVAL; - -@@ -115,6 +119,9 @@ static int xt_osf_remove_callback(struct net *net, struct sock *ctnl, - struct xt_osf_finger *sf; - int err = -ENOENT; - -+ if (!capable(CAP_NET_ADMIN)) -+ return -EPERM; -+ - if (!osf_attrs[OSF_ATTR_FINGER]) - return -EINVAL; - --- -2.15.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/revert-futex-Prevent-overflow-by-strengthen-input-va.patch new/patches.suse/revert-futex-Prevent-overflow-by-strengthen-input-va.patch --- old/patches.suse/revert-futex-Prevent-overflow-by-strengthen-input-va.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/revert-futex-Prevent-overflow-by-strengthen-input-va.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,33 +0,0 @@ -From: Jiri Slaby <[email protected]> -Date: Thu, 25 Jan 2018 14:17:07 +0100 -Subject: Revert "futex: Prevent overflow by strengthen input validation" -Patch-mainline: submitted 25/1/2018 -References: 4.14.15-fix - -This reverts commit 17ae6ccfe5dd85605dc44534348b506f95d16a61, upstream -commit fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a. It breaks strace's -tests: -futex(0x7ff568b44ffc, 0x3, 0xfacefeed, 0xbadda7a0ca7b100d, 0x7ff568b44ffc, 0x9caffee1) = -1: Invalid argument - -Signed-off-by: Jiri Slaby <[email protected]> ---- - kernel/futex.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/kernel/futex.c b/kernel/futex.c -index 52b3f47031..29ac5b64e7 100644 ---- a/kernel/futex.c -+++ b/kernel/futex.c -@@ -1878,9 +1878,6 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, - struct futex_q *this, *next; - DEFINE_WAKE_Q(wake_q); - -- if (nr_wake < 0 || nr_requeue < 0) -- return -EINVAL; -- - /* - * When PI not supported: return -ENOSYS if requeue_pi is true, - * consequently the compiler knows requeue_pi is always false past --- -2.15.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/revert-module-Add-retpoline-tag-to-VERMAGIC.patch new/patches.suse/revert-module-Add-retpoline-tag-to-VERMAGIC.patch --- old/patches.suse/revert-module-Add-retpoline-tag-to-VERMAGIC.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/revert-module-Add-retpoline-tag-to-VERMAGIC.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,56 +0,0 @@ -From: Greg Kroah-Hartman <[email protected]> -Date: Wed, 24 Jan 2018 15:28:17 +0100 -Subject: Revert "module: Add retpoline tag to VERMAGIC" -Git-commit: 5132ede0fe8092b043dae09a7cc32b8ae7272baa -Patch-mainline: v4.15 -References: fix loading of KMPs - -This reverts commit 6cfb521ac0d5b97470883ff9b7facae264b7ab12. - -Turns out distros do not want to make retpoline as part of their "ABI", -so this patch should not have been merged. Sorry Andi, this was my -fault, I suggested it when your original patch was the "correct" way of -doing this instead. - -Reported-by: Jiri Kosina <[email protected]> -Fixes: 6cfb521ac0d5 ("module: Add retpoline tag to VERMAGIC") -Acked-by: Andi Kleen <[email protected]> -Cc: Thomas Gleixner <[email protected]> -Cc: David Woodhouse <[email protected]> -Cc: [email protected] -Cc: [email protected] -Cc: [email protected] -Cc: stable <[email protected]> -Signed-off-by: Greg Kroah-Hartman <[email protected]> -Signed-off-by: Linus Torvalds <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - include/linux/vermagic.h | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h -index 853291714ae0..bae807eb2933 100644 ---- a/include/linux/vermagic.h -+++ b/include/linux/vermagic.h -@@ -31,17 +31,11 @@ - #else - #define MODULE_RANDSTRUCT_PLUGIN - #endif --#ifdef RETPOLINE --#define MODULE_VERMAGIC_RETPOLINE "retpoline " --#else --#define MODULE_VERMAGIC_RETPOLINE "" --#endif - - #define VERMAGIC_STRING \ - UTS_RELEASE " " \ - MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \ - MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \ - MODULE_ARCH_VERMAGIC \ -- MODULE_RANDSTRUCT_PLUGIN \ -- MODULE_VERMAGIC_RETPOLINE -+ MODULE_RANDSTRUCT_PLUGIN - --- -2.16.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/scsi-libfc-fix-ELS-request-handling.patch new/patches.suse/scsi-libfc-fix-ELS-request-handling.patch --- old/patches.suse/scsi-libfc-fix-ELS-request-handling.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/scsi-libfc-fix-ELS-request-handling.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,41 +0,0 @@ -From b998b7a35e03adad919b42c729e54e40aa7d1556 Mon Sep 17 00:00:00 2001 -From: Martin Wilck <[email protected]> -Date: Sat, 25 Nov 2017 19:21:56 +0100 -Subject: [PATCH] scsi: libfc: fix ELS request handling -Patch-mainline: 4.15-rc4 -Git-commit: fe55e79536a37348dcb0b7177ee5fda6deccb99a -References: bsc#1069801 - -The modification of fc_lport_recv_els_req() in commit fcabb09e59a7 -(merged in 4.12-rc1) caused certain requests not to be handled at all. -Fix that. - -Fixes: fcabb09e59a7 "scsi: libfc: directly call ELS request handlers" -Signed-off-by: Martin Wilck <[email protected]> -Reviewed-by: Johannes Thumshirn <[email protected]> ---- - drivers/scsi/libfc/fc_lport.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c -index 2fd0ec651170..787e82435241 100644 ---- a/drivers/scsi/libfc/fc_lport.c -+++ b/drivers/scsi/libfc/fc_lport.c -@@ -904,10 +904,14 @@ static void fc_lport_recv_els_req(struct fc_lport *lport, - case ELS_FLOGI: - if (!lport->point_to_multipoint) - fc_lport_recv_flogi_req(lport, fp); -+ else -+ fc_rport_recv_req(lport, fp); - break; - case ELS_LOGO: - if (fc_frame_sid(fp) == FC_FID_FLOGI) - fc_lport_recv_logo_req(lport, fp); -+ else -+ fc_rport_recv_req(lport, fp); - break; - case ELS_RSCN: - lport->tt.disc_recv_req(lport, fp); --- -2.15.0 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/supported-flag new/patches.suse/supported-flag --- old/patches.suse/supported-flag 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/supported-flag 2018-01-31 07:59:46.000000000 +0100 @@ -29,7 +29,7 @@ --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4220,6 +4220,14 @@ +@@ -4191,6 +4191,14 @@ unknown_nmi_panic [X86] Cause panic on unknown NMI. @@ -46,7 +46,7 @@ (default -1 = authorized except for wireless USB, --- a/Documentation/sysctl/kernel.txt +++ b/Documentation/sysctl/kernel.txt -@@ -975,6 +975,18 @@ can be ORed together: +@@ -963,6 +963,18 @@ can be ORed together: signature. 16384 - A soft lockup has previously occurred on the system. 32768 - The kernel has been live patched. @@ -67,7 +67,7 @@ --- a/Makefile +++ b/Makefile -@@ -405,6 +405,11 @@ KBUILD_CFLAGS_MODULE := -DMODULE +@@ -409,6 +409,11 @@ KBUILD_AFLAGS_MODULE := -DMODULE KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds GCC_PLUGINS_CFLAGS := @@ -76,12 +76,12 @@ +CFLAGS += -DUNSUPPORTED_MODULES=2 +endif + - # Read KERNELRELEASE from include/config/kernel.release (if it exists) - KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) - KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION) + export ARCH SRCARCH CONFIG_SHELL HOSTCC HOSTCFLAGS CROSS_COMPILE AS LD CC + export CPP AR NM STRIP OBJCOPY OBJDUMP HOSTLDFLAGS HOST_LOADLIBES + export MAKE AWK GENKSYMS INSTALLKERNEL PERL PYTHON UTS_MACHINE --- a/include/linux/kernel.h +++ b/include/linux/kernel.h -@@ -487,6 +487,9 @@ extern int panic_on_unrecovered_nmi; +@@ -458,6 +458,9 @@ extern int panic_on_unrecovered_nmi; extern int panic_on_io_nmi; extern int panic_on_warn; extern int sysctl_panic_on_rcu_stall; @@ -91,22 +91,6 @@ extern int sysctl_panic_on_stackoverflow; extern bool crash_kexec_post_notifiers; -@@ -551,6 +554,15 @@ extern enum system_states { - #define TAINT_LIVEPATCH 15 - #define TAINT_FLAGS_COUNT 16 - -+#ifdef CONFIG_SUSE_KERNEL_SUPPORTED -+/* -+ * Take the upper bits to hopefully allow them -+ * to stay the same for more than one release. -+ */ -+#define TAINT_NO_SUPPORT 30 -+#define TAINT_EXTERNAL_SUPPORT 31 -+#endif -+ - struct taint_flag { - char c_true; /* character printed when tainted */ - char c_false; /* character printed when not tainted */ --- a/include/linux/module.h +++ b/include/linux/module.h @@ -496,6 +496,9 @@ bool is_module_address(unsigned long add @@ -234,14 +218,14 @@ +static void setup_modinfo_supported(struct module *mod, const char *s) +{ + if (!s) { -+ mod->taints |= (1 << TAINT_NO_SUPPORT); ++ mod->taints |= (1 << TAINT_AUX); + return; + } + + if (strcmp(s, "external") == 0) -+ mod->taints |= (1 << TAINT_EXTERNAL_SUPPORT); ++ return; + else if (strcmp(s, "yes")) -+ mod->taints |= (1 << TAINT_NO_SUPPORT); ++ mod->taints |= (1 << TAINT_AUX); +} + +static ssize_t show_modinfo_supported(struct module_attribute *mattr, @@ -270,14 +254,12 @@ #ifdef CONFIG_MODULE_UNLOAD &modinfo_refcnt, #endif -@@ -1808,9 +1860,36 @@ static int mod_sysfs_setup(struct module +@@ -1808,9 +1860,34 @@ static int mod_sysfs_setup(struct module add_sect_attrs(mod, info); add_notes_attrs(mod, info); +#ifdef CONFIG_SUSE_KERNEL_SUPPORTED -+ if (mod->taints & (1 << TAINT_EXTERNAL_SUPPORT)) -+ add_taint(TAINT_EXTERNAL_SUPPORT, LOCKDEP_STILL_OK); -+ else if (mod->taints & (1 << TAINT_NO_SUPPORT)) { ++ if (mod->taints & (1 << TAINT_AUX)) { + if (suse_unsupported == 0) { + printk(KERN_WARNING "%s: module not supported by " + "SUSE, refusing to load. To override, echo " @@ -285,7 +267,7 @@ + err = -ENOEXEC; + goto out_remove_attrs; + } -+ add_taint(TAINT_NO_SUPPORT, LOCKDEP_STILL_OK); ++ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); + if (suse_unsupported == 1) { + printk(KERN_WARNING "%s: module is not supported by " + "SUSE. Our support organization may not be " @@ -317,31 +299,9 @@ } #ifdef CONFIG_MODVERSIONS ---- a/kernel/panic.c -+++ b/kernel/panic.c -@@ -322,6 +322,10 @@ const struct taint_flag taint_flags[TAIN - { 'E', ' ', true }, /* TAINT_UNSIGNED_MODULE */ - { 'L', ' ', false }, /* TAINT_SOFTLOCKUP */ - { 'K', ' ', true }, /* TAINT_LIVEPATCH */ -+#ifdef CONFIG_SUSE_KERNEL_SUPPORTED -+ { 'N', ' ', true }, /* TAINT_NO_SUPPORT */ -+ { 'X', ' ', true }, /* TAINT_EXTERNAL_SUPPORT */ -+#endif - }; - - /** -@@ -343,6 +347,8 @@ const struct taint_flag taint_flags[TAIN - * 'E' - Unsigned module has been loaded. - * 'L' - A soft lockup has previously occurred. - * 'K' - Kernel has been live patched. -+ * 'N' - Unsuported modules loaded. -+ * 'X' - Modules with external support loaded. - * - * The string is overwritten by the next call to print_tainted(). - */ --- a/kernel/sysctl.c +++ b/kernel/sysctl.c -@@ -791,6 +791,15 @@ static struct ctl_table kern_table[] = { +@@ -790,6 +790,15 @@ static struct ctl_table kern_table[] = { .extra1 = &pid_max_min, .extra2 = &pid_max_max, }, @@ -359,7 +319,7 @@ .data = &panic_on_oops, --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost -@@ -79,7 +79,11 @@ modpost = scripts/mod/modpost +@@ -78,7 +78,11 @@ modpost = scripts/mod/modpost $(if $(KBUILD_EXTMOD),-o $(modulesymfile)) \ $(if $(CONFIG_DEBUG_SECTION_MISMATCH),,-S) \ $(if $(CONFIG_SECTION_MISMATCH_WARN_ONLY),,-E) \ @@ -374,7 +334,7 @@ --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -1941,6 +1941,50 @@ static char *remove_dot(char *s) +@@ -1940,6 +1940,50 @@ static char *remove_dot(char *s) return s; } @@ -425,7 +385,7 @@ static void read_symbols(char *modname) { const char *symname; -@@ -2173,6 +2217,15 @@ static void add_staging_flag(struct buff +@@ -2160,6 +2204,15 @@ static void add_staging_flag(struct buff buf_printf(b, "\nMODULE_INFO(staging, \"Y\");\n"); } @@ -441,7 +401,7 @@ /** * Record CRCs for unresolved symbols **/ -@@ -2320,6 +2373,15 @@ static void write_if_changed(struct buff +@@ -2307,6 +2360,15 @@ static void write_if_changed(struct buff fclose(file); } @@ -457,7 +417,7 @@ /* parse Module.symvers file. line format: * 0x12345678<tab>symbol<tab>module[[<tab>export]<tab>something] **/ -@@ -2416,12 +2478,15 @@ int main(int argc, char **argv) +@@ -2403,12 +2465,15 @@ int main(int argc, char **argv) struct buffer buf = { }; char *kernel_read = NULL, *module_read = NULL; char *dump_write = NULL, *files_source = NULL; @@ -474,7 +434,7 @@ switch (opt) { case 'i': kernel_read = optarg; -@@ -2465,11 +2530,20 @@ int main(int argc, char **argv) +@@ -2452,11 +2517,20 @@ int main(int argc, char **argv) case 'E': sec_mismatch_fatal = 1; break; @@ -495,7 +455,7 @@ if (kernel_read) read_dump(kernel_read, 1); if (module_read) -@@ -2507,6 +2581,9 @@ int main(int argc, char **argv) +@@ -2493,6 +2567,9 @@ int main(int argc, char **argv) add_header(&buf, mod); add_intree_flag(&buf, !external_module); add_staging_flag(&buf, mod->name); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/suse-hv-guest-os-id.patch new/patches.suse/suse-hv-guest-os-id.patch --- old/patches.suse/suse-hv-guest-os-id.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/suse-hv-guest-os-id.patch 2018-01-31 07:59:46.000000000 +0100 @@ -15,7 +15,7 @@ --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c -@@ -112,6 +112,8 @@ void hyperv_init(void) +@@ -113,6 +113,8 @@ void hyperv_init(void) { u64 guest_id; union hv_x64_msr_hypercall_contents hypercall_msr; @@ -24,7 +24,7 @@ if (x86_hyper_type != X86_HYPER_MS_HYPERV) return; -@@ -131,7 +133,7 @@ void hyperv_init(void) +@@ -122,7 +124,7 @@ void hyperv_init(void) * 1. Register the guest ID * 2. Enable the hypercall and register the hypercall page */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc new/patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc --- old/patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc 2018-01-31 07:59:46.000000000 +0100 @@ -36,15 +36,15 @@ #if defined(_SYS_XATTR_H) #define __UAPI_DEF_XATTR 0 @@ -205,6 +212,9 @@ - #define __UAPI_DEF_IPX_CONFIG_DATA 1 #define __UAPI_DEF_IPX_ROUTE_DEF 1 + #endif +/* Definitions for uio.h */ +#define __UAPI_DEF_IOVEC 1 + /* Definitions for xattr.h */ + #ifndef __UAPI_DEF_XATTR #define __UAPI_DEF_XATTR 1 - --- a/include/uapi/linux/uio.h +++ b/include/uapi/linux/uio.h @@ -9,15 +9,18 @@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/x86-stacktrace-Avoid-recording-save_stack_trace-wrap.patch new/patches.suse/x86-stacktrace-Avoid-recording-save_stack_trace-wrap.patch --- old/patches.suse/x86-stacktrace-Avoid-recording-save_stack_trace-wrap.patch 2018-01-29 09:15:43.000000000 +0100 +++ new/patches.suse/x86-stacktrace-Avoid-recording-save_stack_trace-wrap.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,75 +0,0 @@ -From: Vlastimil Babka <[email protected]> -Date: Fri, 29 Sep 2017 11:23:35 +0200 -Subject: x86/stacktrace: Avoid recording save_stack_trace() wrappers -Git-commit: 77072f09eab19326dd2424c8dad0a443341a228f -Patch-mainline: 4.15-rc1 -References: bnc#1058115 - -The save_stack_trace() and save_stack_trace_tsk() wrappers of -__save_stack_trace() add themselves to the call stack, and thus appear in the -recorded stacktraces. This is redundant and wasteful when we have limited space -to record the useful part of the backtrace with e.g. page_owner functionality. - -Fix this by making sure __save_stack_trace() is noinline (which matches the -current gcc decision) and bumping the skip in the wrappers -(save_stack_trace_tsk() only when called for the current task). This is similar -to what was done for arm in 3683f44c42e9 ("ARM: stacktrace: avoid listing -stacktrace functions in stacktrace") and is pending for arm64. - -Also make sure that __save_stack_trace_reliable() doesn't get this problem in -the future by marking it __always_inline (which matches current gcc decision), -per Josh Poimboeuf. - -Signed-off-by: Vlastimil Babka <[email protected]> -Acked-by: Josh Poimboeuf <[email protected]> -Cc: Linus Torvalds <[email protected]> -Cc: Miroslav Benes <[email protected]> -Cc: Peter Zijlstra <[email protected]> -Cc: Thomas Gleixner <[email protected]> -Link: http://lkml.kernel.org/r/[email protected] -Signed-off-by: Ingo Molnar <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - arch/x86/kernel/stacktrace.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - ---- a/arch/x86/kernel/stacktrace.c -+++ b/arch/x86/kernel/stacktrace.c -@@ -30,7 +30,7 @@ static int save_stack_address(struct sta - return 0; - } - --static void __save_stack_trace(struct stack_trace *trace, -+static void noinline __save_stack_trace(struct stack_trace *trace, - struct task_struct *task, struct pt_regs *regs, - bool nosched) - { -@@ -56,6 +56,7 @@ static void __save_stack_trace(struct st - */ - void save_stack_trace(struct stack_trace *trace) - { -+ trace->skip++; - __save_stack_trace(trace, current, NULL, false); - } - EXPORT_SYMBOL_GPL(save_stack_trace); -@@ -70,6 +71,8 @@ void save_stack_trace_tsk(struct task_st - if (!try_get_task_stack(tsk)) - return; - -+ if (tsk == current) -+ trace->skip++; - __save_stack_trace(trace, tsk, NULL, true); - - put_task_stack(tsk); -@@ -88,8 +91,9 @@ EXPORT_SYMBOL_GPL(save_stack_trace_tsk); - } \ - }) - --static int __save_stack_trace_reliable(struct stack_trace *trace, -- struct task_struct *task) -+static int __always_inline -+__save_stack_trace_reliable(struct stack_trace *trace, -+ struct task_struct *task) - { - struct unwind_state state; - struct pt_regs *regs; ++++++ series.conf ++++++ ++++ 1556 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/series.conf ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new/series.conf ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.6xbGKJ/_old 2018-02-01 21:27:56.205145584 +0100 +++ /var/tmp/diff_new_pack.6xbGKJ/_new 2018-02-01 21:27:56.209145398 +0100 @@ -1,3 +1,3 @@ -2018-01-29 09:15:43 +0100 -GIT Revision: 9a6fca576ed483a18c4ef64b85e247fcb33e4c1b +2018-01-31 08:03:28 +0100 +GIT Revision: ac017470b9f9e7c85b28bb48f40b3116c8fe68c7 GIT Branch: stable
