Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2018-03-19 23:33:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Mon Mar 19 23:33:35 2018 rev:414 rq:588011 version:4.15.10 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2018-03-16 10:36:15.703785005 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2018-03-19 23:33:36.991659839 +0100 @@ -1,0 +2,265 @@ +Thu Mar 15 21:31:17 CET 2018 - [email protected] + +- Linux 4.15.10 (bnc#1012628). +- RDMA/ucma: Limit possible option size (bnc#1012628). +- RDMA/ucma: Check that user doesn't overflow QP state + (bnc#1012628). +- RDMA/mlx5: Fix integer overflow while resizing CQ (bnc#1012628). +- IB/uverbs: Improve lockdep_check (bnc#1012628). +- mac80211_hwsim: don't use WQ_MEM_RECLAIM (bnc#1012628). +- net/smc: fix NULL pointer dereference on sock_create_kern() + error path (bnc#1012628). +- regulator: stm32-vrefbuf: fix check on ready flag (bnc#1012628). +- drm/i915: Check for fused or unused pipes (bnc#1012628). +- drm/i915/audio: fix check for av_enc_map overflow (bnc#1012628). +- drm/i915: Fix rsvd2 mask when out-fence is returned + (bnc#1012628). +- drm/i915: Clear the in-use marker on execbuf failure + (bnc#1012628). +- drm/i915: Disable DC states around GMBUS on GLK (bnc#1012628). +- drm/i915: Update watermark state correctly in + sanitize_watermarks (bnc#1012628). +- drm/i915: Try EDID bitbanging on HDMI after failed read + (bnc#1012628). +- drm/i915/perf: fix perf stream opening lock (bnc#1012628). +- scsi: core: Avoid that ATA error handling can trigger a kernel + hang or oops (bnc#1012628). +- scsi: qla2xxx: Fix NULL pointer crash due to active timer for + ABTS (bnc#1012628). +- drm/i915: Always call to intel_display_set_init_power() in + resume_early (bnc#1012628). +- workqueue: Allow retrieval of current task's work struct + (bnc#1012628). +- drm: Allow determining if current task is output poll worker + (bnc#1012628). +- drm/nouveau: Fix deadlock on runtime suspend (bnc#1012628). +- drm/radeon: Fix deadlock on runtime suspend (bnc#1012628). +- drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012628). +- drm/nouveau: prefer XBGR2101010 for addfb ioctl (bnc#1012628). +- drm/amd/powerplay/smu7: allow mclk switching with no displays + (bnc#1012628). +- drm/amd/powerplay/vega10: allow mclk switching with no displays + (bnc#1012628). +- Revert "drm/radeon/pm: autoswitch power state when in balanced + mode" (bnc#1012628). +- drm/amd/display: check for ipp before calling cursor operations + (bnc#1012628). +- drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE + (bnc#1012628). +- drm/amd/powerplay: fix power over limit on Fiji (bnc#1012628). +- drm/amd/display: Default HDMI6G support to true. Log VBIOS + table error (bnc#1012628). +- drm/amdgpu: used cached pcie gen info for SI (v2) (bnc#1012628). +- drm/amdgpu: Notify sbios device ready before send request + (bnc#1012628). +- drm/radeon: fix KV harvesting (bnc#1012628). +- drm/amdgpu: fix KV harvesting (bnc#1012628). +- drm/amdgpu:Correct max uvd handles (bnc#1012628). +- drm/amdgpu:Always save uvd vcpu_bo in VM Mode (bnc#1012628). +- ovl: redirect_dir=nofollow should not follow redirect for + opaque lower (bnc#1012628). +- MIPS: BMIPS: Do not mask IPIs during suspend (bnc#1012628). +- MIPS: ath25: Check for kzalloc allocation failure (bnc#1012628). +- MIPS: OCTEON: irq: Check for null return on kzalloc allocation + (bnc#1012628). +- PCI: dwc: Fix enumeration end when reaching root subordinate + (bnc#1012628). +- Input: matrix_keypad - fix race when disabling interrupts + (bnc#1012628). +- Revert "Input: synaptics - Lenovo Thinkpad T460p devices should + use RMI" (bnc#1012628). +- bug: use %pB in BUG and stack protector failure (bnc#1012628). +- lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() + (bnc#1012628). +- mm/memblock.c: hardcode the end_pfn being -1 (bnc#1012628). +- loop: Fix lost writes caused by missing flag (bnc#1012628). +- virtio_ring: fix num_free handling in error case (bnc#1012628). +- KVM: s390: fix memory overwrites when not using SCA entries + (bnc#1012628). +- arm64: mm: fix thinko in non-global page table attribute check + (bnc#1012628). +- IB/core: Fix missing RDMA cgroups release in case of failure + to register device (bnc#1012628). +- Revert "nvme: create 'slaves' and 'holders' entries for hidden + controllers" (bnc#1012628). +- kbuild: Handle builtin dtb file names containing hyphens + (bnc#1012628). +- dm bufio: avoid false-positive Wmaybe-uninitialized warning + (bnc#1012628). +- IB/mlx5: Fix incorrect size of klms in the memory region + (bnc#1012628). +- bcache: fix crashes in duplicate cache device register + (bnc#1012628). +- bcache: don't attach backing with duplicate UUID (bnc#1012628). +- x86/MCE: Save microcode revision in machine check records + (bnc#1012628). +- x86/MCE: Serialize sysfs changes (bnc#1012628). +- perf tools: Fix trigger class trigger_on() (bnc#1012628). +- x86/spectre_v2: Don't check microcode versions when running + under hypervisors (bnc#1012628). +- ALSA: hda/realtek - Add support headset mode for DELL WYSE + (bnc#1012628). +- ALSA: hda/realtek - Add headset mode support for Dell laptop + (bnc#1012628). +- ALSA: hda/realtek: Limit mic boost on T480 (bnc#1012628). +- ALSA: hda/realtek - Fix dock line-out volume on Dell Precision + 7520 (bnc#1012628). +- ALSA: hda/realtek - Make dock sound work on ThinkPad L570 + (bnc#1012628). +- ALSA: seq: Don't allow resizing pool in use (bnc#1012628). +- ALSA: seq: More protection for concurrent write and ioctl races + (bnc#1012628). +- ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines + (bnc#1012628). +- ALSA: hda: add dock and led support for HP EliteBook 820 G3 + (bnc#1012628). +- ALSA: hda: add dock and led support for HP ProBook 640 G2 + (bnc#1012628). +- scsi: qla2xxx: Fix NULL pointer crash due to probe failure + (bnc#1012628). +- scsi: qla2xxx: Fix recursion while sending terminate exchange + (bnc#1012628). +- dt-bindings: Document mti,mips-cpc binding (bnc#1012628). +- MIPS: CPC: Map registers using DT in + mips_cpc_default_phys_base() (bnc#1012628). +- nospec: Kill array_index_nospec_mask_check() (bnc#1012628). +- nospec: Include <asm/barrier.h> dependency (bnc#1012628). +- x86/entry: Reduce the code footprint of the 'idtentry' macro + (bnc#1012628). +- x86/entry/64: Use 'xorl' for faster register clearing + (bnc#1012628). +- x86/mm: Remove stale comment about KMEMCHECK (bnc#1012628). +- x86/asm: Improve how GEN_*_SUFFIXED_RMWcc() specify clobbers + (bnc#1012628). +- x86/IO-APIC: Avoid warning in 32-bit builds (bnc#1012628). +- x86/LDT: Avoid warning in 32-bit builds with older gcc + (bnc#1012628). +- x86-64/realmode: Add instruction suffix (bnc#1012628). +- Revert "x86/retpoline: Simplify vmexit_fill_RSB()" + (bnc#1012628). +- x86/speculation: Use IBRS if available before calling into + firmware (bnc#1012628). +- x86/retpoline: Support retpoline builds with Clang + (bnc#1012628). +- x86/speculation, objtool: Annotate indirect calls/jumps for + objtool (bnc#1012628). +- x86/speculation: Move firmware_restrict_branch_speculation_*() + from C to CPP (bnc#1012628). +- x86/paravirt, objtool: Annotate indirect calls (bnc#1012628). +- x86/boot, objtool: Annotate indirect jump in + secondary_startup_64() (bnc#1012628). +- x86/mm/sme, objtool: Annotate indirect call in + sme_encrypt_execute() (bnc#1012628). +- objtool: Use existing global variables for options + (bnc#1012628). +- objtool: Add retpoline validation (bnc#1012628). +- objtool: Add module specific retpoline rules (bnc#1012628). +- objtool, retpolines: Integrate objtool with retpoline support + more closely (bnc#1012628). +- objtool: Fix another switch table detection issue (bnc#1012628). +- objtool: Fix 32-bit build (bnc#1012628). +- x86/kprobes: Fix kernel crash when probing .entry_trampoline + code (bnc#1012628). +- watchdog: hpwdt: SMBIOS check (bnc#1012628). +- watchdog: hpwdt: Check source of NMI (bnc#1012628). +- watchdog: hpwdt: fix unused variable warning (bnc#1012628). +- watchdog: hpwdt: Remove legacy NMI sourcing (bnc#1012628). +- netfilter: add back stackpointer size checks (bnc#1012628). +- netfilter: ipt_CLUSTERIP: fix a race condition of proc file + creation (bnc#1012628). +- netfilter: xt_hashlimit: fix lock imbalance (bnc#1012628). +- netfilter: x_tables: fix missing timer initialization in xt_LED + (bnc#1012628). +- netfilter: nat: cope with negative port range (bnc#1012628). +- netfilter: IDLETIMER: be syzkaller friendly (bnc#1012628). +- netfilter: bridge: ebt_among: add missing match size checks + (bnc#1012628). +- netfilter: ipv6: fix use-after-free Write in + nf_nat_ipv6_manip_pkt (bnc#1012628). +- netfilter: use skb_to_full_sk in ip6_route_me_harder + (bnc#1012628). +- tpm_tis: Move ilb_base_addr to tpm_tis_data (bnc#1012628). +- tpm: Keep CLKRUN enabled throughout the duration of + transmit_cmd() (bnc#1012628). +- tpm: delete the TPM_TIS_CLK_ENABLE flag (bnc#1012628). +- tpm: remove unused variables (bnc#1012628). +- tpm: only attempt to disable the LPC CLKRUN if is already + enabled (bnc#1012628). +- x86/xen: Calculate __max_logical_packages on PV domains + (bnc#1012628). +- scsi: qla2xxx: Fix system crash for Notify ack timeout handling + (bnc#1012628). +- scsi: qla2xxx: Fix gpnid error processing (bnc#1012628). +- scsi: qla2xxx: Move session delete to driver work queue + (bnc#1012628). +- scsi: qla2xxx: Skip IRQ affinity for Target QPairs + (bnc#1012628). +- scsi: qla2xxx: Fix re-login for Nport Handle in use ++++ 68 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:43.571422476 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:43.583422043 +0100 @@ -17,7 +17,7 @@ %define srcversion 4.15 -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb}) Name: dtb-aarch64 -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:43.707417571 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:43.711417426 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.15 -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:43.851412376 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:43.855412232 +0100 @@ -17,7 +17,7 @@ %define srcversion 4.15 -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:43.923409779 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:43.927409635 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.15 -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:43.983407615 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:43.987407470 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %define vanilla_only 0 @@ -64,9 +64,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:44.043405450 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:44.047405306 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:44.091403719 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:44.103403285 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.15 -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:44.179400544 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:44.187400255 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.15 -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:44.243398236 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:44.251397947 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.15.9 +Version: 4.15.10 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:44.291396504 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:44.299396215 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.15 -%define patchversion 4.15.9 +%define patchversion 4.15.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.15.9 +Version: 4.15.10 %if 0%{?is_kotd} -Release: <RELEASE>.g2c1b8ee +Release: <RELEASE>.g5e4329c %else Release: 0 %endif kernel-vanilla.spec: same change kernel-zfcpdump.spec: same change ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 13696 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch new/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch --- old/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch 2018-03-11 23:31:16.000000000 +0100 +++ new/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch 2018-03-15 21:31:17.000000000 +0100 @@ -27,8 +27,8 @@ arch/x86/include/asm/nospec-branch.h | 2 - arch/x86/kernel/cpu/bugs.c | 35 ++++++++++++++++++------ arch/x86/lib/Makefile | 2 - - arch/x86/lib/retpoline.S | 4 ++ - 6 files changed, 34 insertions(+), 11 deletions(-) + arch/x86/lib/retpoline.S | 5 +++ + 6 files changed, 35 insertions(+), 11 deletions(-) --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -42,29 +42,32 @@ spectre_v2=auto. --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h -@@ -211,6 +211,7 @@ - #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */ +@@ -212,6 +212,7 @@ #define X86_FEATURE_USE_IBPB ( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */ -+#define X86_FEATURE_USE_IBRS ( 7*32+22) /* "" Use IBRS for Spectre v2 safety */ + #define X86_FEATURE_USE_IBRS_FW ( 7*32+22) /* "" Use IBRS during runtime firmware calls */ ++#define X86_FEATURE_USE_IBRS ( 7*32+23) /* "" Use IBRS for Spectre v2 safety */ /* Virtualization flags: Linux defined, word 8 */ #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h -@@ -155,12 +155,10 @@ extern char __indirect_thunk_end[]; +@@ -225,7 +225,6 @@ extern char __indirect_thunk_end[]; */ static inline void vmexit_fill_RSB(void) { -#ifdef CONFIG_RETPOLINE - alternative_input("", - "call __fill_rsb", - X86_FEATURE_RETPOLINE, - ASM_NO_INPUT_CLOBBER(_ASM_BX, "memory")); + unsigned long loops; + + asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE +@@ -235,7 +234,6 @@ static inline void vmexit_fill_RSB(void) + "910:" + : "=r" (loops), ASM_CALL_CONSTRAINT + : : "memory" ); -#endif } - static inline void indirect_branch_prediction_barrier(void) + #define alternative_msr_write(_msr, _val, _feature) \ --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -80,6 +80,7 @@ enum spectre_v2_mitigation_cmd { @@ -167,26 +170,24 @@ lib-$(CONFIG_RANDOMIZE_BASE) += kaslr.o -lib-$(CONFIG_RETPOLINE) += retpoline.o +lib-y += retpoline.o - OBJECT_FILES_NON_STANDARD_retpoline.o :=y obj-y += msr.o msr-reg.o msr-reg-export.o hweight.o + --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S -@@ -9,6 +9,8 @@ +@@ -8,6 +8,8 @@ + #include <asm/export.h> #include <asm/nospec-branch.h> - #include <asm/bitsperlong.h> +#ifdef CONFIG_RETPOLINE + .macro THUNK reg .section .text.__x86.indirect_thunk -@@ -48,6 +50,8 @@ GENERATE_THUNK(r14) +@@ -46,3 +48,6 @@ GENERATE_THUNK(r13) + GENERATE_THUNK(r14) GENERATE_THUNK(r15) #endif - ++ +#endif /* CONFIG_RETPOLINE */ + - /* - * Fill the CPU return stack buffer. - * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch new/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch --- old/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch 2018-03-11 23:31:16.000000000 +0100 +++ new/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch 2018-03-15 21:31:17.000000000 +0100 @@ -28,11 +28,10 @@ --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h -@@ -174,6 +174,42 @@ static inline void indirect_branch_predi - : "eax", "ecx", "edx", "memory"); +@@ -253,6 +253,42 @@ static inline void indirect_branch_predi } -+/* + /* + * This also performs a barrier, and setting it again when it was already + * set is NOT a no-op. + */ @@ -68,6 +67,7 @@ + : "memory"); +} + - #endif /* __ASSEMBLY__ */ - - /* ++/* + * With retpoline, we must use IBRS to restrict branch prediction + * before calling into firmware. + * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch new/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch --- old/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch 2018-03-11 23:31:16.000000000 +0100 +++ new/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch 2018-03-15 21:31:17.000000000 +0100 @@ -105,7 +105,7 @@ /* * We are on the trampoline stack. All regs except RDI are live. * We can do future final exit work right here. -@@ -617,11 +623,12 @@ GLOBAL(swapgs_restore_regs_and_return_to +@@ -616,11 +622,12 @@ GLOBAL(swapgs_restore_regs_and_return_to /* Push user RDI on the trampoline stack. */ pushq (%rdi) @@ -119,7 +119,7 @@ SWITCH_TO_USER_CR3_STACK scratch_reg=%rdi /* Restore RDI. */ -@@ -708,6 +715,13 @@ native_irq_return_ldt: +@@ -707,6 +714,13 @@ native_irq_return_ldt: SWAPGS /* to kernel GS */ SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi /* to kernel CR3 */ @@ -133,7 +133,7 @@ movq PER_CPU_VAR(espfix_waddr), %rdi movq %rax, (0*8)(%rdi) /* user RAX */ movq (1*8)(%rsp), %rax /* user RIP */ -@@ -841,6 +855,8 @@ ENTRY(switch_to_thread_stack) +@@ -840,6 +854,8 @@ ENTRY(switch_to_thread_stack) SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi movq %rsp, %rdi movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp @@ -142,7 +142,7 @@ UNWIND_HINT sp_offset=16 sp_reg=ORC_REG_DI pushq 7*8(%rdi) /* regs->ss */ -@@ -1140,6 +1156,8 @@ ENTRY(paranoid_entry) +@@ -1137,6 +1153,8 @@ ENTRY(paranoid_entry) 1: SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14 @@ -151,7 +151,7 @@ ret END(paranoid_entry) -@@ -1163,6 +1181,8 @@ ENTRY(paranoid_exit) +@@ -1160,6 +1178,8 @@ ENTRY(paranoid_exit) testl %ebx, %ebx /* swapgs needed? */ jnz .Lparanoid_exit_no_swapgs TRACE_IRQS_IRETQ @@ -160,7 +160,7 @@ RESTORE_CR3 scratch_reg=%rbx save_reg=%r14 SWAPGS_UNSAFE_STACK jmp .Lparanoid_exit_restore -@@ -1190,6 +1210,8 @@ ENTRY(error_entry) +@@ -1189,6 +1209,8 @@ ENTRY(error_entry) SWAPGS /* We have user CR3. Change to kernel CR3. */ SWITCH_TO_KERNEL_CR3 scratch_reg=%rax @@ -169,7 +169,7 @@ .Lerror_entry_from_usermode_after_swapgs: /* Put us onto the real thread stack. */ -@@ -1237,6 +1259,8 @@ ENTRY(error_entry) +@@ -1236,6 +1258,8 @@ ENTRY(error_entry) */ SWAPGS SWITCH_TO_KERNEL_CR3 scratch_reg=%rax @@ -178,7 +178,7 @@ jmp .Lerror_entry_done .Lbstep_iret: -@@ -1251,6 +1275,8 @@ ENTRY(error_entry) +@@ -1250,6 +1274,8 @@ ENTRY(error_entry) */ SWAPGS SWITCH_TO_KERNEL_CR3 scratch_reg=%rax @@ -187,7 +187,7 @@ /* * Pretend that the exception came from user mode: set up pt_regs -@@ -1352,6 +1378,10 @@ ENTRY(nmi) +@@ -1351,6 +1377,10 @@ ENTRY(nmi) SWITCH_TO_KERNEL_CR3 scratch_reg=%rdx movq %rsp, %rdx movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp @@ -198,7 +198,7 @@ UNWIND_HINT_IRET_REGS base=%rdx offset=8 pushq 5*8(%rdx) /* pt_regs->ss */ pushq 4*8(%rdx) /* pt_regs->rsp */ -@@ -1588,6 +1618,9 @@ end_repeat_nmi: +@@ -1585,6 +1615,9 @@ end_repeat_nmi: movq $-1, %rsi call do_nmi @@ -221,7 +221,7 @@ * User tracing code (ptrace or signal handlers) might assume that @@ -244,12 +246,18 @@ GLOBAL(entry_SYSCALL_compat_after_hwfram pushq $0 /* pt_regs->r15 = 0 */ - xorq %r15, %r15 /* nospec r15 */ + xorl %r15d, %r15d /* nospec r15 */ - /* - * User mode is traced as though IRQs are on, and SYSENTER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/Bluetooth-btusb-Fix-quirk-for-Atheros-1525-QCA6174.patch new/patches.suse/Bluetooth-btusb-Fix-quirk-for-Atheros-1525-QCA6174.patch --- old/patches.suse/Bluetooth-btusb-Fix-quirk-for-Atheros-1525-QCA6174.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/Bluetooth-btusb-Fix-quirk-for-Atheros-1525-QCA6174.patch 2018-03-15 21:31:17.000000000 +0100 @@ -0,0 +1,70 @@ +From: Takashi Iwai <[email protected]> +Subject: [PATCH] Bluebooth: btusb: Fix quirk for Atheros 1525/QCA6174 +Date: Thu, 15 Mar 2018 17:02:34 +0100 +Message-Id: <[email protected]> +Patch-mainline: Submitted, linux-bluetooth ML +References: bsc#1082504 + +The Atheros 1525/QCA6174 BT doesn't seem working properly on the +recent kernels, as it tries to load a wrong firmware +ar3k/AthrBT_0x00000200.dfu and it fails. + +This seems to have been a problem for some time, and the known +workaround is to apply BTUSB_QCA_ROM quirk instead of BTUSB_ATH3012. + +The device in question is: + +T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=03 Dev#= 4 Spd=12 MxCh= 0 +D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=0cf3 ProdID=3004 Rev= 0.01 +C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA +I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms +E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms +E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms +I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms +I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms +I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms +I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms +I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms + +Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=1082504 +Reported-and-tested-by: Ivan Levshin <[email protected]> +Cc: <[email protected]> +Signed-off-by: Takashi Iwai <[email protected]> + +--- + drivers/bluetooth/btusb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -230,7 +230,6 @@ static const struct usb_device_id blackl + { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, +- { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, +@@ -263,6 +262,7 @@ static const struct usb_device_id blackl + { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, + + /* QCA ROME chipset */ ++ { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_QCA_ROME }, + { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, + { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, + { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/Documentation-sphinx-Fix-Directive-import-error.patch new/patches.suse/Documentation-sphinx-Fix-Directive-import-error.patch --- old/patches.suse/Documentation-sphinx-Fix-Directive-import-error.patch 2018-03-11 23:31:16.000000000 +0100 +++ new/patches.suse/Documentation-sphinx-Fix-Directive-import-error.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,42 +0,0 @@ -From ff690eeed804f112242f9a0614eafdf559f9276a Mon Sep 17 00:00:00 2001 -From: Matthew Wilcox <[email protected]> -Date: Fri, 2 Mar 2018 10:40:14 -0800 -Subject: [PATCH] Documentation/sphinx: Fix Directive import error -Patch-mainline: v4.16-rc5 -Git-commit: ff690eeed804f112242f9a0614eafdf559f9276a -References: bsc#1083694 - -Sphinx 1.7 removed sphinx.util.compat.Directive so people -who have upgraded cannot build the documentation. Switch to -docutils.parsers.rst.Directive which has been available since -docutils 0.5 released in 2009. - -Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1083694 -Co-developed-by: Takashi Iwai <[email protected]> -Acked-by: Jani Nikula <[email protected]> -Cc: [email protected] -Signed-off-by: Matthew Wilcox <[email protected]> -Signed-off-by: Jonathan Corbet <[email protected]> -Acked-by: Takashi Iwai <[email protected]> - ---- - Documentation/sphinx/kerneldoc.py | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/Documentation/sphinx/kerneldoc.py b/Documentation/sphinx/kerneldoc.py -index 39aa9e8697cc..fbedcc39460b 100644 ---- a/Documentation/sphinx/kerneldoc.py -+++ b/Documentation/sphinx/kerneldoc.py -@@ -36,8 +36,7 @@ import glob - - from docutils import nodes, statemachine - from docutils.statemachine import ViewList --from docutils.parsers.rst import directives --from sphinx.util.compat import Directive -+from docutils.parsers.rst import directives, Directive - from sphinx.ext.autodoc import AutodocReporter - - __version__ = '1.0' --- -2.16.2 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/bpf-cpumap-use-GFP_KERNEL-instead-of-GFP_ATOMIC-in-_.patch new/patches.suse/bpf-cpumap-use-GFP_KERNEL-instead-of-GFP_ATOMIC-in-_.patch --- old/patches.suse/bpf-cpumap-use-GFP_KERNEL-instead-of-GFP_ATOMIC-in-_.patch 2018-03-11 23:31:16.000000000 +0100 +++ new/patches.suse/bpf-cpumap-use-GFP_KERNEL-instead-of-GFP_ATOMIC-in-_.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,44 +0,0 @@ -From: Jason Wang <[email protected]> -Date: Wed, 14 Feb 2018 22:17:34 +0800 -Subject: bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in - __cpu_map_entry_alloc() -Git-commit: 7fc17e909edfb9bf421ee04e981d3d474175c7c7 -Patch-mainline: v4.16-rc3 -References: git-fixes - -There're several implications after commit 0bf7800f1799 ("ptr_ring: -try vmalloc() when kmalloc() fails") with the using of vmalloc() since -can't allow GFP_ATOMIC but mandate GFP_KERNEL. This will lead a WARN -since cpumap try to call with GFP_ATOMIC. Fortunately, entry -allocation of cpumap can only be done through syscall path which means -GFP_ATOMIC is not necessary, so fixing this by replacing GFP_ATOMIC -with GFP_KERNEL. - -Reported-by: [email protected] -Fixes: 0bf7800f1799 ("ptr_ring: try vmalloc() when kmalloc() fails") -Cc: Michal Hocko <[email protected]> -Cc: Daniel Borkmann <[email protected]> -Cc: Matthew Wilcox <[email protected]> -Cc: Jesper Dangaard Brouer <[email protected]> -Cc: [email protected] -Cc: [email protected] -Cc: [email protected] -Signed-off-by: Jason Wang <[email protected]> -Acked-by: Jesper Dangaard Brouer <[email protected]> -Signed-off-by: Daniel Borkmann <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - kernel/bpf/cpumap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/kernel/bpf/cpumap.c -+++ b/kernel/bpf/cpumap.c -@@ -339,7 +339,7 @@ static int cpu_map_kthread_run(void *dat - - struct bpf_cpu_map_entry *__cpu_map_entry_alloc(u32 qsize, u32 cpu, int map_id) - { -- gfp_t gfp = GFP_ATOMIC|__GFP_NOWARN; -+ gfp_t gfp = GFP_KERNEL | __GFP_NOWARN; - struct bpf_cpu_map_entry *rcpu; - int numa, err; - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/brcmsmac-allocate-ucode-with-GFP_KERNEL new/patches.suse/brcmsmac-allocate-ucode-with-GFP_KERNEL --- old/patches.suse/brcmsmac-allocate-ucode-with-GFP_KERNEL 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/brcmsmac-allocate-ucode-with-GFP_KERNEL 2018-03-15 21:31:17.000000000 +0100 @@ -0,0 +1,43 @@ +From 234e443806a2ec8e2ab235718afd07557c2184f3 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <[email protected]> +Date: Wed, 14 Mar 2018 12:50:27 +0100 +Subject: [PATCH] brcmsmac: allocate ucode with GFP_KERNEL +Patch-mainline: No, testing +References: bsc#1085174 + +The brcms_ucode_init_buf() duplicates the ucode chunks via kmemdup() +with GFP_ATOMIC as a precondition of wl->lock acquired. This caused +allocation failures sometimes as reported in the bugzilla below. + +When looking at the the real usage, one can find that it's called +solely from brcms_request_fw(), and it's obviously outside the lock. +Hence we can use GFP_KERNEL there safely for avoiding such allocation +errors. + +Bugzilla: http://bugzilla.suse.com/show_bug.cgi?id=1085174 +Signed-off-by: Takashi Iwai <[email protected]> + +--- + drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c +@@ -1563,7 +1563,7 @@ void brcms_free_timer(struct brcms_timer + } + + /* +- * precondition: perimeter lock has been acquired ++ * precondition: no locking required + */ + int brcms_ucode_init_buf(struct brcms_info *wl, void **pbuf, u32 idx) + { +@@ -1578,7 +1578,7 @@ int brcms_ucode_init_buf(struct brcms_in + if (le32_to_cpu(hdr->idx) == idx) { + pdata = wl->fw.fw_bin[i]->data + + le32_to_cpu(hdr->offset); +- *pbuf = kmemdup(pdata, len, GFP_ATOMIC); ++ *pbuf = kmemdup(pdata, len, GFP_KERNEL); + if (*pbuf == NULL) + goto fail; + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/mac80211_hwsim-fix-possible-memory-leak-in-hwsim_new new/patches.suse/mac80211_hwsim-fix-possible-memory-leak-in-hwsim_new --- old/patches.suse/mac80211_hwsim-fix-possible-memory-leak-in-hwsim_new 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/mac80211_hwsim-fix-possible-memory-leak-in-hwsim_new 2018-03-15 21:31:17.000000000 +0100 @@ -0,0 +1,36 @@ +From 0ddcff49b672239dda94d70d0fcf50317a9f4b51 Mon Sep 17 00:00:00 2001 +From: "weiyongjun (A)" <[email protected]> +Date: Thu, 18 Jan 2018 02:23:34 +0000 +Subject: [PATCH] mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() +Git-commit: 0ddcff49b672239dda94d70d0fcf50317a9f4b51 +Patch-mainline: v4.16-rc1 +References: CVE-2018-8087,bsc#1085053 + +'hwname' is malloced in hwsim_new_radio_nl() and should be freed +before leaving from the error handling cases, otherwise it will cause +memory leak. + +Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length") +Signed-off-by: Wei Yongjun <[email protected]> +Reviewed-by: Ben Hutchings <[email protected]> +Signed-off-by: Johannes Berg <[email protected]> +Acked-by: Takashi Iwai <[email protected]> + +--- + drivers/net/wireless/mac80211_hwsim.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/mac80211_hwsim.c ++++ b/drivers/net/wireless/mac80211_hwsim.c +@@ -3150,8 +3150,10 @@ static int hwsim_new_radio_nl(struct sk_ + if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) { + u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]); + +- if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) ++ if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) { ++ kfree(hwname); + return -EINVAL; ++ } + param.regd = hwsim_world_regdom_custom[idx]; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/netfilter-ebtables-fix-erroneous-reject-of-last-rule.patch new/patches.suse/netfilter-ebtables-fix-erroneous-reject-of-last-rule.patch --- old/patches.suse/netfilter-ebtables-fix-erroneous-reject-of-last-rule.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/netfilter-ebtables-fix-erroneous-reject-of-last-rule.patch 2018-03-15 21:31:17.000000000 +0100 @@ -0,0 +1,41 @@ +From: Florian Westphal <[email protected]> +Date: Thu, 8 Mar 2018 12:54:19 +0100 +Subject: netfilter: ebtables: fix erroneous reject of last rule +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git +Git-commit: 932909d9b28d27e807ff8eecb68c7748f6701628 +References: bsc#1085107 + +The last rule in the blob has next_entry offset that is same as total size. +This made "ebtables32 -A OUTPUT -d de:ad:be:ef:01:02" fail on 64 bit kernel. + +Fixes: b71812168571fa ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") +Signed-off-by: Florian Westphal <[email protected]> +Signed-off-by: Pablo Neira Ayuso <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + net/bridge/netfilter/ebtables.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c +index 895ba1cd9750..d19b345b9b1b 100644 +--- a/net/bridge/netfilter/ebtables.c ++++ b/net/bridge/netfilter/ebtables.c +@@ -2112,8 +2112,12 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, + * offsets are relative to beginning of struct ebt_entry (i.e., 0). + */ + for (i = 0; i < 4 ; ++i) { +- if (offsets[i] >= *total) ++ if (offsets[i] > *total) + return -EINVAL; ++ ++ if (i < 3 && offsets[i] == *total) ++ return -EINVAL; ++ + if (i == 0) + continue; + if (offsets[i-1] > offsets[i]) +-- +2.16.2 + ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:46.095331427 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:46.095331427 +0100 @@ -784,6 +784,152 @@ patches.kernel.org/4.15.9-010-scsi-mpt3sas-wait-for-and-flush-running-comman.patch patches.kernel.org/4.15.9-011-KVM-x86-fix-backward-migration-with-async_PF.patch patches.kernel.org/4.15.9-012-Linux-4.15.9.patch + patches.kernel.org/4.15.10-001-RDMA-ucma-Limit-possible-option-size.patch + patches.kernel.org/4.15.10-002-RDMA-ucma-Check-that-user-doesn-t-overflow-QP.patch + patches.kernel.org/4.15.10-003-RDMA-mlx5-Fix-integer-overflow-while-resizing.patch + patches.kernel.org/4.15.10-004-bpf-cpumap-use-GFP_KERNEL-instead-of-GFP_ATOM.patch + patches.kernel.org/4.15.10-005-IB-uverbs-Improve-lockdep_check.patch + patches.kernel.org/4.15.10-006-mac80211_hwsim-don-t-use-WQ_MEM_RECLAIM.patch + patches.kernel.org/4.15.10-007-net-smc-fix-NULL-pointer-dereference-on-sock_.patch + patches.kernel.org/4.15.10-008-regulator-stm32-vrefbuf-fix-check-on-ready-fl.patch + patches.kernel.org/4.15.10-009-drm-i915-Check-for-fused-or-unused-pipes.patch + patches.kernel.org/4.15.10-010-drm-i915-audio-fix-check-for-av_enc_map-overf.patch + patches.kernel.org/4.15.10-011-drm-i915-Fix-rsvd2-mask-when-out-fence-is-ret.patch + patches.kernel.org/4.15.10-012-drm-i915-Clear-the-in-use-marker-on-execbuf-f.patch + patches.kernel.org/4.15.10-013-drm-i915-Disable-DC-states-around-GMBUS-on-GL.patch + patches.kernel.org/4.15.10-014-drm-i915-Update-watermark-state-correctly-in-.patch + patches.kernel.org/4.15.10-015-drm-i915-Try-EDID-bitbanging-on-HDMI-after-fa.patch + patches.kernel.org/4.15.10-016-drm-i915-perf-fix-perf-stream-opening-lock.patch + patches.kernel.org/4.15.10-017-scsi-core-Avoid-that-ATA-error-handling-can-t.patch + patches.kernel.org/4.15.10-018-scsi-qla2xxx-Fix-NULL-pointer-crash-due-to-ac.patch + patches.kernel.org/4.15.10-019-drm-i915-Always-call-to-intel_display_set_ini.patch + patches.kernel.org/4.15.10-020-workqueue-Allow-retrieval-of-current-task-s-w.patch + patches.kernel.org/4.15.10-021-drm-Allow-determining-if-current-task-is-outp.patch + patches.kernel.org/4.15.10-022-drm-nouveau-Fix-deadlock-on-runtime-suspend.patch + patches.kernel.org/4.15.10-023-drm-radeon-Fix-deadlock-on-runtime-suspend.patch + patches.kernel.org/4.15.10-024-drm-amdgpu-Fix-deadlock-on-runtime-suspend.patch + patches.kernel.org/4.15.10-025-drm-nouveau-prefer-XBGR2101010-for-addfb-ioct.patch + patches.kernel.org/4.15.10-026-drm-amd-powerplay-smu7-allow-mclk-switching-w.patch + patches.kernel.org/4.15.10-027-drm-amd-powerplay-vega10-allow-mclk-switching.patch + patches.kernel.org/4.15.10-028-Revert-drm-radeon-pm-autoswitch-power-state-w.patch + patches.kernel.org/4.15.10-029-drm-amd-display-check-for-ipp-before-calling-.patch + patches.kernel.org/4.15.10-030-drm-radeon-insist-on-32-bit-DMA-for-Cedar-on-.patch + patches.kernel.org/4.15.10-031-drm-amd-powerplay-fix-power-over-limit-on-Fij.patch + patches.kernel.org/4.15.10-032-drm-amd-display-Default-HDMI6G-support-to-tru.patch + patches.kernel.org/4.15.10-033-drm-amdgpu-used-cached-pcie-gen-info-for-SI-v.patch + patches.kernel.org/4.15.10-034-drm-amdgpu-Notify-sbios-device-ready-before-s.patch + patches.kernel.org/4.15.10-035-drm-radeon-fix-KV-harvesting.patch + patches.kernel.org/4.15.10-036-drm-amdgpu-fix-KV-harvesting.patch + patches.kernel.org/4.15.10-037-drm-amdgpu-Correct-max-uvd-handles.patch + patches.kernel.org/4.15.10-038-drm-amdgpu-Always-save-uvd-vcpu_bo-in-VM-Mode.patch + patches.kernel.org/4.15.10-039-ovl-redirect_dir-nofollow-should-not-follow-r.patch + patches.kernel.org/4.15.10-040-MIPS-BMIPS-Do-not-mask-IPIs-during-suspend.patch + patches.kernel.org/4.15.10-041-MIPS-ath25-Check-for-kzalloc-allocation-failu.patch + patches.kernel.org/4.15.10-042-MIPS-OCTEON-irq-Check-for-null-return-on-kzal.patch + patches.kernel.org/4.15.10-043-PCI-dwc-Fix-enumeration-end-when-reaching-roo.patch + patches.kernel.org/4.15.10-044-Input-matrix_keypad-fix-race-when-disabling-i.patch + patches.kernel.org/4.15.10-045-Revert-Input-synaptics-Lenovo-Thinkpad-T460p-.patch + patches.kernel.org/4.15.10-046-bug-use-pB-in-BUG-and-stack-protector-failure.patch + patches.kernel.org/4.15.10-047-lib-bug.c-exclude-non-BUG-WARN-exceptions-fro.patch + patches.kernel.org/4.15.10-048-mm-memblock.c-hardcode-the-end_pfn-being-1.patch + patches.kernel.org/4.15.10-049-Documentation-sphinx-Fix-Directive-import-err.patch + patches.kernel.org/4.15.10-050-loop-Fix-lost-writes-caused-by-missing-flag.patch + patches.kernel.org/4.15.10-051-virtio_ring-fix-num_free-handling-in-error-ca.patch + patches.kernel.org/4.15.10-052-KVM-s390-fix-memory-overwrites-when-not-using.patch + patches.kernel.org/4.15.10-053-arm64-mm-fix-thinko-in-non-global-page-table-.patch + patches.kernel.org/4.15.10-054-IB-core-Fix-missing-RDMA-cgroups-release-in-c.patch + patches.kernel.org/4.15.10-055-Revert-nvme-create-slaves-and-holders-entries.patch + patches.kernel.org/4.15.10-056-kbuild-Handle-builtin-dtb-file-names-containi.patch + patches.kernel.org/4.15.10-057-dm-bufio-avoid-false-positive-Wmaybe-uninitia.patch + patches.kernel.org/4.15.10-058-IB-mlx5-Fix-incorrect-size-of-klms-in-the-mem.patch + patches.kernel.org/4.15.10-059-bcache-fix-crashes-in-duplicate-cache-device-.patch + patches.kernel.org/4.15.10-060-bcache-don-t-attach-backing-with-duplicate-UU.patch + patches.kernel.org/4.15.10-061-x86-MCE-Save-microcode-revision-in-machine-ch.patch + patches.kernel.org/4.15.10-062-x86-MCE-Serialize-sysfs-changes.patch + patches.kernel.org/4.15.10-063-perf-tools-Fix-trigger-class-trigger_on.patch + patches.kernel.org/4.15.10-064-x86-spectre_v2-Don-t-check-microcode-versions.patch + patches.kernel.org/4.15.10-065-ALSA-hda-realtek-Add-support-headset-mode-for.patch + patches.kernel.org/4.15.10-066-ALSA-hda-realtek-Add-headset-mode-support-for.patch + patches.kernel.org/4.15.10-067-ALSA-hda-realtek-Limit-mic-boost-on-T480.patch + patches.kernel.org/4.15.10-068-ALSA-hda-realtek-Fix-dock-line-out-volume-on-.patch + patches.kernel.org/4.15.10-069-ALSA-hda-realtek-Make-dock-sound-work-on-Thin.patch + patches.kernel.org/4.15.10-070-ALSA-seq-Don-t-allow-resizing-pool-in-use.patch + patches.kernel.org/4.15.10-071-ALSA-seq-More-protection-for-concurrent-write.patch + patches.kernel.org/4.15.10-072-ALSA-hda-Fix-a-wrong-FIXUP-for-alc289-on-Dell.patch + patches.kernel.org/4.15.10-073-ALSA-hda-add-dock-and-led-support-for-HP-Elit.patch + patches.kernel.org/4.15.10-074-ALSA-hda-add-dock-and-led-support-for-HP-ProB.patch + patches.kernel.org/4.15.10-075-scsi-qla2xxx-Fix-NULL-pointer-crash-due-to-pr.patch + patches.kernel.org/4.15.10-076-scsi-qla2xxx-Fix-recursion-while-sending-term.patch + patches.kernel.org/4.15.10-077-dt-bindings-Document-mti-mips-cpc-binding.patch + patches.kernel.org/4.15.10-078-MIPS-CPC-Map-registers-using-DT-in-mips_cpc_d.patch + patches.kernel.org/4.15.10-079-nospec-Kill-array_index_nospec_mask_check.patch + patches.kernel.org/4.15.10-080-nospec-Include-asm-barrier.h-dependency.patch + patches.kernel.org/4.15.10-081-x86-entry-Reduce-the-code-footprint-of-the-id.patch + patches.kernel.org/4.15.10-082-x86-entry-64-Use-xorl-for-faster-register-cle.patch + patches.kernel.org/4.15.10-083-x86-mm-Remove-stale-comment-about-KMEMCHECK.patch + patches.kernel.org/4.15.10-084-x86-asm-Improve-how-GEN_-_SUFFIXED_RMWcc-spec.patch + patches.kernel.org/4.15.10-085-x86-IO-APIC-Avoid-warning-in-32-bit-builds.patch + patches.kernel.org/4.15.10-086-x86-LDT-Avoid-warning-in-32-bit-builds-with-o.patch + patches.kernel.org/4.15.10-087-x86-64-realmode-Add-instruction-suffix.patch + patches.kernel.org/4.15.10-088-Revert-x86-retpoline-Simplify-vmexit_fill_RSB.patch + patches.kernel.org/4.15.10-089-x86-speculation-Use-IBRS-if-available-before-.patch + patches.kernel.org/4.15.10-090-x86-retpoline-Support-retpoline-builds-with-C.patch + patches.kernel.org/4.15.10-091-x86-speculation-objtool-Annotate-indirect-cal.patch + patches.kernel.org/4.15.10-092-x86-speculation-Move-firmware_restrict_branch.patch + patches.kernel.org/4.15.10-093-x86-paravirt-objtool-Annotate-indirect-calls.patch + patches.kernel.org/4.15.10-094-x86-boot-objtool-Annotate-indirect-jump-in-se.patch + patches.kernel.org/4.15.10-095-x86-mm-sme-objtool-Annotate-indirect-call-in-.patch + patches.kernel.org/4.15.10-096-objtool-Use-existing-global-variables-for-opt.patch + patches.kernel.org/4.15.10-097-objtool-Add-retpoline-validation.patch + patches.kernel.org/4.15.10-098-objtool-Add-module-specific-retpoline-rules.patch + patches.kernel.org/4.15.10-099-objtool-retpolines-Integrate-objtool-with-ret.patch + patches.kernel.org/4.15.10-100-objtool-Fix-another-switch-table-detection-is.patch + patches.kernel.org/4.15.10-101-objtool-Fix-32-bit-build.patch + patches.kernel.org/4.15.10-102-x86-kprobes-Fix-kernel-crash-when-probing-.en.patch + patches.kernel.org/4.15.10-103-watchdog-hpwdt-SMBIOS-check.patch + patches.kernel.org/4.15.10-104-watchdog-hpwdt-Check-source-of-NMI.patch + patches.kernel.org/4.15.10-105-watchdog-hpwdt-fix-unused-variable-warning.patch + patches.kernel.org/4.15.10-106-watchdog-hpwdt-Remove-legacy-NMI-sourcing.patch + patches.kernel.org/4.15.10-107-netfilter-add-back-stackpointer-size-checks.patch + patches.kernel.org/4.15.10-108-netfilter-ipt_CLUSTERIP-fix-a-race-condition-.patch + patches.kernel.org/4.15.10-109-netfilter-xt_hashlimit-fix-lock-imbalance.patch + patches.kernel.org/4.15.10-110-netfilter-x_tables-fix-missing-timer-initiali.patch + patches.kernel.org/4.15.10-111-netfilter-nat-cope-with-negative-port-range.patch + patches.kernel.org/4.15.10-112-netfilter-IDLETIMER-be-syzkaller-friendly.patch + patches.kernel.org/4.15.10-113-netfilter-ebtables-CONFIG_COMPAT-don-t-trust-.patch + patches.kernel.org/4.15.10-114-netfilter-bridge-ebt_among-add-missing-match-.patch + patches.kernel.org/4.15.10-115-netfilter-ipv6-fix-use-after-free-Write-in-nf.patch + patches.kernel.org/4.15.10-116-netfilter-use-skb_to_full_sk-in-ip6_route_me_.patch + patches.kernel.org/4.15.10-117-tpm_tis-Move-ilb_base_addr-to-tpm_tis_data.patch + patches.kernel.org/4.15.10-118-tpm-Keep-CLKRUN-enabled-throughout-the-durati.patch + patches.kernel.org/4.15.10-119-tpm-delete-the-TPM_TIS_CLK_ENABLE-flag.patch + patches.kernel.org/4.15.10-120-tpm-remove-unused-variables.patch + patches.kernel.org/4.15.10-121-tpm-only-attempt-to-disable-the-LPC-CLKRUN-if.patch + patches.kernel.org/4.15.10-122-x86-xen-Calculate-__max_logical_packages-on-P.patch + patches.kernel.org/4.15.10-123-scsi-qla2xxx-Fix-system-crash-for-Notify-ack-.patch + patches.kernel.org/4.15.10-124-scsi-qla2xxx-Fix-gpnid-error-processing.patch + patches.kernel.org/4.15.10-125-scsi-qla2xxx-Move-session-delete-to-driver-wo.patch + patches.kernel.org/4.15.10-126-scsi-qla2xxx-Skip-IRQ-affinity-for-Target-QPa.patch + patches.kernel.org/4.15.10-127-scsi-qla2xxx-Fix-re-login-for-Nport-Handle-in.patch + patches.kernel.org/4.15.10-128-scsi-qla2xxx-Retry-switch-command-on-time-out.patch + patches.kernel.org/4.15.10-129-scsi-qla2xxx-Serialize-GPNID-for-multiple-RSC.patch + patches.kernel.org/4.15.10-130-scsi-qla2xxx-Fix-login-state-machine-stuck-at.patch + patches.kernel.org/4.15.10-131-scsi-qla2xxx-Fix-NPIV-host-cleanup-in-target-.patch + patches.kernel.org/4.15.10-132-scsi-qla2xxx-Relogin-to-target-port-on-a-cabl.patch + patches.kernel.org/4.15.10-133-scsi-qla2xxx-Fix-Relogin-being-triggered-too-.patch + patches.kernel.org/4.15.10-134-scsi-qla2xxx-Fix-PRLI-state-check.patch + patches.kernel.org/4.15.10-135-scsi-qla2xxx-Fix-abort-command-deadlock-due-t.patch + patches.kernel.org/4.15.10-136-scsi-qla2xxx-Replace-fcport-alloc-with-qla2x0.patch + patches.kernel.org/4.15.10-137-scsi-qla2xxx-Fix-scan-state-field-for-fcport.patch + patches.kernel.org/4.15.10-138-scsi-qla2xxx-Clear-loop-id-after-delete.patch + patches.kernel.org/4.15.10-139-scsi-qla2xxx-Defer-processing-of-GS-IOCB-call.patch + patches.kernel.org/4.15.10-140-scsi-qla2xxx-Remove-aborting-ELS-IOCB-call-is.patch + patches.kernel.org/4.15.10-141-scsi-qla2xxx-Fix-system-crash-in-qlt_plogi_ac.patch + patches.kernel.org/4.15.10-142-scsi-qla2xxx-Fix-memory-leak-in-dual-target-m.patch + patches.kernel.org/4.15.10-143-NFS-Fix-an-incorrect-type-in-struct-nfs_direc.patch + patches.kernel.org/4.15.10-144-pNFS-Prevent-the-layout-header-refcount-going.patch + patches.kernel.org/4.15.10-145-NFS-Fix-unstable-write-completion.patch + patches.kernel.org/4.15.10-146-Linux-4.15.10.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -806,7 +952,6 @@ # Note that every patch in the patches.rpmify directory # will be included in the vanilla package. ######################################################## - patches.suse/Documentation-sphinx-Fix-Directive-import-error.patch ######################################################## # kbuild/module infrastructure fixes @@ -963,12 +1108,12 @@ ######################################################## # Networking Core ######################################################## - patches.suse/bpf-cpumap-use-GFP_KERNEL-instead-of-GFP_ATOMIC-in-_.patch ######################################################## # Netfilter ######################################################## patches.suse/netfilter-ip_conntrack_slp.patch + patches.suse/netfilter-ebtables-fix-erroneous-reject-of-last-rule.patch ######################################################## # NFS @@ -1073,6 +1218,9 @@ ######################################################## patches.suse/b43-missing-firmware-info.patch patches.suse/iwlwifi-expose-default-fallback-ucode-api + patches.suse/mac80211_hwsim-fix-possible-memory-leak-in-hwsim_new + patches.suse/brcmsmac-allocate-ucode-with-GFP_KERNEL + patches.suse/Bluetooth-btusb-Fix-quirk-for-Atheros-1525-QCA6174.patch ######################################################## # ISDN ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.Snqvb1/_old 2018-03-19 23:33:46.131330129 +0100 +++ /var/tmp/diff_new_pack.Snqvb1/_new 2018-03-19 23:33:46.135329984 +0100 @@ -1,3 +1,3 @@ -2018-03-11 23:31:16 +0100 -GIT Revision: 2c1b8ee0db3a5bf9a7e1b357a479171911a603cb +2018-03-15 21:31:17 +0100 +GIT Revision: 5e4329cbc123a2b751335c2ae71174a47af3ff6d GIT Branch: stable
