Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2018-04-16 12:44:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Mon Apr 16 12:44:15 2018 rev:420 rq:595988 version:4.16.2 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2018-04-11 13:48:46.179492413 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2018-04-16 12:44:23.999129656 +0200 @@ -1,0 +2,56 @@ +Thu Apr 12 14:50:41 CEST 2018 - jsl...@suse.cz + +- Linux 4.16.2 (bnc#1012628). +- nfp: use full 40 bits of the NSP buffer address (bnc#1012628). +- net_sched: fix a missing idr_remove() in u32_delete_key() + (bnc#1012628). +- vti6: better validate user provided tunnel names (bnc#1012628). +- ip6_tunnel: better validate user provided tunnel names + (bnc#1012628). +- ip6_gre: better validate user provided tunnel names + (bnc#1012628). +- ipv6: sit: better validate user provided tunnel names + (bnc#1012628). +- ip_tunnel: better validate user provided tunnel names + (bnc#1012628). +- net: fool proof dev_valid_name() (bnc#1012628). +- vlan: also check phy_driver ts_info for vlan's real device + (bnc#1012628). +- sky2: Increase D3 delay to sky2 stops working after suspend + (bnc#1012628). +- sctp: sctp_sockaddr_af must check minimal addr length for + AF_INET6 (bnc#1012628). +- sctp: do not leak kernel memory to user space (bnc#1012628). +- pptp: remove a buggy dst release in pptp_connect() + (bnc#1012628). +- net/sched: fix NULL dereference in the error path of + tcf_bpf_init() (bnc#1012628). +- net/ipv6: Increment OUTxxx counters after netfilter hook + (bnc#1012628). +- net: dsa: Discard frames from unused ports (bnc#1012628). +- arp: fix arp_filter on l3slave devices (bnc#1012628). +- sparc64: Oracle DAX driver depends on SPARC64 (bnc#1012628). +- commit 8ea896b + +------------------------------------------------------------------- +Wed Apr 11 11:59:12 CEST 2018 - jsl...@suse.cz + +- Update config files. + s390x/vanilla fails to build without this. +- commit e8d83e8 + +------------------------------------------------------------------- +Tue Apr 10 20:01:19 CEST 2018 - ti...@suse.de + +- swiotlb: Fix unexpected swiotlb_alloc_coherent() failures + (bsc#1088658, bsc#1088902). +- commit 096b538 + +------------------------------------------------------------------- +Mon Apr 9 12:28:40 CEST 2018 - ti...@suse.de + +- media: v4l2-core: fix size of devnode_nums[] bitarray + (bsc#1088640). +- commit 6fcb3b5 + +------------------------------------------------------------------- @@ -60,0 +117,6 @@ + +------------------------------------------------------------------- +Thu Apr 5 00:15:45 CEST 2018 - rgold...@suse.com + +- apparmor: Check all profiles attached to the label (bsc#1085996). +- commit b249c9e dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-kvmsmall.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.045454255 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.049454110 +0200 @@ -17,7 +17,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license}) Name: dtb-aarch64 -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.121451490 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.125451344 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -164,10 +164,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 # END COMMON DEPS -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%srcversion.tar.xz Source2: source-post.sh @@ -1055,8 +1055,8 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %obsolete_rebuilds %name-base %ifarch %ix86 ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.149450471 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.153450326 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0 Group: System/Kernel -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -164,10 +164,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 # END COMMON DEPS -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %ifarch ppc64 Provides: kernel-kdump = 2.6.28 Obsoletes: kernel-kdump <= 2.6.28 @@ -1061,8 +1061,8 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %ifarch ppc64 Provides: kernel-kdump-base = 2.6.28 ++++++ kernel-default.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.173449598 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.177449453 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: The Standard Kernel License: GPL-2.0 Group: System/Kernel -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -164,10 +164,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 # END COMMON DEPS -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %ifarch %ix86 Provides: kernel-smp = 2.6.17 Obsoletes: kernel-smp <= 2.6.17 @@ -1104,8 +1104,8 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %ifarch %ix86 Provides: kernel-trace-base = 3.13 ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.193448871 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.197448725 +0200 @@ -17,7 +17,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -63,7 +63,7 @@ %endif Url: http://www.kernel.org/ Provides: %name = %version-%source_rel -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%srcversion.tar.xz ++++++ kernel-kvmsmall.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.217447998 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.221447852 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: The Small Developer Kernel for KVM License: GPL-2.0 Group: System/Kernel -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -164,10 +164,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 # END COMMON DEPS -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%srcversion.tar.xz Source2: source-post.sh @@ -1059,8 +1059,8 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %obsolete_rebuilds %name-base %ifarch %ix86 kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.269446105 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.269446105 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -45,7 +45,7 @@ %endif %endif %endif -BuildRequires: kernel%kernel_flavor-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +BuildRequires: kernel%kernel_flavor-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %if 0%{?rhel_version} BuildRequires: kernel @@ -64,9 +64,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.293445232 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.313444505 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.333443777 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.337443632 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -164,10 +164,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 # END COMMON DEPS -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %ifarch %ix86 Provides: kernel-bigsmp = 2.6.17 Obsoletes: kernel-bigsmp <= 2.6.17 @@ -1081,8 +1081,8 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %ifarch %ix86 Provides: kernel-vmi-base = 2.6.38 ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.357442904 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.361442758 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -43,7 +43,7 @@ BuildRequires: sed Requires(post): coreutils sed Provides: %name = %version-%source_rel -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 Provides: linux Provides: multiversion(kernel) Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%srcversion.tar.xz ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.389441739 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.389441739 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.16.1 +Version: 4.16.2 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -55,7 +55,7 @@ %endif Requires: pesign-obs-integration Provides: %name = %version-%source_rel -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 Provides: multiversion(kernel) Source: README.KSYMS Requires: kernel-devel%variant = %version-%source_rel ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:10.409441012 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:10.413440866 +0200 @@ -18,7 +18,7 @@ %define srcversion 4.16 -%define patchversion 4.16.1 +%define patchversion 4.16.2 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.16.1 +Version: 4.16.2 %if 0%{?is_kotd} -Release: <RELEASE>.gfc6541a +Release: <RELEASE>.g7b2d22b %else Release: 0 %endif @@ -164,10 +164,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 # END COMMON DEPS -Provides: %name-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: %name-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%srcversion.tar.xz Source2: source-post.sh @@ -1054,8 +1054,8 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 -Provides: kernel-%build_flavor-base-srchash = fc6541a4887903de7c2dceaf9e6a75023a494f13 +Provides: kernel-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 +Provides: kernel-%build_flavor-base-srchash = 7b2d22b118d1ce275f762e1458e957a45ff84018 %obsolete_rebuilds %name-base %ifarch %ix86 kernel-vanilla.spec: same change kernel-zfcpdump.spec: same change ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/vanilla new/config/s390x/vanilla --- old/config/s390x/vanilla 2018-04-06 10:08:04.000000000 +0200 +++ new/config/s390x/vanilla 2018-04-11 11:59:12.000000000 +0200 @@ -2,10 +2,11 @@ # CONFIG_IP6_NF_MATCH_SRH is not set # CONFIG_LIRC is not set CONFIG_LOCALVERSION="-vanilla" +# CONFIG_MODULE_SIG is not set # CONFIG_NF_FLOW_TABLE is not set CONFIG_REFCOUNT_FULL=y # CONFIG_RUNTIME_TESTING_MENU is not set # CONFIG_SENSORS_W83773G is not set # CONFIG_SOUNDWIRE is not set +# CONFIG_SYSTEM_DATA_VERIFICATION is not set CONFIG_MODULES=y -# CONFIG_MODULE_SIG is not set ++++++ patches.kernel.org.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-001-sparc64-Oracle-DAX-driver-depends-on-SPARC64.patch new/patches.kernel.org/4.16.2-001-sparc64-Oracle-DAX-driver-depends-on-SPARC64.patch --- old/patches.kernel.org/4.16.2-001-sparc64-Oracle-DAX-driver-depends-on-SPARC64.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-001-sparc64-Oracle-DAX-driver-depends-on-SPARC64.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,50 @@ +From: Guenter Roeck <li...@roeck-us.net> +Date: Mon, 26 Feb 2018 15:21:18 -0800 +Subject: [PATCH] sparc64: Oracle DAX driver depends on SPARC64 +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 9c548bb5823dfcf7a16c6e65976d84d9581208c9 + +commit 9c548bb5823dfcf7a16c6e65976d84d9581208c9 upstream. + +sparc:allmodconfig fails to build as follows. + +ERROR: "mdesc_release" [drivers/sbus/char/oradax.ko] undefined! +ERROR: "sun4v_hvapi_register" [drivers/sbus/char/oradax.ko] undefined! +ERROR: "mdesc_get_property" [drivers/sbus/char/oradax.ko] undefined! +ERROR: "mdesc_node_by_name" [drivers/sbus/char/oradax.ko] undefined! +ERROR: "mdesc_grab" [drivers/sbus/char/oradax.ko] undefined! +ERROR: "sun4v_ccb_info" [drivers/sbus/char/oradax.ko] undefined! +ERROR: "sun4v_ccb_submit" [drivers/sbus/char/oradax.ko] undefined! +ERROR: "sun4v_ccb_kill" [drivers/sbus/char/oradax.ko] undefined! + +The symbols are only available with SPARC64 builds, thus the driver +depends on it. + +Fixes: dd0273284c74 ("sparc64: Oracle DAX driver") +Cc: Kees Cook <keesc...@chromium.org> +Signed-off-by: Guenter Roeck <li...@roeck-us.net> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/sbus/char/Kconfig | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/sbus/char/Kconfig b/drivers/sbus/char/Kconfig +index a785aa7660c3..bf3c5f735614 100644 +--- a/drivers/sbus/char/Kconfig ++++ b/drivers/sbus/char/Kconfig +@@ -72,7 +72,8 @@ config DISPLAY7SEG + + config ORACLE_DAX + tristate "Oracle Data Analytics Accelerator" +- default m if SPARC64 ++ depends on SPARC64 ++ default m + help + Driver for Oracle Data Analytics Accelerator, which is + a coprocessor that performs database operations in hardware. +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-002-arp-fix-arp_filter-on-l3slave-devices.patch new/patches.kernel.org/4.16.2-002-arp-fix-arp_filter-on-l3slave-devices.patch --- old/patches.kernel.org/4.16.2-002-arp-fix-arp_filter-on-l3slave-devices.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-002-arp-fix-arp_filter-on-l3slave-devices.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,46 @@ +From: Miguel Fadon Perlines <mfa...@teldat.com> +Date: Thu, 5 Apr 2018 10:25:38 +0200 +Subject: [PATCH] arp: fix arp_filter on l3slave devices +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 58b35f27689b5eb514fc293c332966c226b1b6e4 + +[ Upstream commit 58b35f27689b5eb514fc293c332966c226b1b6e4 ] + +arp_filter performs an ip_route_output search for arp source address and +checks if output device is the same where the arp request was received, +if it is not, the arp request is not answered. + +This route lookup is always done on main route table so l3slave devices +never find the proper route and arp is not answered. + +Passing l3mdev_master_ifindex_rcu(dev) return value as oif fixes the +lookup for l3slave devices while maintaining same behavior for non +l3slave devices as this function returns 0 in that case. + +Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX") +Signed-off-by: Miguel Fadon Perlines <mfa...@teldat.com> +Acked-by: David Ahern <d...@cumulusnetworks.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/ipv4/arp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index f28f06c91ead..7333db17c581 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -437,7 +437,7 @@ static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev) + /*unsigned long now; */ + struct net *net = dev_net(dev); + +- rt = ip_route_output(net, sip, tip, 0, 0); ++ rt = ip_route_output(net, sip, tip, 0, l3mdev_master_ifindex_rcu(dev)); + if (IS_ERR(rt)) + return 1; + if (rt->dst.dev != dev) { +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-003-net-dsa-Discard-frames-from-unused-ports.patch new/patches.kernel.org/4.16.2-003-net-dsa-Discard-frames-from-unused-ports.patch --- old/patches.kernel.org/4.16.2-003-net-dsa-Discard-frames-from-unused-ports.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-003-net-dsa-Discard-frames-from-unused-ports.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,54 @@ +From: Andrew Lunn <and...@lunn.ch> +Date: Sat, 7 Apr 2018 20:37:40 +0200 +Subject: [PATCH] net: dsa: Discard frames from unused ports +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: fc5f33768cca7144f8d793205b229d46740d183b + +[ Upstream commit fc5f33768cca7144f8d793205b229d46740d183b ] + +The Marvell switches under some conditions will pass a frame to the +host with the port being the CPU port. Such frames are invalid, and +should be dropped. Not dropping them can result in a crash when +incrementing the receive statistics for an invalid port. + +Reported-by: Chris Healy <cphe...@gmail.com> +Fixes: 91da11f870f0 ("net: Distributed Switch Architecture protocol support") +Signed-off-by: Andrew Lunn <and...@lunn.ch> +Reviewed-by: Florian Fainelli <f.faine...@gmail.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/dsa/dsa_priv.h | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/net/dsa/dsa_priv.h b/net/dsa/dsa_priv.h +index 70de7895e5b8..053731473c99 100644 +--- a/net/dsa/dsa_priv.h ++++ b/net/dsa/dsa_priv.h +@@ -126,6 +126,7 @@ static inline struct net_device *dsa_master_find_slave(struct net_device *dev, + struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_switch_tree *dst = cpu_dp->dst; + struct dsa_switch *ds; ++ struct dsa_port *slave_port; + + if (device < 0 || device >= DSA_MAX_SWITCHES) + return NULL; +@@ -137,7 +138,12 @@ static inline struct net_device *dsa_master_find_slave(struct net_device *dev, + if (port < 0 || port >= ds->num_ports) + return NULL; + +- return ds->ports[port].slave; ++ slave_port = &ds->ports[port]; ++ ++ if (unlikely(slave_port->type != DSA_PORT_TYPE_USER)) ++ return NULL; ++ ++ return slave_port->slave; + } + + /* port.c */ +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-004-net-ipv6-Increment-OUTxxx-counters-after-netfi.patch new/patches.kernel.org/4.16.2-004-net-ipv6-Increment-OUTxxx-counters-after-netfi.patch --- old/patches.kernel.org/4.16.2-004-net-ipv6-Increment-OUTxxx-counters-after-netfi.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-004-net-ipv6-Increment-OUTxxx-counters-after-netfi.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,53 @@ +From: Jeff Barnhill <0xeff...@gmail.com> +Date: Thu, 5 Apr 2018 21:29:47 +0000 +Subject: [PATCH] net/ipv6: Increment OUTxxx counters after netfilter hook +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 71a1c915238c970cd9bdd5bf158b1279d6b6d55b + +[ Upstream commit 71a1c915238c970cd9bdd5bf158b1279d6b6d55b ] + +At the end of ip6_forward(), IPSTATS_MIB_OUTFORWDATAGRAMS and +IPSTATS_MIB_OUTOCTETS are incremented immediately before the NF_HOOK call +for NFPROTO_IPV6 / NF_INET_FORWARD. As a result, these counters get +incremented regardless of whether or not the netfilter hook allows the +packet to continue being processed. This change increments the counters +in ip6_forward_finish() so that it will not happen if the netfilter hook +chooses to terminate the packet, which is similar to how IPv4 works. + +Signed-off-by: Jeff Barnhill <0xeff...@gmail.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/ipv6/ip6_output.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 5cb18c8ba9b2..4065ae0c32a0 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -375,6 +375,11 @@ static int ip6_forward_proxy_check(struct sk_buff *skb) + static inline int ip6_forward_finish(struct net *net, struct sock *sk, + struct sk_buff *skb) + { ++ struct dst_entry *dst = skb_dst(skb); ++ ++ __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); ++ __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); ++ + return dst_output(net, sk, skb); + } + +@@ -569,8 +574,6 @@ int ip6_forward(struct sk_buff *skb) + + hdr->hop_limit--; + +- __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); +- __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); + return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, + net, NULL, skb, skb->dev, dst->dev, + ip6_forward_finish); +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-005-net-sched-fix-NULL-dereference-in-the-error-pa.patch new/patches.kernel.org/4.16.2-005-net-sched-fix-NULL-dereference-in-the-error-pa.patch --- old/patches.kernel.org/4.16.2-005-net-sched-fix-NULL-dereference-in-the-error-pa.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-005-net-sched-fix-NULL-dereference-in-the-error-pa.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,106 @@ +From: Davide Caratti <dcara...@redhat.com> +Date: Fri, 6 Apr 2018 01:19:37 +0200 +Subject: [PATCH] net/sched: fix NULL dereference in the error path of + tcf_bpf_init() +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 3239534a79ee6f20cffd974173a1e62e0730e8ac + +[ Upstream commit 3239534a79ee6f20cffd974173a1e62e0730e8ac ] + +when tcf_bpf_init_from_ops() fails (e.g. because of program having invalid +number of instructions), tcf_bpf_cfg_cleanup() calls bpf_prog_put(NULL) or +bpf_prog_destroy(NULL). Unless CONFIG_BPF_SYSCALL is unset, this causes +the following error: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 + PGD 800000007345a067 P4D 800000007345a067 PUD 340e1067 PMD 0 + Oops: 0000 [#1] SMP PTI + Modules linked in: act_bpf(E) ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_generic pcbc snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd glue_helper cryptd joydev snd_timer snd virtio_balloon pcspkr soundcore i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_blk drm virtio_net virtio_console i2c_core crc32c_intel serio_raw virtio_pci ata_piix libata virtio_ring floppy virtio dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_bpf] + CPU: 3 PID: 5654 Comm: tc Tainted: G E 4.16.0.bpf_test+ #408 + Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 + RIP: 0010:__bpf_prog_put+0xc/0xc0 + RSP: 0018:ffff9594003ef728 EFLAGS: 00010202 + RAX: 0000000000000000 RBX: ffff9594003ef758 RCX: 0000000000000024 + RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 + RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 + R10: 0000000000000220 R11: ffff8a7ab9f17131 R12: 0000000000000000 + R13: ffff8a7ab7c3c8e0 R14: 0000000000000001 R15: ffff8a7ab88f1054 + FS: 00007fcb2f17c740(0000) GS:ffff8a7abfd80000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000020 CR3: 000000007c888006 CR4: 00000000001606e0 + Call Trace: + tcf_bpf_cfg_cleanup+0x2f/0x40 [act_bpf] + tcf_bpf_cleanup+0x4c/0x70 [act_bpf] + __tcf_idr_release+0x79/0x140 + tcf_bpf_init+0x125/0x330 [act_bpf] + tcf_action_init_1+0x2cc/0x430 + ? get_page_from_freelist+0x3f0/0x11b0 + tcf_action_init+0xd3/0x1b0 + tc_ctl_action+0x18b/0x240 + rtnetlink_rcv_msg+0x29c/0x310 + ? _cond_resched+0x15/0x30 + ? __kmalloc_node_track_caller+0x1b9/0x270 + ? rtnl_calcit.isra.29+0x100/0x100 + netlink_rcv_skb+0xd2/0x110 + netlink_unicast+0x17c/0x230 + netlink_sendmsg+0x2cd/0x3c0 + sock_sendmsg+0x30/0x40 + ___sys_sendmsg+0x27a/0x290 + ? mem_cgroup_commit_charge+0x80/0x130 + ? page_add_new_anon_rmap+0x73/0xc0 + ? do_anonymous_page+0x2a2/0x560 + ? __handle_mm_fault+0xc75/0xe20 + __sys_sendmsg+0x58/0xa0 + do_syscall_64+0x6e/0x1a0 + entry_SYSCALL_64_after_hwframe+0x3d/0xa2 + RIP: 0033:0x7fcb2e58eba0 + RSP: 002b:00007ffc93c496c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e + RAX: ffffffffffffffda RBX: 00007ffc93c497f0 RCX: 00007fcb2e58eba0 + RDX: 0000000000000000 RSI: 00007ffc93c49740 RDI: 0000000000000003 + RBP: 000000005ac6a646 R08: 0000000000000002 R09: 0000000000000000 + R10: 00007ffc93c49120 R11: 0000000000000246 R12: 0000000000000000 + R13: 00007ffc93c49804 R14: 0000000000000001 R15: 000000000066afa0 + Code: 5f 00 48 8b 43 20 48 c7 c7 70 2f 7c b8 c7 40 10 00 00 00 00 5b e9 a5 8b 61 00 0f 1f 44 00 00 0f 1f 44 00 00 41 54 55 48 89 fd 53 <48> 8b 47 20 f0 ff 08 74 05 5b 5d 41 5c c3 41 89 f4 0f 1f 44 00 + RIP: __bpf_prog_put+0xc/0xc0 RSP: ffff9594003ef728 + CR2: 0000000000000020 + +Fix it in tcf_bpf_cfg_cleanup(), ensuring that bpf_prog_{put,destroy}(f) +is called only when f is not NULL. + +Fixes: bbc09e7842a5 ("net/sched: fix idr leak on the error path of tcf_bpf_init()") +Reported-by: Lucas Bates <luc...@mojatatu.com> +Signed-off-by: Davide Caratti <dcara...@redhat.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/sched/act_bpf.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c +index 9d2cabf1dc7e..f3eee5326307 100644 +--- a/net/sched/act_bpf.c ++++ b/net/sched/act_bpf.c +@@ -248,10 +248,14 @@ static int tcf_bpf_init_from_efd(struct nlattr **tb, struct tcf_bpf_cfg *cfg) + + static void tcf_bpf_cfg_cleanup(const struct tcf_bpf_cfg *cfg) + { +- if (cfg->is_ebpf) +- bpf_prog_put(cfg->filter); +- else +- bpf_prog_destroy(cfg->filter); ++ struct bpf_prog *filter = cfg->filter; ++ ++ if (filter) { ++ if (cfg->is_ebpf) ++ bpf_prog_put(filter); ++ else ++ bpf_prog_destroy(filter); ++ } + + kfree(cfg->bpf_ops); + kfree(cfg->bpf_name); +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-006-pptp-remove-a-buggy-dst-release-in-pptp_connec.patch new/patches.kernel.org/4.16.2-006-pptp-remove-a-buggy-dst-release-in-pptp_connec.patch --- old/patches.kernel.org/4.16.2-006-pptp-remove-a-buggy-dst-release-in-pptp_connec.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-006-pptp-remove-a-buggy-dst-release-in-pptp_connec.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,120 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Mon, 2 Apr 2018 18:48:37 -0700 +Subject: [PATCH] pptp: remove a buggy dst release in pptp_connect() +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: bfacfb457b36911a10140b8cb3ce76a74883ac5a + +[ Upstream commit bfacfb457b36911a10140b8cb3ce76a74883ac5a ] + +Once dst has been cached in socket via sk_setup_caps(), +it is illegal to call ip_rt_put() (or dst_release()), +since sk_setup_caps() did not change dst refcount. + +We can still dereference it since we hold socket lock. + +Caugth by syzbot : + +BUG: KASAN: use-after-free in atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] +BUG: KASAN: use-after-free in dst_release+0x27/0xa0 net/core/dst.c:185 +Write of size 4 at addr ffff8801c54dc040 by task syz-executor4/20088 + +CPU: 1 PID: 20088 Comm: syz-executor4 Not tainted 4.16.0+ #376 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:17 [inline] + dump_stack+0x1a7/0x27d lib/dump_stack.c:53 + print_address_description+0x73/0x250 mm/kasan/report.c:256 + kasan_report_error mm/kasan/report.c:354 [inline] + kasan_report+0x23c/0x360 mm/kasan/report.c:412 + check_memory_region_inline mm/kasan/kasan.c:260 [inline] + check_memory_region+0x137/0x190 mm/kasan/kasan.c:267 + kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 + atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] + dst_release+0x27/0xa0 net/core/dst.c:185 + sk_dst_set include/net/sock.h:1812 [inline] + sk_dst_reset include/net/sock.h:1824 [inline] + sock_setbindtodevice net/core/sock.c:610 [inline] + sock_setsockopt+0x431/0x1b20 net/core/sock.c:707 + SYSC_setsockopt net/socket.c:1845 [inline] + SyS_setsockopt+0x2ff/0x360 net/socket.c:1828 + do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x42/0xb7 +RIP: 0033:0x4552d9 +RSP: 002b:00007f4878126c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 +RAX: ffffffffffffffda RBX: 00007f48781276d4 RCX: 00000000004552d9 +RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000013 +RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 +R10: 00000000200010c0 R11: 0000000000000246 R12: 00000000ffffffff +R13: 0000000000000526 R14: 00000000006fac30 R15: 0000000000000000 + +Allocated by task 20088: + save_stack+0x43/0xd0 mm/kasan/kasan.c:447 + set_track mm/kasan/kasan.c:459 [inline] + kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 + kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489 + kmem_cache_alloc+0x12e/0x760 mm/slab.c:3542 + dst_alloc+0x11f/0x1a0 net/core/dst.c:104 + rt_dst_alloc+0xe9/0x540 net/ipv4/route.c:1520 + __mkroute_output net/ipv4/route.c:2265 [inline] + ip_route_output_key_hash_rcu+0xa49/0x2c60 net/ipv4/route.c:2493 + ip_route_output_key_hash+0x20b/0x370 net/ipv4/route.c:2322 + __ip_route_output_key include/net/route.h:126 [inline] + ip_route_output_flow+0x26/0xa0 net/ipv4/route.c:2577 + ip_route_output_ports include/net/route.h:163 [inline] + pptp_connect+0xa84/0x1170 drivers/net/ppp/pptp.c:453 + SYSC_connect+0x213/0x4a0 net/socket.c:1639 + SyS_connect+0x24/0x30 net/socket.c:1620 + do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x42/0xb7 + +Freed by task 20082: + save_stack+0x43/0xd0 mm/kasan/kasan.c:447 + set_track mm/kasan/kasan.c:459 [inline] + __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:520 + kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:527 + __cache_free mm/slab.c:3486 [inline] + kmem_cache_free+0x83/0x2a0 mm/slab.c:3744 + dst_destroy+0x266/0x380 net/core/dst.c:140 + dst_destroy_rcu+0x16/0x20 net/core/dst.c:153 + __rcu_reclaim kernel/rcu/rcu.h:178 [inline] + rcu_do_batch kernel/rcu/tree.c:2675 [inline] + invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] + __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] + rcu_process_callbacks+0xd6c/0x17b0 kernel/rcu/tree.c:2914 + __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 + +The buggy address belongs to the object at ffff8801c54dc000 + which belongs to the cache ip_dst_cache of size 168 +The buggy address is located 64 bytes inside of + 168-byte region [ffff8801c54dc000, ffff8801c54dc0a8) +The buggy address belongs to the page: +page:ffffea0007153700 count:1 mapcount:0 mapping:ffff8801c54dc000 index:0x0 +flags: 0x2fffc0000000100(slab) +raw: 02fffc0000000100 ffff8801c54dc000 0000000000000000 0000000100000010 +raw: ffffea0006b34b20 ffffea0006b6c1e0 ffff8801d674a1c0 0000000000000000 +page dumped because: kasan: bad access detected + +Signed-off-by: Eric Dumazet <eduma...@google.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/net/ppp/pptp.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c +index 6dde9a0cfe76..9b70a3af678e 100644 +--- a/drivers/net/ppp/pptp.c ++++ b/drivers/net/ppp/pptp.c +@@ -464,7 +464,6 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr, + po->chan.mtu = dst_mtu(&rt->dst); + if (!po->chan.mtu) + po->chan.mtu = PPP_MRU; +- ip_rt_put(rt); + po->chan.mtu -= PPTP_HEADER_OVERHEAD; + + po->chan.hdrlen = 2 + sizeof(struct pptp_gre_header); +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-007-sctp-do-not-leak-kernel-memory-to-user-space.patch new/patches.kernel.org/4.16.2-007-sctp-do-not-leak-kernel-memory-to-user-space.patch --- old/patches.kernel.org/4.16.2-007-sctp-do-not-leak-kernel-memory-to-user-space.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-007-sctp-do-not-leak-kernel-memory-to-user-space.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,100 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Sat, 7 Apr 2018 17:15:22 -0700 +Subject: [PATCH] sctp: do not leak kernel memory to user space +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 6780db244d6b1537d139dea0ec8aad10cf9e4adb + +[ Upstream commit 6780db244d6b1537d139dea0ec8aad10cf9e4adb ] + +syzbot produced a nice report [1] + +Issue here is that a recvmmsg() managed to leak 8 bytes of kernel memory +to user space, because sin_zero (padding field) was not properly cleared. + +[1] +BUG: KMSAN: uninit-value in copy_to_user include/linux/uaccess.h:184 [inline] +BUG: KMSAN: uninit-value in move_addr_to_user+0x32e/0x530 net/socket.c:227 +CPU: 1 PID: 3586 Comm: syzkaller481044 Not tainted 4.16.0+ #82 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:17 [inline] + dump_stack+0x185/0x1d0 lib/dump_stack.c:53 + kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 + kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 + kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 + copy_to_user include/linux/uaccess.h:184 [inline] + move_addr_to_user+0x32e/0x530 net/socket.c:227 + ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 + __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 + SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 + SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 + do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x3d/0xa2 +RIP: 0033:0x4401c9 +RSP: 002b:00007ffc56f73098 EFLAGS: 00000217 ORIG_RAX: 000000000000012b +RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401c9 +RDX: 0000000000000001 RSI: 0000000020003ac0 RDI: 0000000000000003 +RBP: 00000000006ca018 R08: 0000000020003bc0 R09: 0000000000000010 +R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401af0 +R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 + +Local variable description: ----addr@___sys_recvmsg +Variable was created at: + ___sys_recvmsg+0xd5/0x810 net/socket.c:2172 + __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 + +Bytes 8-15 of 16 are uninitialized + +================================================================== +Kernel panic - not syncing: panic_on_warn set ... + +CPU: 1 PID: 3586 Comm: syzkaller481044 Tainted: G B 4.16.0+ #82 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:17 [inline] + dump_stack+0x185/0x1d0 lib/dump_stack.c:53 + panic+0x39d/0x940 kernel/panic.c:183 + kmsan_report+0x238/0x240 mm/kmsan/kmsan.c:1083 + kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 + kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 + copy_to_user include/linux/uaccess.h:184 [inline] + move_addr_to_user+0x32e/0x530 net/socket.c:227 + ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 + __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 + SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 + SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 + do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x3d/0xa2 + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Eric Dumazet <eduma...@google.com> +Cc: Vlad Yasevich <vyasev...@gmail.com> +Cc: Neil Horman <nhor...@tuxdriver.com> +Reported-by: syzbot <syzkal...@googlegroups.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/sctp/ipv6.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c +index e35d4f73d2df..f6d3d0c1e133 100644 +--- a/net/sctp/ipv6.c ++++ b/net/sctp/ipv6.c +@@ -728,8 +728,10 @@ static int sctp_v6_addr_to_user(struct sctp_sock *sp, union sctp_addr *addr) + sctp_v6_map_v4(addr); + } + +- if (addr->sa.sa_family == AF_INET) ++ if (addr->sa.sa_family == AF_INET) { ++ memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); + return sizeof(struct sockaddr_in); ++ } + return sizeof(struct sockaddr_in6); + } + +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-008-sctp-sctp_sockaddr_af-must-check-minimal-addr-.patch new/patches.kernel.org/4.16.2-008-sctp-sctp_sockaddr_af-must-check-minimal-addr-.patch --- old/patches.kernel.org/4.16.2-008-sctp-sctp_sockaddr_af-must-check-minimal-addr-.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-008-sctp-sctp_sockaddr_af-must-check-minimal-addr-.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,82 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Sun, 8 Apr 2018 07:52:08 -0700 +Subject: [PATCH] sctp: sctp_sockaddr_af must check minimal addr length for + AF_INET6 +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 81e98370293afcb58340ce8bd71af7b97f925c26 + +[ Upstream commit 81e98370293afcb58340ce8bd71af7b97f925c26 ] + +Check must happen before call to ipv6_addr_v4mapped() + +syzbot report was : + +BUG: KMSAN: uninit-value in sctp_sockaddr_af net/sctp/socket.c:359 [inline] +BUG: KMSAN: uninit-value in sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 +CPU: 0 PID: 3576 Comm: syzkaller968804 Not tainted 4.16.0+ #82 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:17 [inline] + dump_stack+0x185/0x1d0 lib/dump_stack.c:53 + kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 + __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 + sctp_sockaddr_af net/sctp/socket.c:359 [inline] + sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 + sctp_bind+0x149/0x190 net/sctp/socket.c:332 + inet6_bind+0x1fd/0x1820 net/ipv6/af_inet6.c:293 + SYSC_bind+0x3f2/0x4b0 net/socket.c:1474 + SyS_bind+0x54/0x80 net/socket.c:1460 + do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x3d/0xa2 +RIP: 0033:0x43fd49 +RSP: 002b:00007ffe99df3d28 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 +RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd49 +RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 +RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 +R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401670 +R13: 0000000000401700 R14: 0000000000000000 R15: 0000000000000000 + +Local variable description: ----address@SYSC_bind +Variable was created at: + SYSC_bind+0x6f/0x4b0 net/socket.c:1461 + SyS_bind+0x54/0x80 net/socket.c:1460 + +Signed-off-by: Eric Dumazet <eduma...@google.com> +Cc: Vlad Yasevich <vyasev...@gmail.com> +Cc: Neil Horman <nhor...@tuxdriver.com> +Reported-by: syzbot <syzkal...@googlegroups.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/sctp/socket.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index bf271f8c2dc9..7160c2e9b768 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -354,11 +354,14 @@ static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt, + if (!opt->pf->af_supported(addr->sa.sa_family, opt)) + return NULL; + +- /* V4 mapped address are really of AF_INET family */ +- if (addr->sa.sa_family == AF_INET6 && +- ipv6_addr_v4mapped(&addr->v6.sin6_addr) && +- !opt->pf->af_supported(AF_INET, opt)) +- return NULL; ++ if (addr->sa.sa_family == AF_INET6) { ++ if (len < SIN6_LEN_RFC2133) ++ return NULL; ++ /* V4 mapped address are really of AF_INET family */ ++ if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) && ++ !opt->pf->af_supported(AF_INET, opt)) ++ return NULL; ++ } + + /* If we get this far, af is valid. */ + af = sctp_get_af_specific(addr->sa.sa_family); +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-009-sky2-Increase-D3-delay-to-sky2-stops-working-a.patch new/patches.kernel.org/4.16.2-009-sky2-Increase-D3-delay-to-sky2-stops-working-a.patch --- old/patches.kernel.org/4.16.2-009-sky2-Increase-D3-delay-to-sky2-stops-working-a.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-009-sky2-Increase-D3-delay-to-sky2-stops-working-a.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,41 @@ +From: Kai-Heng Feng <kai.heng.f...@canonical.com> +Date: Sat, 31 Mar 2018 23:42:03 +0800 +Subject: [PATCH] sky2: Increase D3 delay to sky2 stops working after suspend +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: afb133637071be6deeb8b3d0e55593ffbf63c527 + +[ Upstream commit afb133637071be6deeb8b3d0e55593ffbf63c527 ] + +The sky2 ethernet stops working after system resume from suspend: +[ 582.852065] sky2 0000:04:00.0: Refused to change power state, currently in D3 + +The current 150ms delay is not enough, change it to 200ms can solve the +issue. + +BugLink: https://bugs.launchpad.net/bugs/1758507 +Cc: Stable <sta...@vger.kernel.org> +Signed-off-by: Kai-Heng Feng <kai.heng.f...@canonical.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/net/ethernet/marvell/sky2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c +index 9fe85300e7b6..5754116a6a4d 100644 +--- a/drivers/net/ethernet/marvell/sky2.c ++++ b/drivers/net/ethernet/marvell/sky2.c +@@ -5087,7 +5087,7 @@ static int sky2_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + INIT_WORK(&hw->restart_work, sky2_restart); + + pci_set_drvdata(pdev, hw); +- pdev->d3_delay = 150; ++ pdev->d3_delay = 200; + + return 0; + +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-010-vlan-also-check-phy_driver-ts_info-for-vlan-s-.patch new/patches.kernel.org/4.16.2-010-vlan-also-check-phy_driver-ts_info-for-vlan-s-.patch --- old/patches.kernel.org/4.16.2-010-vlan-also-check-phy_driver-ts_info-for-vlan-s-.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-010-vlan-also-check-phy_driver-ts_info-for-vlan-s-.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,50 @@ +From: Hangbin Liu <liuhang...@gmail.com> +Date: Fri, 30 Mar 2018 09:44:00 +0800 +Subject: [PATCH] vlan: also check phy_driver ts_info for vlan's real device +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: ec1d8ccb07deaf30fd0508af6755364ac47dc08d + +[ Upstream commit ec1d8ccb07deaf30fd0508af6755364ac47dc08d ] + +Just like function ethtool_get_ts_info(), we should also consider the +phy_driver ts_info call back. For example, driver dp83640. + +Fixes: 37dd9255b2f6 ("vlan: Pass ethtool get_ts_info queries to real device.") +Acked-by: Richard Cochran <richardcoch...@gmail.com> +Signed-off-by: Hangbin Liu <liuhang...@gmail.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/8021q/vlan_dev.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c +index f7e83f6d2e64..236452ebbd9e 100644 +--- a/net/8021q/vlan_dev.c ++++ b/net/8021q/vlan_dev.c +@@ -29,6 +29,7 @@ + #include <linux/net_tstamp.h> + #include <linux/etherdevice.h> + #include <linux/ethtool.h> ++#include <linux/phy.h> + #include <net/arp.h> + #include <net/switchdev.h> + +@@ -665,8 +666,11 @@ static int vlan_ethtool_get_ts_info(struct net_device *dev, + { + const struct vlan_dev_priv *vlan = vlan_dev_priv(dev); + const struct ethtool_ops *ops = vlan->real_dev->ethtool_ops; ++ struct phy_device *phydev = vlan->real_dev->phydev; + +- if (ops->get_ts_info) { ++ if (phydev && phydev->drv && phydev->drv->ts_info) { ++ return phydev->drv->ts_info(phydev, info); ++ } else if (ops->get_ts_info) { + return ops->get_ts_info(vlan->real_dev, info); + } else { + info->so_timestamping = SOF_TIMESTAMPING_RX_SOFTWARE | +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-011-net-fool-proof-dev_valid_name.patch new/patches.kernel.org/4.16.2-011-net-fool-proof-dev_valid_name.patch --- old/patches.kernel.org/4.16.2-011-net-fool-proof-dev_valid_name.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-011-net-fool-proof-dev_valid_name.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,37 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Thu, 5 Apr 2018 06:39:26 -0700 +Subject: [PATCH] net: fool proof dev_valid_name() +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: a9d48205d0aedda021fc3728972a9e9934c2b9de + +[ Upstream commit a9d48205d0aedda021fc3728972a9e9934c2b9de ] + +We want to use dev_valid_name() to validate tunnel names, +so better use strnlen(name, IFNAMSIZ) than strlen(name) to make +sure to not upset KASAN. + +Signed-off-by: Eric Dumazet <eduma...@google.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/core/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/core/dev.c b/net/core/dev.c +index ef0cc6ea5f8d..c4aa2941dbfd 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -1027,7 +1027,7 @@ bool dev_valid_name(const char *name) + { + if (*name == '\0') + return false; +- if (strlen(name) >= IFNAMSIZ) ++ if (strnlen(name, IFNAMSIZ) == IFNAMSIZ) + return false; + if (!strcmp(name, ".") || !strcmp(name, "..")) + return false; +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-012-ip_tunnel-better-validate-user-provided-tunnel.patch new/patches.kernel.org/4.16.2-012-ip_tunnel-better-validate-user-provided-tunnel.patch --- old/patches.kernel.org/4.16.2-012-ip_tunnel-better-validate-user-provided-tunnel.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-012-ip_tunnel-better-validate-user-provided-tunnel.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,83 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Thu, 5 Apr 2018 06:39:27 -0700 +Subject: [PATCH] ip_tunnel: better validate user provided tunnel names +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 9cb726a212a82c88c98aa9f0037fd04777cd8fe5 + +[ Upstream commit 9cb726a212a82c88c98aa9f0037fd04777cd8fe5 ] + +Use dev_valid_name() to make sure user does not provide illegal +device name. + +syzbot caught the following bug : + +BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] +BUG: KASAN: stack-out-of-bounds in __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 +Write of size 20 at addr ffff8801ac79f810 by task syzkaller268107/4482 + +CPU: 0 PID: 4482 Comm: syzkaller268107 Not tainted 4.16.0+ #1 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:17 [inline] + dump_stack+0x1b9/0x29f lib/dump_stack.c:53 + print_address_description+0x6c/0x20b mm/kasan/report.c:256 + kasan_report_error mm/kasan/report.c:354 [inline] + kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 + check_memory_region_inline mm/kasan/kasan.c:260 [inline] + check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 + memcpy+0x37/0x50 mm/kasan/kasan.c:303 + strlcpy include/linux/string.h:300 [inline] + __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 + ip_tunnel_create net/ipv4/ip_tunnel.c:352 [inline] + ip_tunnel_ioctl+0x818/0xd40 net/ipv4/ip_tunnel.c:861 + ipip_tunnel_ioctl+0x1c5/0x420 net/ipv4/ipip.c:350 + dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 + dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 + sock_ioctl+0x47e/0x680 net/socket.c:1015 + vfs_ioctl fs/ioctl.c:46 [inline] + file_ioctl fs/ioctl.c:500 [inline] + do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 + ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 + SYSC_ioctl fs/ioctl.c:708 [inline] + SyS_ioctl+0x24/0x30 fs/ioctl.c:706 + do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x42/0xb7 + +Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") +Signed-off-by: Eric Dumazet <eduma...@google.com> +Reported-by: syzbot <syzkal...@googlegroups.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/ipv4/ip_tunnel.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c +index a7fd1c5a2a14..57478d68248d 100644 +--- a/net/ipv4/ip_tunnel.c ++++ b/net/ipv4/ip_tunnel.c +@@ -253,13 +253,14 @@ static struct net_device *__ip_tunnel_create(struct net *net, + struct net_device *dev; + char name[IFNAMSIZ]; + +- if (parms->name[0]) ++ err = -E2BIG; ++ if (parms->name[0]) { ++ if (!dev_valid_name(parms->name)) ++ goto failed; + strlcpy(name, parms->name, IFNAMSIZ); +- else { +- if (strlen(ops->kind) > (IFNAMSIZ - 3)) { +- err = -E2BIG; ++ } else { ++ if (strlen(ops->kind) > (IFNAMSIZ - 3)) + goto failed; +- } + strlcpy(name, ops->kind, IFNAMSIZ); + strncat(name, "%d", 2); + } +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-013-ipv6-sit-better-validate-user-provided-tunnel-.patch new/patches.kernel.org/4.16.2-013-ipv6-sit-better-validate-user-provided-tunnel-.patch --- old/patches.kernel.org/4.16.2-013-ipv6-sit-better-validate-user-provided-tunnel-.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-013-ipv6-sit-better-validate-user-provided-tunnel-.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,78 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Thu, 5 Apr 2018 06:39:28 -0700 +Subject: [PATCH] ipv6: sit: better validate user provided tunnel names +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: b95211e066fc3494b7c115060b2297b4ba21f025 + +[ Upstream commit b95211e066fc3494b7c115060b2297b4ba21f025 ] + +Use dev_valid_name() to make sure user does not provide illegal +device name. + +syzbot caught the following bug : + +BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] +BUG: KASAN: stack-out-of-bounds in ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 +Write of size 33 at addr ffff8801b64076d8 by task syzkaller932654/4453 + +CPU: 0 PID: 4453 Comm: syzkaller932654 Not tainted 4.16.0+ #1 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:17 [inline] + dump_stack+0x1b9/0x29f lib/dump_stack.c:53 + print_address_description+0x6c/0x20b mm/kasan/report.c:256 + kasan_report_error mm/kasan/report.c:354 [inline] + kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 + check_memory_region_inline mm/kasan/kasan.c:260 [inline] + check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 + memcpy+0x37/0x50 mm/kasan/kasan.c:303 + strlcpy include/linux/string.h:300 [inline] + ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 + ipip6_tunnel_ioctl+0xe71/0x241b net/ipv6/sit.c:1221 + dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 + dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 + sock_ioctl+0x47e/0x680 net/socket.c:1015 + vfs_ioctl fs/ioctl.c:46 [inline] + file_ioctl fs/ioctl.c:500 [inline] + do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 + ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 + SYSC_ioctl fs/ioctl.c:708 [inline] + SyS_ioctl+0x24/0x30 fs/ioctl.c:706 + do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x42/0xb7 + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Eric Dumazet <eduma...@google.com> +Reported-by: syzbot <syzkal...@googlegroups.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/ipv6/sit.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c +index 0195598f7bb5..e85791854c87 100644 +--- a/net/ipv6/sit.c ++++ b/net/ipv6/sit.c +@@ -250,11 +250,13 @@ static struct ip_tunnel *ipip6_tunnel_locate(struct net *net, + if (!create) + goto failed; + +- if (parms->name[0]) ++ if (parms->name[0]) { ++ if (!dev_valid_name(parms->name)) ++ goto failed; + strlcpy(name, parms->name, IFNAMSIZ); +- else ++ } else { + strcpy(name, "sit%d"); +- ++ } + dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, + ipip6_tunnel_setup); + if (!dev) +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-014-ip6_gre-better-validate-user-provided-tunnel-n.patch new/patches.kernel.org/4.16.2-014-ip6_gre-better-validate-user-provided-tunnel-n.patch --- old/patches.kernel.org/4.16.2-014-ip6_gre-better-validate-user-provided-tunnel-n.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-014-ip6_gre-better-validate-user-provided-tunnel-n.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,78 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Thu, 5 Apr 2018 06:39:29 -0700 +Subject: [PATCH] ip6_gre: better validate user provided tunnel names +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 5f42df013b8bc1b6511af7a04bf93b014884ae2a + +[ Upstream commit 5f42df013b8bc1b6511af7a04bf93b014884ae2a ] + +Use dev_valid_name() to make sure user does not provide illegal +device name. + +syzbot caught the following bug : + +BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] +BUG: KASAN: stack-out-of-bounds in ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 +Write of size 20 at addr ffff8801afb9f7b8 by task syzkaller851048/4466 + +CPU: 1 PID: 4466 Comm: syzkaller851048 Not tainted 4.16.0+ #1 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:17 [inline] + dump_stack+0x1b9/0x29f lib/dump_stack.c:53 + print_address_description+0x6c/0x20b mm/kasan/report.c:256 + kasan_report_error mm/kasan/report.c:354 [inline] + kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 + check_memory_region_inline mm/kasan/kasan.c:260 [inline] + check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 + memcpy+0x37/0x50 mm/kasan/kasan.c:303 + strlcpy include/linux/string.h:300 [inline] + ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 + ip6gre_tunnel_ioctl+0x69d/0x12e0 net/ipv6/ip6_gre.c:1195 + dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 + dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 + sock_ioctl+0x47e/0x680 net/socket.c:1015 + vfs_ioctl fs/ioctl.c:46 [inline] + file_ioctl fs/ioctl.c:500 [inline] + do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 + ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 + SYSC_ioctl fs/ioctl.c:708 [inline] + SyS_ioctl+0x24/0x30 fs/ioctl.c:706 + do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 + entry_SYSCALL_64_after_hwframe+0x42/0xb7 + +Fixes: c12b395a4664 ("gre: Support GRE over IPv6") +Signed-off-by: Eric Dumazet <eduma...@google.com> +Reported-by: syzbot <syzkal...@googlegroups.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/ipv6/ip6_gre.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c +index 1bbd0930063e..197fcae855ca 100644 +--- a/net/ipv6/ip6_gre.c ++++ b/net/ipv6/ip6_gre.c +@@ -335,11 +335,13 @@ static struct ip6_tnl *ip6gre_tunnel_locate(struct net *net, + if (t || !create) + return t; + +- if (parms->name[0]) ++ if (parms->name[0]) { ++ if (!dev_valid_name(parms->name)) ++ return NULL; + strlcpy(name, parms->name, IFNAMSIZ); +- else ++ } else { + strcpy(name, "ip6gre%d"); +- ++ } + dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, + ip6gre_tunnel_setup); + if (!dev) +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-015-ip6_tunnel-better-validate-user-provided-tunne.patch new/patches.kernel.org/4.16.2-015-ip6_tunnel-better-validate-user-provided-tunne.patch --- old/patches.kernel.org/4.16.2-015-ip6_tunnel-better-validate-user-provided-tunne.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-015-ip6_tunnel-better-validate-user-provided-tunne.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,49 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Thu, 5 Apr 2018 06:39:30 -0700 +Subject: [PATCH] ip6_tunnel: better validate user provided tunnel names +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 + +[ Upstream commit db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 ] + +Use valid_name() to make sure user does not provide illegal +device name. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Eric Dumazet <eduma...@google.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/ipv6/ip6_tunnel.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c +index 6e0f21eed88a..179313b0926c 100644 +--- a/net/ipv6/ip6_tunnel.c ++++ b/net/ipv6/ip6_tunnel.c +@@ -297,13 +297,16 @@ static struct ip6_tnl *ip6_tnl_create(struct net *net, struct __ip6_tnl_parm *p) + struct net_device *dev; + struct ip6_tnl *t; + char name[IFNAMSIZ]; +- int err = -ENOMEM; ++ int err = -E2BIG; + +- if (p->name[0]) ++ if (p->name[0]) { ++ if (!dev_valid_name(p->name)) ++ goto failed; + strlcpy(name, p->name, IFNAMSIZ); +- else ++ } else { + sprintf(name, "ip6tnl%%d"); +- ++ } ++ err = -ENOMEM; + dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, + ip6_tnl_dev_setup); + if (!dev) +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-016-vti6-better-validate-user-provided-tunnel-name.patch new/patches.kernel.org/4.16.2-016-vti6-better-validate-user-provided-tunnel-name.patch --- old/patches.kernel.org/4.16.2-016-vti6-better-validate-user-provided-tunnel-name.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-016-vti6-better-validate-user-provided-tunnel-name.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,45 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Thu, 5 Apr 2018 06:39:31 -0700 +Subject: [PATCH] vti6: better validate user provided tunnel names +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 537b361fbcbcc3cd6fe2bb47069fd292b9256d16 + +[ Upstream commit 537b361fbcbcc3cd6fe2bb47069fd292b9256d16 ] + +Use valid_name() to make sure user does not provide illegal +device name. + +Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces") +Signed-off-by: Eric Dumazet <eduma...@google.com> +Cc: Steffen Klassert <steffen.klass...@secunet.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/ipv6/ip6_vti.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c +index ce18cd20389d..3726dc797847 100644 +--- a/net/ipv6/ip6_vti.c ++++ b/net/ipv6/ip6_vti.c +@@ -212,10 +212,13 @@ static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p + char name[IFNAMSIZ]; + int err; + +- if (p->name[0]) ++ if (p->name[0]) { ++ if (!dev_valid_name(p->name)) ++ goto failed; + strlcpy(name, p->name, IFNAMSIZ); +- else ++ } else { + sprintf(name, "ip6_vti%%d"); ++ } + + dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup); + if (!dev) +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-017-net_sched-fix-a-missing-idr_remove-in-u32_dele.patch new/patches.kernel.org/4.16.2-017-net_sched-fix-a-missing-idr_remove-in-u32_dele.patch --- old/patches.kernel.org/4.16.2-017-net_sched-fix-a-missing-idr_remove-in-u32_dele.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-017-net_sched-fix-a-missing-idr_remove-in-u32_dele.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,38 @@ +From: Cong Wang <xiyou.wangc...@gmail.com> +Date: Fri, 6 Apr 2018 17:19:41 -0700 +Subject: [PATCH] net_sched: fix a missing idr_remove() in u32_delete_key() +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: f12c643209db0626f2f54780d86bb93bfa7a9c2d + +[ Upstream commit f12c643209db0626f2f54780d86bb93bfa7a9c2d ] + +When we delete a u32 key via u32_delete_key(), we forget to +call idr_remove() to remove its handle from IDR. + +Fixes: e7614370d6f0 ("net_sched: use idr to allocate u32 filter handles") +Reported-by: Marcin Kabiesz <ad...@hostcenter.eu> +Tested-by: Marcin Kabiesz <ad...@hostcenter.eu> +Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + net/sched/cls_u32.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c +index ed8b6a24b9e9..bac47b5d18fd 100644 +--- a/net/sched/cls_u32.c ++++ b/net/sched/cls_u32.c +@@ -489,6 +489,7 @@ static int u32_delete_key(struct tcf_proto *tp, struct tc_u_knode *key) + RCU_INIT_POINTER(*kp, key->next); + + tcf_unbind_filter(tp, &key->res); ++ idr_remove(&ht->handle_idr, key->handle); + tcf_exts_get_net(&key->exts); + call_rcu(&key->rcu, u32_delete_key_freepf_rcu); + return 0; +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-018-nfp-use-full-40-bits-of-the-NSP-buffer-address.patch new/patches.kernel.org/4.16.2-018-nfp-use-full-40-bits-of-the-NSP-buffer-address.patch --- old/patches.kernel.org/4.16.2-018-nfp-use-full-40-bits-of-the-NSP-buffer-address.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-018-nfp-use-full-40-bits-of-the-NSP-buffer-address.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,67 @@ +From: Dirk van der Merwe <dirk.vanderme...@netronome.com> +Date: Tue, 3 Apr 2018 17:24:23 -0700 +Subject: [PATCH] nfp: use full 40 bits of the NSP buffer address +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 1489bbd10e16079ce30a53d3c22a431fd47af791 + +[ Upstream commit 1489bbd10e16079ce30a53d3c22a431fd47af791 ] + +The NSP default buffer is a piece of NFP memory where additional +command data can be placed. Its format has been copied from +host buffer, but the PCIe selection bits do not make sense in +this case. If those get masked out from a NFP address - writes +to random place in the chip memory may be issued and crash the +device. + +Even in the general NSP buffer case, it doesn't make sense to have the +PCIe selection bits there anymore. These are unused at the moment, and +when it becomes necessary, the PCIe selection bits should rather be +moved to another register to utilise more bits for the buffer address. + +This has never been an issue because the buffer used to be +allocated in memory with less-than-38-bit-long address but that +is about to change. + +Fixes: 1a64821c6af7 ("nfp: add support for service processor access") +Signed-off-by: Dirk van der Merwe <dirk.vanderme...@netronome.com> +Reviewed-by: Jakub Kicinski <jakub.kicin...@netronome.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c +index 39abac678b71..99bb679a9801 100644 +--- a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c ++++ b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c +@@ -71,10 +71,11 @@ + /* CPP address to retrieve the data from */ + #define NSP_BUFFER 0x10 + #define NSP_BUFFER_CPP GENMASK_ULL(63, 40) +-#define NSP_BUFFER_PCIE GENMASK_ULL(39, 38) +-#define NSP_BUFFER_ADDRESS GENMASK_ULL(37, 0) ++#define NSP_BUFFER_ADDRESS GENMASK_ULL(39, 0) + + #define NSP_DFLT_BUFFER 0x18 ++#define NSP_DFLT_BUFFER_CPP GENMASK_ULL(63, 40) ++#define NSP_DFLT_BUFFER_ADDRESS GENMASK_ULL(39, 0) + + #define NSP_DFLT_BUFFER_CONFIG 0x20 + #define NSP_DFLT_BUFFER_SIZE_MB GENMASK_ULL(7, 0) +@@ -427,8 +428,8 @@ __nfp_nsp_command_buf(struct nfp_nsp *nsp, u16 code, u32 option, + if (err < 0) + return err; + +- cpp_id = FIELD_GET(NSP_BUFFER_CPP, reg) << 8; +- cpp_buf = FIELD_GET(NSP_BUFFER_ADDRESS, reg); ++ cpp_id = FIELD_GET(NSP_DFLT_BUFFER_CPP, reg) << 8; ++ cpp_buf = FIELD_GET(NSP_DFLT_BUFFER_ADDRESS, reg); + + if (in_buf && in_size) { + err = nfp_cpp_write(cpp, cpp_id, cpp_buf, in_buf, in_size); +-- +2.16.3 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/4.16.2-019-Linux-4.16.2.patch new/patches.kernel.org/4.16.2-019-Linux-4.16.2.patch --- old/patches.kernel.org/4.16.2-019-Linux-4.16.2.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/4.16.2-019-Linux-4.16.2.patch 2018-04-12 14:50:53.000000000 +0200 @@ -0,0 +1,28 @@ +From: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Date: Thu, 12 Apr 2018 12:30:01 +0200 +Subject: [PATCH] Linux 4.16.2 +References: bnc#1012628 +Patch-mainline: 4.16.2 +Git-commit: 216f33936eaa006a8b4f5bb992592e34f6432fc2 + +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 1773c718074e..f0040b05df30 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 16 +-SUBLEVEL = 1 ++SUBLEVEL = 2 + EXTRAVERSION = + NAME = Fearless Coyote + +-- +2.16.3 + ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/apparmor-check-all-net-profiles.patch new/patches.suse/apparmor-check-all-net-profiles.patch --- old/patches.suse/apparmor-check-all-net-profiles.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/apparmor-check-all-net-profiles.patch 2018-04-12 12:43:52.000000000 +0200 @@ -0,0 +1,97 @@ +From: Goldwyn Rodrigues <rgold...@suse.com> +Subject: [PATCH] Check all profiles attached to the label +Patch-mainline: Never, depends on apparmor-basic-networking-rules +References: bsc#1085996 + +This one fixes patches.suse/0001-AppArmor-basic-networking-rules.patch + +While porting apparmor net patch to the newer kernel, I missed on +iterating over the profiles attached to the labels and used +labels_profile(). This missed checking the rest of the profiles attached +to the label. + +While we are at it, use wrapper function begin_current_label_crit_section() +as opposed to the __begin_current_label_crit_section(). + +Signed-off-by: Goldwyn Rodrigues <rgold...@suse.com> + +diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h +index 6710a5369380..580232f20047 100644 +--- a/security/apparmor/include/net.h ++++ b/security/apparmor/include/net.h +@@ -32,7 +32,7 @@ struct aa_net { + + extern struct aa_sfs_entry aa_sfs_entry_network[]; + +-int aa_net_perm(const char *op, struct aa_profile *profile, u16 family, ++int aa_label_net_perm(struct aa_label *label, const char *op, u16 family, + int type, int protocol, struct sock *sk); + int aa_revalidate_sk(const char *op, struct sock *sk); + +diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c +index e62b06241476..0007fb2eed29 100644 +--- a/security/apparmor/lsm.c ++++ b/security/apparmor/lsm.c +@@ -745,11 +745,11 @@ static int apparmor_socket_create(int family, int type, int protocol, int kern) + if (kern) + return 0; + +- label = __begin_current_label_crit_section(); ++ label = begin_current_label_crit_section(); + if (!unconfined(label)) +- error = aa_net_perm(OP_CREATE, labels_profile(label), ++ error = aa_label_net_perm(label, OP_CREATE, + family, type, protocol, NULL); +- __end_current_label_crit_section(label); ++ end_current_label_crit_section(label); + return error; + } + +diff --git a/security/apparmor/net.c b/security/apparmor/net.c +index 48e66a61b9c6..95d6e3b9c71d 100644 +--- a/security/apparmor/net.c ++++ b/security/apparmor/net.c +@@ -114,7 +114,7 @@ static int audit_net(struct aa_profile *profile, const char *op, + * + * Returns: %0 else error if permission denied + */ +-int aa_net_perm(const char *op, struct aa_profile *profile, u16 family, ++static int aa_net_perm(const char *op, struct aa_profile *profile, u16 family, + int type, int protocol, struct sock *sk) + { + u16 family_mask; +@@ -137,6 +137,18 @@ int aa_net_perm(const char *op, struct aa_profile *profile, u16 family, + return audit_net(profile, op, family, type, protocol, sk, error); + } + ++int aa_label_net_perm(struct aa_label *label, const char *op, u16 family, ++ int type, int protocol, struct sock *sk) ++{ ++ struct aa_profile *profile; ++ ++ if (!unconfined(label)) ++ return 0; ++ ++ return fn_for_each_confined(label, profile, ++ aa_net_perm(op, profile, family, type, protocol, sk)); ++} ++ + /** + * aa_revalidate_sk - Revalidate access to a sock + * @op: operation being checked +@@ -155,11 +167,10 @@ int aa_revalidate_sk(const char *op, struct sock *sk) + if (in_interrupt()) + return 0; + +- label = __begin_current_label_crit_section(); +- if (!unconfined(label)) +- error = aa_net_perm(op, labels_profile(label), sk->sk_family, +- sk->sk_type, sk->sk_protocol, sk); +- __end_current_label_crit_section(label); ++ label = begin_current_label_crit_section(); ++ error = aa_label_net_perm(label, op, sk->sk_family, sk->sk_type, ++ sk->sk_protocol, sk); ++ end_current_label_crit_section(label); + + return error; + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/media-v4l2-core-fix-size-of-devnode_nums-bitarray.patch new/patches.suse/media-v4l2-core-fix-size-of-devnode_nums-bitarray.patch --- old/patches.suse/media-v4l2-core-fix-size-of-devnode_nums-bitarray.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/media-v4l2-core-fix-size-of-devnode_nums-bitarray.patch 2018-04-12 12:43:52.000000000 +0200 @@ -0,0 +1,261 @@ +From a95845ba184b854106972f5d8f50354c2d272c06 Mon Sep 17 00:00:00 2001 +From: Mauro Carvalho Chehab <mche...@s-opensource.com> +Date: Thu, 5 Apr 2018 06:51:15 -0300 +Subject: [PATCH] media: v4l2-core: fix size of devnode_nums[] bitarray +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: a95845ba184b854106972f5d8f50354c2d272c06 +Git-repo: git://linuxtv.org/mchehab/media-next.git +Patch-mainline: Queued in subsystem maintainer repo +References: bsc#1088640 + +The size of devnode_nums[] bit array is too short to store information +for VFL_TYPE_TOUCH. That causes it to override other memory regions. + +Thankfully, on recent reports, it is overriding video_device[] array, +trigging a WARN_ON(). Yet, it just warns about the problem, but let +the code excecuting, with generates an OOPS: + +[ 43.177394] WARNING: CPU: 1 PID: 711 at drivers/media/v4l2-core/v4l2-dev.c:945 __video_register_device+0xc99/0x1090 [videodev] +[ 43.177396] Modules linked in: hid_sensor_custom hid_sensor_als hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul +[ 43.177426] crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd snd_timer intel_cstate intel_rapl_perf input_leds serio_raw intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect +[ 43.177466] sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video pinctrl_sunrisepoint pinctrl_intel +[ 43.177474] CPU: 1 PID: 711 Comm: systemd-udevd Not tainted 4.16.0 #1 +[ 43.177475] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016 +[ 43.177481] RIP: 0010:__video_register_device+0xc99/0x1090 [videodev] +[ 43.177482] RSP: 0000:ffffa5c5c231b420 EFLAGS: 00010202 +[ 43.177484] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000 +[ 43.177485] RDX: ffffffffc0c44cc0 RSI: ffffffffffffffff RDI: ffffffffc0c44cc0 +[ 43.177486] RBP: ffffa5c5c231b478 R08: ffffffffc0c96900 R09: ffff8eda1a51f018 +[ 43.177487] R10: 0000000000000600 R11: 00000000000003b6 R12: 0000000000000000 +[ 43.177488] R13: 0000000000000005 R14: ffffffffc0c96900 R15: ffff8eda1d6d91c0 +[ 43.177489] FS: 00007fd2d8ef2480(0000) GS:ffff8eda33480000(0000) knlGS:0000000000000000 +[ 43.177490] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 43.177491] CR2: 00007ffe0a6ad01c CR3: 0000000456ae2004 CR4: 00000000003606e0 +[ 43.177492] Call Trace: +[ 43.177498] ? devres_add+0x5f/0x70 +[ 43.177502] rmi_f54_probe+0x437/0x470 [rmi_core] +[ 43.177505] rmi_function_probe+0x25/0x30 [rmi_core] +[ 43.177507] driver_probe_device+0x310/0x480 +[ 43.177509] __device_attach_driver+0x86/0x100 +[ 43.177511] ? __driver_attach+0xf0/0xf0 +[ 43.177512] bus_for_each_drv+0x6b/0xb0 +[ 43.177514] __device_attach+0xdd/0x160 +[ 43.177516] device_initial_probe+0x13/0x20 +[ 43.177518] bus_probe_device+0x95/0xa0 +[ 43.177519] device_add+0x44b/0x680 +[ 43.177522] rmi_register_function+0x62/0xd0 [rmi_core] +[ 43.177525] rmi_create_function+0x112/0x1a0 [rmi_core] +[ 43.177527] ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core] +[ 43.177530] rmi_scan_pdt+0xca/0x1a0 [rmi_core] +[ 43.177535] rmi_init_functions+0x5b/0x120 [rmi_core] +[ 43.177537] rmi_driver_probe+0x152/0x3c0 [rmi_core] +[ 43.177547] ? sysfs_create_link+0x25/0x40 +[ 43.177549] driver_probe_device+0x310/0x480 +[ 43.177551] __device_attach_driver+0x86/0x100 +[ 43.177553] ? __driver_attach+0xf0/0xf0 +[ 43.177554] bus_for_each_drv+0x6b/0xb0 +[ 43.177556] __device_attach+0xdd/0x160 +[ 43.177558] device_initial_probe+0x13/0x20 +[ 43.177560] bus_probe_device+0x95/0xa0 +[ 43.177561] device_add+0x44b/0x680 +[ 43.177564] rmi_register_transport_device+0x84/0x100 [rmi_core] +[ 43.177568] rmi_input_configured+0xbf/0x1a0 [hid_rmi] +[ 43.177571] ? input_allocate_device+0xdf/0xf0 +[ 43.177574] hidinput_connect+0x4a9/0x37a0 [hid] +[ 43.177578] hid_connect+0x326/0x3d0 [hid] +[ 43.177581] hid_hw_start+0x42/0x70 [hid] +[ 43.177583] rmi_probe+0x115/0x510 [hid_rmi] +[ 43.177586] hid_device_probe+0xd3/0x150 [hid] +[ 43.177588] ? sysfs_create_link+0x25/0x40 +[ 43.177590] driver_probe_device+0x310/0x480 +[ 43.177592] __driver_attach+0xbf/0xf0 +[ 43.177593] ? driver_probe_device+0x480/0x480 +[ 43.177595] bus_for_each_dev+0x74/0xb0 +[ 43.177597] ? kmem_cache_alloc_trace+0x1a6/0x1c0 +[ 43.177599] driver_attach+0x1e/0x20 +[ 43.177600] bus_add_driver+0x167/0x260 +[ 43.177602] ? 0xffffffffc0cbc000 +[ 43.177604] driver_register+0x60/0xe0 +[ 43.177605] ? 0xffffffffc0cbc000 +[ 43.177607] __hid_register_driver+0x63/0x70 [hid] +[ 43.177610] rmi_driver_init+0x23/0x1000 [hid_rmi] +[ 43.177612] do_one_initcall+0x52/0x191 +[ 43.177615] ? _cond_resched+0x19/0x40 +[ 43.177617] ? kmem_cache_alloc_trace+0xa2/0x1c0 +[ 43.177619] ? do_init_module+0x27/0x209 +[ 43.177621] do_init_module+0x5f/0x209 +[ 43.177623] load_module+0x1987/0x1f10 +[ 43.177626] ? ima_post_read_file+0x96/0xa0 +[ 43.177629] SYSC_finit_module+0xfc/0x120 +[ 43.177630] ? SYSC_finit_module+0xfc/0x120 +[ 43.177632] SyS_finit_module+0xe/0x10 +[ 43.177634] do_syscall_64+0x73/0x130 +[ 43.177637] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 +[ 43.177638] RIP: 0033:0x7fd2d880b839 +[ 43.177639] RSP: 002b:00007ffe0a6b2368 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 +[ 43.177641] RAX: ffffffffffffffda RBX: 000055cdd86542e0 RCX: 00007fd2d880b839 +[ 43.177641] RDX: 0000000000000000 RSI: 00007fd2d84ea0e5 RDI: 0000000000000016 +[ 43.177642] RBP: 00007fd2d84ea0e5 R08: 0000000000000000 R09: 00007ffe0a6b2480 +[ 43.177643] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000 +[ 43.177644] R13: 000055cdd8688930 R14: 0000000000020000 R15: 000055cdd86542e0 +[ 43.177645] Code: 48 c7 c7 54 b4 c3 c0 e8 96 9d ec dd e9 d4 fb ff ff 0f 0b 41 be ea ff ff ff e9 c7 fb ff ff 0f 0b 41 be ea ff ff ff e9 ba fb ff ff <0f> 0b e9 d8 f4 ff ff 83 fa 01 0f 84 c4 02 00 00 48 83 78 68 00 +[ 43.177675] ---[ end trace d44d9bc41477c2dd ]--- +[ 43.177679] BUG: unable to handle kernel NULL pointer dereference at 0000000000000499 +[ 43.177723] IP: __video_register_device+0x1cc/0x1090 [videodev] +[ 43.177749] PGD 0 P4D 0 +[ 43.177764] Oops: 0000 [#1] SMP PTI +[ 43.177780] Modules linked in: hid_sensor_custom hid_sensor_als hid_sensor_incl_3d hid_sensor_rotation hid_sensor_magn_3d hid_sensor_accel_3d hid_sensor_gyro_3d hid_sensor_trigger industrialio_triggered_buffer kfifo_buf joydev hid_sensor_iio_common hid_rmi(+) rmi_core industrialio videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev hid_multitouch media hid_sensor_hub binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi arc4 snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc snd_hda_codec_realtek snd_soc_acpi snd_hda_codec_generic snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel snd_hda_codec intel_rapl snd_hda_core x86_pkg_temp_thermal snd_hwdep intel_powerclamp coretemp snd_pcm kvm_intel snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul +[ 43.178055] crc32_pclmul ghash_clmulni_intel iwlmvm pcbc mac80211 snd_seq aesni_intel iwlwifi aes_x86_64 snd_seq_device crypto_simd glue_helper cryptd snd_timer intel_cstate intel_rapl_perf input_leds serio_raw intel_wmi_thunderbolt snd wmi_bmof cfg80211 soundcore ideapad_laptop sparse_keymap idma64 virt_dma tpm_crb acpi_pad int3400_thermal acpi_thermal_rel intel_pch_thermal processor_thermal_device mac_hid int340x_thermal_zone mei_me intel_soc_dts_iosf mei intel_lpss_pci shpchp intel_lpss sch_fq_codel vfio_pci nfsd vfio_virqfd parport_pc ppdev auth_rpcgss nfs_acl lockd grace lp parport sunrpc ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i915 i2c_algo_bit drm_kms_helper syscopyarea sdhci_pci sysfillrect +[ 43.178337] sysimgblt cqhci fb_sys_fops sdhci drm i2c_hid wmi hid video pinctrl_sunrisepoint pinctrl_intel +[ 43.178380] CPU: 1 PID: 711 Comm: systemd-udevd Tainted: G W 4.16.0 #1 +[ 43.178411] Hardware name: LENOVO 80UE/VIUU4, BIOS 2UCN10T 10/14/2016 +[ 43.178441] RIP: 0010:__video_register_device+0x1cc/0x1090 [videodev] +[ 43.178467] RSP: 0000:ffffa5c5c231b420 EFLAGS: 00010202 +[ 43.178490] RAX: ffffffffc0c44cc0 RBX: 0000000000000005 RCX: ffffffffc0c454c0 +[ 43.178519] RDX: 0000000000000001 RSI: ffff8eda1d6d9118 RDI: ffffffffc0c44cc0 +[ 43.178549] RBP: ffffa5c5c231b478 R08: ffffffffc0c96900 R09: ffff8eda1a51f018 +[ 43.178579] R10: 0000000000000600 R11: 00000000000003b6 R12: 0000000000000000 +[ 43.178608] R13: 0000000000000005 R14: ffffffffc0c96900 R15: ffff8eda1d6d91c0 +[ 43.178636] FS: 00007fd2d8ef2480(0000) GS:ffff8eda33480000(0000) knlGS:0000000000000000 +[ 43.178669] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 43.178693] CR2: 0000000000000499 CR3: 0000000456ae2004 CR4: 00000000003606e0 +[ 43.178721] Call Trace: +[ 43.178736] ? devres_add+0x5f/0x70 +[ 43.178755] rmi_f54_probe+0x437/0x470 [rmi_core] +[ 43.178779] rmi_function_probe+0x25/0x30 [rmi_core] +[ 43.178805] driver_probe_device+0x310/0x480 +[ 43.178828] __device_attach_driver+0x86/0x100 +[ 43.178851] ? __driver_attach+0xf0/0xf0 +[ 43.178884] bus_for_each_drv+0x6b/0xb0 +[ 43.178904] __device_attach+0xdd/0x160 +[ 43.178925] device_initial_probe+0x13/0x20 +[ 43.178948] bus_probe_device+0x95/0xa0 +[ 43.178968] device_add+0x44b/0x680 +[ 43.178987] rmi_register_function+0x62/0xd0 [rmi_core] +[ 43.181747] rmi_create_function+0x112/0x1a0 [rmi_core] +[ 43.184677] ? rmi_driver_clear_irq_bits+0xc0/0xc0 [rmi_core] +[ 43.187505] rmi_scan_pdt+0xca/0x1a0 [rmi_core] +[ 43.190171] rmi_init_functions+0x5b/0x120 [rmi_core] +[ 43.192809] rmi_driver_probe+0x152/0x3c0 [rmi_core] +[ 43.195403] ? sysfs_create_link+0x25/0x40 +[ 43.198253] driver_probe_device+0x310/0x480 +[ 43.201083] __device_attach_driver+0x86/0x100 +[ 43.203800] ? __driver_attach+0xf0/0xf0 +[ 43.206503] bus_for_each_drv+0x6b/0xb0 +[ 43.209291] __device_attach+0xdd/0x160 +[ 43.212207] device_initial_probe+0x13/0x20 +[ 43.215146] bus_probe_device+0x95/0xa0 +[ 43.217885] device_add+0x44b/0x680 +[ 43.220597] rmi_register_transport_device+0x84/0x100 [rmi_core] +[ 43.223321] rmi_input_configured+0xbf/0x1a0 [hid_rmi] +[ 43.226051] ? input_allocate_device+0xdf/0xf0 +[ 43.228814] hidinput_connect+0x4a9/0x37a0 [hid] +[ 43.231701] hid_connect+0x326/0x3d0 [hid] +[ 43.234548] hid_hw_start+0x42/0x70 [hid] +[ 43.237302] rmi_probe+0x115/0x510 [hid_rmi] +[ 43.239862] hid_device_probe+0xd3/0x150 [hid] +[ 43.242558] ? sysfs_create_link+0x25/0x40 +[ 43.242828] audit: type=1400 audit(1522795151.600:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine" pid=1151 comm="apparmor_parser" +[ 43.244859] driver_probe_device+0x310/0x480 +[ 43.244862] __driver_attach+0xbf/0xf0 +[ 43.246982] audit: type=1400 audit(1522795151.600:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=1151 comm="apparmor_parser" +[ 43.249403] ? driver_probe_device+0x480/0x480 +[ 43.249405] bus_for_each_dev+0x74/0xb0 +[ 43.253200] audit: type=1400 audit(1522795151.600:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/4206/usr/lib/snapd/snap-confine//snap_update_ns" pid=1151 comm="apparmor_parser" +[ 43.254055] ? kmem_cache_alloc_trace+0x1a6/0x1c0 +[ 43.256282] audit: type=1400 audit(1522795151.604:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=1152 comm="apparmor_parser" +[ 43.258436] driver_attach+0x1e/0x20 +[ 43.260875] audit: type=1400 audit(1522795151.604:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1152 comm="apparmor_parser" +[ 43.263118] bus_add_driver+0x167/0x260 +[ 43.267676] audit: type=1400 audit(1522795151.604:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=1152 comm="apparmor_parser" +[ 43.268807] ? 0xffffffffc0cbc000 +[ 43.268812] driver_register+0x60/0xe0 +[ 43.271184] audit: type=1400 audit(1522795151.604:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=1152 comm="apparmor_parser" +[ 43.274081] ? 0xffffffffc0cbc000 +[ 43.274086] __hid_register_driver+0x63/0x70 [hid] +[ 43.288367] rmi_driver_init+0x23/0x1000 [hid_rmi] +[ 43.291501] do_one_initcall+0x52/0x191 +[ 43.292348] audit: type=1400 audit(1522795151.652:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=1242 comm="apparmor_parser" +[ 43.294212] ? _cond_resched+0x19/0x40 +[ 43.300028] ? kmem_cache_alloc_trace+0xa2/0x1c0 +[ 43.303475] ? do_init_module+0x27/0x209 +[ 43.306842] do_init_module+0x5f/0x209 +[ 43.310269] load_module+0x1987/0x1f10 +[ 43.313704] ? ima_post_read_file+0x96/0xa0 +[ 43.317174] SYSC_finit_module+0xfc/0x120 +[ 43.320754] ? SYSC_finit_module+0xfc/0x120 +[ 43.324065] SyS_finit_module+0xe/0x10 +[ 43.327387] do_syscall_64+0x73/0x130 +[ 43.330909] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 +[ 43.334305] RIP: 0033:0x7fd2d880b839 +[ 43.337810] RSP: 002b:00007ffe0a6b2368 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 +[ 43.341259] RAX: ffffffffffffffda RBX: 000055cdd86542e0 RCX: 00007fd2d880b839 +[ 43.344613] RDX: 0000000000000000 RSI: 00007fd2d84ea0e5 RDI: 0000000000000016 +[ 43.347962] RBP: 00007fd2d84ea0e5 R08: 0000000000000000 R09: 00007ffe0a6b2480 +[ 43.351456] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000 +[ 43.354845] R13: 000055cdd8688930 R14: 0000000000020000 R15: 000055cdd86542e0 +[ 43.358224] Code: c7 05 ad 12 02 00 00 00 00 00 48 8d 88 00 08 00 00 eb 09 48 83 c0 08 48 39 c1 74 31 48 8b 10 48 85 d2 74 ef 49 8b b7 98 04 00 00 <48> 39 b2 98 04 00 00 75 df 48 63 92 f8 04 00 00 f0 48 0f ab 15 +[ 43.361764] RIP: __video_register_device+0x1cc/0x1090 [videodev] RSP: ffffa5c5c231b420 +[ 43.365281] CR2: 0000000000000499 + +This patch fixes the array size and changes the WARN_ON() to return an error, +instead of letting the Kernel to proceed with registering. + +Cc: sta...@vger.kernel.org # For Kernel 4.16 +Fixes: 4839c58f034a ("media: v4l2-dev: convert VFL_TYPE_* into an enum") +Reported-by: Peter Geis <pgwipe...@gmail.com> +Reported-by: Jaak Ristioja <j...@ristioja.ee> +Reported-by: MichaĆ Siemek <miha...@gmail.com> +Reviewed-by: Hans Verkuil <hans.verk...@cisco.com> +Reviewed-by: Sakari Ailus <sakari.ai...@linux.intel.com> +Signed-off-by: Mauro Carvalho Chehab <mche...@s-opensource.com> +Acked-by: Takashi Iwai <ti...@suse.de> + +--- + drivers/media/v4l2-core/v4l2-dev.c | 8 ++++++-- + include/media/v4l2-dev.h | 12 ++++++------ + 2 files changed, 12 insertions(+), 8 deletions(-) + +--- a/drivers/media/v4l2-core/v4l2-dev.c ++++ b/drivers/media/v4l2-core/v4l2-dev.c +@@ -939,10 +939,14 @@ int __video_register_device(struct video + #endif + vdev->minor = i + minor_offset; + vdev->num = nr; +- devnode_set(vdev); + + /* Should not happen since we thought this minor was free */ +- WARN_ON(video_device[vdev->minor] != NULL); ++ if (WARN_ON(video_device[vdev->minor])) { ++ mutex_unlock(&videodev_lock); ++ printk(KERN_ERR "video_device not empty!\n"); ++ return -ENFILE; ++ } ++ devnode_set(vdev); + vdev->index = get_index(vdev); + video_device[vdev->minor] = vdev; + mutex_unlock(&videodev_lock); +--- a/include/media/v4l2-dev.h ++++ b/include/media/v4l2-dev.h +@@ -33,13 +33,13 @@ + */ + enum vfl_devnode_type { + VFL_TYPE_GRABBER = 0, +- VFL_TYPE_VBI = 1, +- VFL_TYPE_RADIO = 2, +- VFL_TYPE_SUBDEV = 3, +- VFL_TYPE_SDR = 4, +- VFL_TYPE_TOUCH = 5, ++ VFL_TYPE_VBI, ++ VFL_TYPE_RADIO, ++ VFL_TYPE_SUBDEV, ++ VFL_TYPE_SDR, ++ VFL_TYPE_TOUCH, ++ VFL_TYPE_MAX /* Shall be the last one */ + }; +-#define VFL_TYPE_MAX VFL_TYPE_TOUCH + + /** + * enum vfl_direction - Identifies if a &struct video_device corresponds diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/swiotlb-Fix-unexpected-swiotlb_alloc_coherent-failur.patch new/patches.suse/swiotlb-Fix-unexpected-swiotlb_alloc_coherent-failur.patch --- old/patches.suse/swiotlb-Fix-unexpected-swiotlb_alloc_coherent-failur.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/swiotlb-Fix-unexpected-swiotlb_alloc_coherent-failur.patch 2018-04-12 12:43:52.000000000 +0200 @@ -0,0 +1,37 @@ +From: Takashi Iwai <ti...@suse.de> +Subject: [PATCH] swiotlb: Fix unexpected swiotlb_alloc_coherent() failures +Date: Tue, 10 Apr 2018 19:05:13 +0200 +Message-Id: <20180410170513.22834-1-ti...@suse.de> +Patch-mainline: Submitted, iommu ML +References: bsc#1088658, bsc#1088902 + +The code refactoring by commit 0176adb00406 ("swiotlb: refactor +coherent buffer allocation") made swiotlb_alloc_buffer() almost always +failing due to a thinko: namely, the function evaluates the +dma_coherent_ok() call incorrectly and dealing as if it's invalid. +This ends up with weird errors like iwlwifi probe failure or amdgpu +screen flickering. + +This patch corrects the logic error. + +Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1088658 +Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1088902 +Fixes: 0176adb00406 ("swiotlb: refactor coherent buffer allocation") +Cc: <sta...@vger.kernel.org> # v4.16+ +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + lib/swiotlb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/swiotlb.c ++++ b/lib/swiotlb.c +@@ -732,7 +732,7 @@ swiotlb_alloc_buffer(struct device *dev, + goto out_warn; + + *dma_handle = swiotlb_phys_to_dma(dev, phys_addr); +- if (dma_coherent_ok(dev, *dma_handle, size)) ++ if (!dma_coherent_ok(dev, *dma_handle, size)) + goto out_unmap; + + memset(phys_to_virt(phys_addr), 0, size); ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:11.557399244 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:11.561399099 +0200 @@ -59,6 +59,25 @@ patches.kernel.org/4.16.1-030-Fix-slab-name-biovec-1-21-12.patch patches.kernel.org/4.16.1-031-signal-Correct-the-offset-of-si_pkey-and-si_lo.patch patches.kernel.org/4.16.1-032-Linux-4.16.1.patch + patches.kernel.org/4.16.2-001-sparc64-Oracle-DAX-driver-depends-on-SPARC64.patch + patches.kernel.org/4.16.2-002-arp-fix-arp_filter-on-l3slave-devices.patch + patches.kernel.org/4.16.2-003-net-dsa-Discard-frames-from-unused-ports.patch + patches.kernel.org/4.16.2-004-net-ipv6-Increment-OUTxxx-counters-after-netfi.patch + patches.kernel.org/4.16.2-005-net-sched-fix-NULL-dereference-in-the-error-pa.patch + patches.kernel.org/4.16.2-006-pptp-remove-a-buggy-dst-release-in-pptp_connec.patch + patches.kernel.org/4.16.2-007-sctp-do-not-leak-kernel-memory-to-user-space.patch + patches.kernel.org/4.16.2-008-sctp-sctp_sockaddr_af-must-check-minimal-addr-.patch + patches.kernel.org/4.16.2-009-sky2-Increase-D3-delay-to-sky2-stops-working-a.patch + patches.kernel.org/4.16.2-010-vlan-also-check-phy_driver-ts_info-for-vlan-s-.patch + patches.kernel.org/4.16.2-011-net-fool-proof-dev_valid_name.patch + patches.kernel.org/4.16.2-012-ip_tunnel-better-validate-user-provided-tunnel.patch + patches.kernel.org/4.16.2-013-ipv6-sit-better-validate-user-provided-tunnel-.patch + patches.kernel.org/4.16.2-014-ip6_gre-better-validate-user-provided-tunnel-n.patch + patches.kernel.org/4.16.2-015-ip6_tunnel-better-validate-user-provided-tunne.patch + patches.kernel.org/4.16.2-016-vti6-better-validate-user-provided-tunnel-name.patch + patches.kernel.org/4.16.2-017-net_sched-fix-a-missing-idr_remove-in-u32_dele.patch + patches.kernel.org/4.16.2-018-nfp-use-full-40-bits-of-the-NSP-buffer-address.patch + patches.kernel.org/4.16.2-019-Linux-4.16.2.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -196,6 +215,8 @@ patches.suse/VFS-expedite-umount.patch + patches.suse/swiotlb-Fix-unexpected-swiotlb_alloc_coherent-failur.patch + ######################################################## # IPC patches ######################################################## @@ -334,6 +355,7 @@ ######################################################## # video4linux ######################################################## + patches.suse/media-v4l2-core-fix-size-of-devnode_nums-bitarray.patch ######################################################## # Network @@ -423,6 +445,7 @@ patches.suse/0001-AppArmor-basic-networking-rules.patch patches.suse/0002-apparmor-update-apparmor-basic-networking-rules-for-.patch patches.suse/0003-apparmor-Fix-quieting-of-audit-messages-for-network-.patch + patches.suse/apparmor-check-all-net-profiles.patch ######################################################## # Address space layout randomization ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.1MxGCr/_old 2018-04-16 12:45:11.589398080 +0200 +++ /var/tmp/diff_new_pack.1MxGCr/_new 2018-04-16 12:45:11.589398080 +0200 @@ -1,3 +1,3 @@ -2018-04-09 08:27:59 +0200 -GIT Revision: fc6541a4887903de7c2dceaf9e6a75023a494f13 +2018-04-12 14:54:16 +0200 +GIT Revision: 7b2d22b118d1ce275f762e1458e957a45ff84018 GIT Branch: stable