Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2019-04-18 13:53:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new.5536 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Thu Apr 18 13:53:55 2019 rev:482 rq:695090 version:5.0.8 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2019-04-11 12:15:01.196866370 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new.5536/dtb-aarch64.changes 2019-04-18 13:54:01.699908663 +0200 @@ -1,0 +2,287 @@ +Wed Apr 17 11:17:39 CEST 2019 - [email protected] + +- Move the vfio patch from kernel.org to suse. + kernel.org is only for stable patches. +- commit 6daf8be + +------------------------------------------------------------------- +Wed Apr 17 11:16:48 CEST 2019 - [email protected] + +- Linux 5.0.8 (bnc#1012628). +- drm/i915/gvt: do not let pin count of shadow mm go negative + (bnc#1012628). +- kbuild: pkg: use -f $(srctree)/Makefile to recurse to top + Makefile (bnc#1012628). +- netfilter: nft_compat: use .release_ops and remove list of + extension (bnc#1012628). +- netfilter: nf_tables: use-after-free in dynamic operations + (bnc#1012628). +- netfilter: nf_tables: add missing ->release_ops() in error + path of newrule() (bnc#1012628). +- hv_netvsc: Fix unwanted wakeup after tx_disable (bnc#1012628). +- ibmvnic: Fix completion structure initialization (bnc#1012628). +- ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012628). +- ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012628). +- ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012628). +- net: ethtool: not call vzalloc for zero sized memory request + (bnc#1012628). +- net-gro: Fix GRO flush when receiving a GSO packet + (bnc#1012628). +- net/mlx5: Decrease default mr cache size (bnc#1012628). +- netns: provide pure entropy for net_hash_mix() (bnc#1012628). +- net: rds: force to destroy connection if t_sock is NULL in + rds_tcp_kill_sock() (bnc#1012628). +- net/sched: act_sample: fix divide by zero in the traffic path + (bnc#1012628). +- net/sched: fix ->get helper of the matchall cls (bnc#1012628). +- openvswitch: fix flow actions reallocation (bnc#1012628). +- qmi_wwan: add Olicard 600 (bnc#1012628). +- r8169: disable ASPM again (bnc#1012628). +- sctp: initialize _pad of sockaddr_in before copying to user + memory (bnc#1012628). +- tcp: Ensure DCTCP reacts to losses (bnc#1012628). +- tcp: fix a potential NULL pointer dereference in tcp_sk_exit + (bnc#1012628). +- vrf: check accept_source_route on the original netdevice + (bnc#1012628). +- net/mlx5e: Fix error handling when refreshing TIRs + (bnc#1012628). +- net/mlx5e: Add a lock on tir list (bnc#1012628). +- nfp: validate the return code from dev_queue_xmit() + (bnc#1012628). +- nfp: disable netpoll on representors (bnc#1012628). +- bnxt_en: Improve RX consumer index validity check (bnc#1012628). +- bnxt_en: Reset device on RX buffer errors (bnc#1012628). +- net: ip_gre: fix possible use-after-free in erspan_rcv + (bnc#1012628). +- net: ip6_gre: fix possible use-after-free in ip6erspan_rcv + (bnc#1012628). +- net: bridge: always clear mcast matching struct on reports + and leaves (bnc#1012628). +- net: thunderx: fix NULL pointer dereference in + nicvf_open/nicvf_stop (bnc#1012628). +- net: vrf: Fix ping failed when vrf mtu is set to 0 + (bnc#1012628). +- net: core: netif_receive_skb_list: unlist skb before passing + to pt->func (bnc#1012628). +- r8169: disable default rx interrupt coalescing on RTL8168 + (bnc#1012628). +- net: mlx5: Add a missing check on idr_find, free buf + (bnc#1012628). +- net/mlx5e: Update xoff formula (bnc#1012628). +- net/mlx5e: Update xon formula (bnc#1012628). +- kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012628). +- lib/string.c: implement a basic bcmp (bnc#1012628). +- Revert "clk: meson: clean-up clock registration" (bnc#1012628). +- tty: mark Siemens R3964 line discipline as BROKEN (bnc#1012628). +- tty: ldisc: add sysctl to prevent autoloading of ldiscs + (bnc#1012628). +- hwmon: (w83773g) Select REGMAP_I2C to fix build error + (bnc#1012628). +- hwmon: (occ) Fix power sensor indexing (bnc#1012628). +- SMB3: Allow persistent handle timeout to be configurable on + mount (bnc#1012628). +- HID: logitech: Handle 0 scroll events for the m560 + (bnc#1012628). +- ACPICA: Clear status of GPEs before enabling them (bnc#1012628). +- ACPICA: Namespace: remove address node from global list after + method termination (bnc#1012628). +- ALSA: seq: Fix OOB-reads from strlcpy (bnc#1012628). +- ALSA: hda/realtek: Enable headset MIC of Acer TravelMate + B114-21 with ALC233 (bnc#1012628). +- ALSA: hda/realtek - Add quirk for Tuxedo XC 1509 (bnc#1012628). +- ALSA: xen-front: Do not use stream buffer size before it is set + (bnc#1012628). +- ALSA: hda - Add two more machines to the power_save_blacklist + (bnc#1012628). +- mm/huge_memory.c: fix modifying of page protection by + insert_pfn_pmd() (bnc#1012628). +- arm64: dts: rockchip: fix rk3328 sdmmc0 write errors + (bnc#1012628). +- mmc: alcor: don't write data before command has completed + (bnc#1012628). +- mmc: sdhci-omap: Don't finish_mrq() on a command error during + tuning (bnc#1012628). +- parisc: Detect QEMU earlier in boot process (bnc#1012628). +- parisc: regs_return_value() should return gpr28 (bnc#1012628). +- parisc: also set iaoq_b in instruction_pointer_set() + (bnc#1012628). +- alarmtimer: Return correct remaining time (bnc#1012628). +- drm/i915/gvt: do not deliver a workload if its creation fails + (bnc#1012628). +- drm/sun4i: DW HDMI: Lower max. supported rate for H6 + (bnc#1012628). +- drm/udl: add a release method and delay modeset teardown + (bnc#1012628). +- kvm: svm: fix potential get_num_contig_pages overflow + (bnc#1012628). +- include/linux/bitrev.h: fix constant bitrev (bnc#1012628). +- mm: writeback: use exact memcg dirty counts (bnc#1012628). +- ASoC: intel: Fix crash at suspend/resume after failed codec + registration (bnc#1012628). +- ASoC: fsl_esai: fix channel swap issue when stream starts + (bnc#1012628). +- Btrfs: do not allow trimming when a fs is mounted with the + nologreplay option (bnc#1012628). +- btrfs: prop: fix zstd compression parameter validation + (bnc#1012628). +- btrfs: prop: fix vanished compression property after failed set + (bnc#1012628). +- riscv: Fix syscall_get_arguments() and syscall_set_arguments() + (bnc#1012628). +- block: Revert v5.0 blk_mq_request_issue_directly() changes + (bnc#1012628). +- block: do not leak memory in bio_copy_user_iov() (bnc#1012628). +- block: fix the return errno for direct IO (bnc#1012628). +- genirq: Respect IRQCHIP_SKIP_SET_WAKE in + irq_chip_set_wake_parent() (bnc#1012628). +- genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n + (bnc#1012628). +- virtio: Honour 'may_reduce_num' in vring_create_virtqueue + (bnc#1012628). +- ARM: OMAP1: ams-delta: Fix broken GPIO ID allocation + (bnc#1012628). +- ARM: dts: rockchip: fix rk3288 cpu opp node reference + (bnc#1012628). +- ARM: dts: am335x-evmsk: Correct the regulators for the audio + codec (bnc#1012628). +- ARM: dts: am335x-evm: Correct the regulators for the audio codec + (bnc#1012628). +- ARM: dts: rockchip: Fix SD card detection on rk3288-tinker + (bnc#1012628). +- ARM: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012628). +- arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result + value (bnc#1012628). +- arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on + rk3328-rock64 (bnc#1012628). +- arm64: dts: rockchip: fix rk3328 rgmii high tx error rate + (bnc#1012628). +- arm64: backtrace: Don't bother trying to unwind the userspace + stack (bnc#1012628). +- arm64/ftrace: fix inadvertent BUG() in trampoline check + (bnc#1012628). +- IB/mlx5: Reset access mask when looping inside page fault + handler (bnc#1012628). +- xen: Prevent buffer overflow in privcmd ioctl (bnc#1012628). +- sched/fair: Do not re-read ->h_load_next during hierarchical + load calculation (bnc#1012628). +- xtensa: fix return_address (bnc#1012628). +- csky: Fix syscall_get_arguments() and syscall_set_arguments() + (bnc#1012628). +- x86/asm: Remove dead __GNUC__ conditionals (bnc#1012628). +- x86/asm: Use stricter assembly constraints in bitops + (bnc#1012628). +- x86/perf/amd: Resolve race condition when disabling PMC + (bnc#1012628). +- x86/perf/amd: Resolve NMI latency issues for active PMCs + (bnc#1012628). +- x86/perf/amd: Remove need to check "running" bit in NMI handler + (bnc#1012628). +- PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA + controller (bnc#1012628). +- PCI: pciehp: Ignore Link State Changes after powering off a slot + (bnc#1012628). +- xprtrdma: Fix helper that drains the transport (bnc#1012628). +- powerpc/64s/radix: Fix radix segment exception handling + (bnc#1012628). +- dm integrity: change memcmp to strncmp in dm_integrity_ctr + (bnc#1012628). +- dm: revert 8f50e358153d ("dm: limit the max bio size as + BIO_MAX_PAGES * PAGE_SIZE") (bnc#1012628). +- dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic + checksum errors (bnc#1012628). +- dm: disable DISCARD if the underlying storage no longer supports + it (bnc#1012628). +- dm integrity: fix deadlock with overlapping I/O (bnc#1012628). +- drm/virtio: do NOT reuse resource ids (bnc#1012628). +- Update config files: keep LDISC_AUTOLOAD and let R3964 go ++++ 98 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new.5536/dtb-aarch64.changes dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-kvmsmall.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.291911447 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.295911448 +0200 @@ -17,7 +17,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-aarch64 -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.355911467 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.359911469 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a -Provides: kernel-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: kernel-%build_flavor-base-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 +Provides: kernel-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 # END COMMON DEPS -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.375911474 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.375911474 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0 Group: System/Kernel -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a -Provides: kernel-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: kernel-%build_flavor-base-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 +Provides: kernel-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 # END COMMON DEPS -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 %ifarch ppc64 Provides: kernel-kdump = 2.6.28 Obsoletes: kernel-kdump <= 2.6.28 ++++++ kernel-default.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.395911480 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.399911482 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Standard Kernel License: GPL-2.0 Group: System/Kernel -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a -Provides: kernel-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: kernel-%build_flavor-base-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 +Provides: kernel-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 # END COMMON DEPS -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 %ifarch %ix86 Provides: kernel-smp = 2.6.17 Obsoletes: kernel-smp <= 2.6.17 ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.419911489 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.419911489 +0200 @@ -17,7 +17,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -63,7 +63,7 @@ %endif Url: http://www.kernel.org/ Provides: %name = %version-%source_rel -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz ++++++ kernel-kvmsmall.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.439911495 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.439911495 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Small Developer Kernel for KVM License: GPL-2.0 Group: System/Kernel -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a -Provides: kernel-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: kernel-%build_flavor-base-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 +Provides: kernel-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 # END COMMON DEPS -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.483911509 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.487911510 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -45,7 +45,7 @@ %endif %endif %endif -BuildRequires: kernel%kernel_flavor-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +BuildRequires: kernel%kernel_flavor-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 %if 0%{?rhel_version} BuildRequires: kernel @@ -64,9 +64,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.507911516 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.511911518 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.527911523 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.531911525 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a -Provides: kernel-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: kernel-%build_flavor-base-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 +Provides: kernel-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 # END COMMON DEPS -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 %ifarch %ix86 Provides: kernel-bigsmp = 2.6.17 Obsoletes: kernel-bigsmp <= 2.6.17 ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.547911530 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.555911532 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -43,7 +43,7 @@ BuildRequires: sed Requires(post): coreutils sed Provides: %name = %version-%source_rel -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 Provides: linux Provides: multiversion(kernel) Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.575911539 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.579911540 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 5.0.7 +Version: 5.0.8 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -55,7 +55,7 @@ %endif Requires: pesign-obs-integration Provides: %name = %version-%source_rel -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 Provides: multiversion(kernel) Source: README.KSYMS Requires: kernel-devel%variant = %version-%source_rel ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:10.595911545 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:10.599911547 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.0 -%define patchversion 5.0.7 +%define patchversion 5.0.8 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0 Group: System/Kernel -Version: 5.0.7 +Version: 5.0.8 %if 0%{?is_kotd} -Release: <RELEASE>.g8f18342 +Release: <RELEASE>.g8b88553 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a -Provides: kernel-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: kernel-%build_flavor-base-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 +Provides: kernel-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 # END COMMON DEPS -Provides: %name-srchash-8f1834244edbe34ab85ed17d5b24ab001b03cc5a +Provides: %name-srchash-8b88553f9147696c4bb6f23d849b00503ecd5586 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh kernel-zfcpdump.spec: same change ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/arm64/default new/config/arm64/default --- old/config/arm64/default 2019-03-28 16:18:04.000000000 +0100 +++ new/config/arm64/default 2019-04-17 11:25:56.000000000 +0200 @@ -4101,6 +4101,7 @@ CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y # @@ -4213,7 +4214,6 @@ CONFIG_HW_RANDOM_CAVIUM=m CONFIG_HW_RANDOM_MTK=m CONFIG_HW_RANDOM_EXYNOS=m -CONFIG_R3964=m CONFIG_APPLICOM=m # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv6hl/default new/config/armv6hl/default --- old/config/armv6hl/default 2019-03-28 16:18:04.000000000 +0100 +++ new/config/armv6hl/default 2019-04-17 11:25:56.000000000 +0200 @@ -3103,8 +3103,9 @@ CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -3189,7 +3190,6 @@ CONFIG_HW_RANDOM_VIRTIO=m CONFIG_HW_RANDOM_MXC_RNGA=m # CONFIG_HW_RANDOM_IMX_RNGC is not set -CONFIG_R3964=m CONFIG_RAW_DRIVER=m CONFIG_MAX_RAW_DEVS=4096 CONFIG_TCG_TPM=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/default new/config/armv7hl/default --- old/config/armv7hl/default 2019-03-28 16:18:04.000000000 +0100 +++ new/config/armv7hl/default 2019-04-17 11:25:56.000000000 +0200 @@ -4016,8 +4016,9 @@ CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -4151,7 +4152,6 @@ CONFIG_HW_RANDOM_MTK=m CONFIG_HW_RANDOM_EXYNOS=m CONFIG_HW_RANDOM_KEYSTONE=m -CONFIG_R3964=m # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m CONFIG_MAX_RAW_DEVS=4096 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/lpae new/config/armv7hl/lpae --- old/config/armv7hl/lpae 2019-03-28 16:18:04.000000000 +0100 +++ new/config/armv7hl/lpae 2019-04-17 11:25:56.000000000 +0200 @@ -3930,8 +3930,9 @@ CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -4039,7 +4040,6 @@ CONFIG_HW_RANDOM_MTK=m CONFIG_HW_RANDOM_EXYNOS=m CONFIG_HW_RANDOM_KEYSTONE=m -CONFIG_R3964=m # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m CONFIG_MAX_RAW_DEVS=4096 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/pae new/config/i386/pae --- old/config/i386/pae 2019-03-28 16:18:04.000000000 +0100 +++ new/config/i386/pae 2019-04-17 11:25:56.000000000 +0200 @@ -4004,8 +4004,9 @@ CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -4088,7 +4089,6 @@ CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIRTIO=m CONFIG_NVRAM=y -CONFIG_R3964=m CONFIG_APPLICOM=m CONFIG_SONYPI=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/default new/config/ppc64/default --- old/config/ppc64/default 2019-03-28 16:18:04.000000000 +0100 +++ new/config/ppc64/default 2019-04-17 11:25:56.000000000 +0200 @@ -3553,8 +3553,9 @@ CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m # CONFIG_PPC_EPAPR_HV_BYTECHAN is not set +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -3643,7 +3644,6 @@ CONFIG_HW_RANDOM_VIRTIO=m CONFIG_HW_RANDOM_PSERIES=y CONFIG_HW_RANDOM_POWERNV=y -# CONFIG_R3964 is not set # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m CONFIG_MAX_RAW_DEVS=4096 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/default new/config/ppc64le/default --- old/config/ppc64le/default 2019-03-28 16:18:04.000000000 +0100 +++ new/config/ppc64le/default 2019-04-17 11:25:56.000000000 +0200 @@ -3432,8 +3432,9 @@ CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m # CONFIG_PPC_EPAPR_HV_BYTECHAN is not set +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -3518,7 +3519,6 @@ CONFIG_HW_RANDOM_VIRTIO=m CONFIG_HW_RANDOM_PSERIES=y CONFIG_HW_RANDOM_POWERNV=y -# CONFIG_R3964 is not set # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m CONFIG_MAX_RAW_DEVS=4096 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/default new/config/s390x/default --- old/config/s390x/default 2019-03-28 16:18:04.000000000 +0100 +++ new/config/s390x/default 2019-04-17 11:25:56.000000000 +0200 @@ -2104,8 +2104,9 @@ CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -2133,7 +2134,6 @@ # CONFIG_HW_RANDOM_TIMERIOMEM is not set CONFIG_HW_RANDOM_VIRTIO=m CONFIG_HW_RANDOM_S390=m -# CONFIG_R3964 is not set # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m CONFIG_MAX_RAW_DEVS=4096 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/zfcpdump new/config/s390x/zfcpdump --- old/config/s390x/zfcpdump 2019-03-28 16:18:04.000000000 +0100 +++ new/config/s390x/zfcpdump 2019-04-17 11:25:56.000000000 +0200 @@ -815,6 +815,7 @@ # CONFIG_LEGACY_PTYS is not set # CONFIG_N_GSM is not set # CONFIG_TRACE_SINK is not set +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y # CONFIG_DEVKMEM is not set # CONFIG_SERIAL_DEV_BUS is not set @@ -822,7 +823,6 @@ # CONFIG_HVC_IUCV is not set CONFIG_VIRTIO_CONSOLE=y # CONFIG_HW_RANDOM is not set -# CONFIG_R3964 is not set # CONFIG_RAW_DRIVER is not set # CONFIG_HANGCHECK_TIMER is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/default new/config/x86_64/default --- old/config/x86_64/default 2019-03-28 16:18:04.000000000 +0100 +++ new/config/x86_64/default 2019-04-17 11:25:56.000000000 +0200 @@ -4025,8 +4025,9 @@ CONFIG_N_GSM=m CONFIG_TRACE_ROUTER=m CONFIG_TRACE_SINK=m +CONFIG_LDISC_AUTOLOAD=y CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y +# CONFIG_DEVKMEM is not set # # Serial drivers @@ -4106,7 +4107,6 @@ CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIRTIO=m CONFIG_NVRAM=y -CONFIG_R3964=m CONFIG_APPLICOM=m # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/kvmsmall new/config/x86_64/kvmsmall --- old/config/x86_64/kvmsmall 2019-03-28 16:18:04.000000000 +0100 +++ new/config/x86_64/kvmsmall 2019-04-17 11:25:56.000000000 +0200 @@ -575,7 +575,6 @@ # CONFIG_QNX4FS_FS is not set # CONFIG_QNX6FS_FS is not set # CONFIG_QSEMI_PHY is not set -# CONFIG_R3964 is not set # CONFIG_R8169 is not set # CONFIG_RAPIDIO is not set # CONFIG_RAW_DRIVER is not set ++++++ kernel-subpackage-spec ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:11.271911764 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:11.271911764 +0200 @@ -34,10 +34,10 @@ Requires(postun):%kernel_requires_postun %endif %endif -Provides: %(rpm -q --queryformat '[%%{PROVIDENEVRS}\n]' %kernel_package_name | sed -e 's/%kernel_package_name-srchash/%name-srchash/g' | grep -vE '^ksym|^kmod' | tr '\n' ' ') -Conflicts: %(rpm -q --queryformat '[%%{CONFLICTNEVRS}\n]' %kernel_package_name | grep -vE '^ksym|^kmod' | tr '\n' ' ') -Obsoletes: %(rpm -q --queryformat '[%%{OBSOLETENEVRS}\n]' %kernel_package_name | grep -vE '^ksym|^kmod' | tr '\n' ' ') -Recommends: %(rpm -q --queryformat '[%%{RECOMMENDNEVRS}\n]' %kernel_package_name | grep -vE '^ksym|^kmod' | tr '\n' ' ') +Provides: %(rpm -q --queryformat '[%%{PROVIDENEVRS}\n]' %kernel_package_name | sed -E 's/^%kernel_package_name(-srchash| =)/%name\1/g' | grep -vE '^(ksym|kmod|firmware)[(]' | tr '\n' ' )') +Obsoletes: %(rpm -q --queryformat '[%%{OBSOLETENEVRS}\n]' %kernel_package_name | sed -E 's/^%kernel_package_name(-srchash| =)/%name\1/g' | grep -vE '^(ksym|kmod|firmware)[(]' | tr '\n' ' )') +Conflicts: %(rpm -q --queryformat '[%%{CONFLICTNEVRS}\n]' %kernel_package_name | grep -vE '^(ksym|kmod|firmware)[(]' | tr '\n' ' )') +Recommends: %(rpm -q --queryformat '[%%{RECOMMENDNEVRS}\n]' %kernel_package_name | grep -vE '^(ksym|kmod|firmware)[(]' | tr '\n' ' )') # This is in place of obsolete_rebuilds. This should give Conflicts: %%kernel_package_name = %%source_rel as old kernel-default-base did. Conflicts: %(rpm -q --queryformat '[%%{PROVIDENEVRS}\n]' %kernel_package_name | grep '^%kernel_package_name =' | sort -V | head -n 1) @@ -48,6 +48,19 @@ This is a subpackage of %kernel_package_name. Development files are in %kernel_package_name-devel and sources in kernel-source%variant. +%package rebuild +Summary: Empty package to ensure rebuilding %name in OBS +Group: Other +Requires: %kernel_package_name = %rpm_kver-%rpm_krel + +%description rebuild +This is empty package that ensures %name is rebuilt every time +%kernel_package_name is rebuilt in OBS. + +There is no reason to install this package. + +%files rebuild + %prep %build ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 10665 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch new/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch --- old/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch 2019-04-06 16:47:49.000000000 +0200 +++ new/patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,207 +0,0 @@ -From: David Woodhouse <[email protected]> -Date: Sat, 27 Jan 2018 15:09:34 +0000 -Subject: x86/speculation: Add basic IBRS support infrastructure -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git -Git-commit: 264b9aa1a901e5032df948d47fb3cb51f0111647 -Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5753 - -Not functional yet; just add the handling for it in the Spectre v2 -mitigation selection, and the X86_FEATURE_USE_IBRS flag which will -control the code to be added in later patches. - -Also take the #ifdef CONFIG_RETPOLINE from around the RSB-stuffing; IBRS -mode will want that too. - -For now we are auto-selecting IBRS on Skylake. We will probably end up -changing that but for now let's default to the safest option. - -[karahmed: simplify the switch block and get rid of all the magic] - -Signed-off-by: David Woodhouse <[email protected]> -Signed-off-by: KarimAllah Ahmed <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> - -SUSE: added back SPECTRE_V2_IBRS removed by mainline commit d9f4426c7300 -("x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation"), -is_skylake_era() removed by commit fdf82a7856b3 ("x86/speculation: Protect -against userspace-userspace spectreRSB") and retp_compiler() removed by -commit ef014aae8f1c ("x86/retpoline: Remove minimal retpoline support"). ---- - .../admin-guide/kernel-parameters.txt | 1 + - arch/x86/include/asm/cpufeatures.h | 1 + - arch/x86/include/asm/nospec-branch.h | 3 +- - arch/x86/kernel/cpu/bugs.c | 39 +++++++++++++++++++ - arch/x86/lib/Makefile | 2 +- - arch/x86/lib/retpoline.S | 5 +++ - 6 files changed, 48 insertions(+), 3 deletions(-) - ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -4235,6 +4235,7 @@ - retpoline - replace indirect branches - retpoline,generic - google's original retpoline - retpoline,amd - AMD-specific minimal thunk -+ ibrs - Intel/AMD microcode feature - - Not specifying this option is equivalent to - spectre_v2=auto. ---- a/arch/x86/include/asm/cpufeatures.h -+++ b/arch/x86/include/asm/cpufeatures.h -@@ -221,6 +221,7 @@ - #define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */ - #define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */ - #define X86_FEATURE_IBRS_ENHANCED ( 7*32+30) /* Enhanced IBRS */ -+#define X86_FEATURE_USE_IBRS ( 7*32+31) /* "" Use IBRS for Spectre v2 safety */ - - /* Virtualization flags: Linux defined, word 8 */ - #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -225,6 +225,7 @@ enum spectre_v2_mitigation { - SPECTRE_V2_NONE, - SPECTRE_V2_RETPOLINE_GENERIC, - SPECTRE_V2_RETPOLINE_AMD, -+ SPECTRE_V2_IBRS, - SPECTRE_V2_IBRS_ENHANCED, - }; - -@@ -256,7 +257,6 @@ extern char __indirect_thunk_end[]; - */ - static inline void vmexit_fill_RSB(void) - { --#ifdef CONFIG_RETPOLINE - unsigned long loops; - - asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE -@@ -266,7 +266,6 @@ static inline void vmexit_fill_RSB(void) - "910:" - : "=r" (loops), ASM_CALL_CONSTRAINT - : : "memory" ); --#endif - } - - static __always_inline ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -236,6 +236,11 @@ static inline const char *spectre_v2_module_string(void) - static inline const char *spectre_v2_module_string(void) { return ""; } - #endif - -+static inline bool retp_compiler(void) -+{ -+ return __is_defined(CONFIG_RETPOLINE); -+} -+ - static inline bool match_option(const char *arg, int arglen, const char *opt) - { - int len = strlen(opt); -@@ -251,6 +256,7 @@ enum spectre_v2_mitigation_cmd { - SPECTRE_V2_CMD_RETPOLINE, - SPECTRE_V2_CMD_RETPOLINE_GENERIC, - SPECTRE_V2_CMD_RETPOLINE_AMD, -+ SPECTRE_V2_CMD_IBRS, - }; - - enum spectre_v2_user_cmd { -@@ -412,6 +418,7 @@ static const char * const spectre_v2_strings[] = { - [SPECTRE_V2_NONE] = "Vulnerable", - [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", - [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", -+ [SPECTRE_V2_IBRS] = "Mitigation: Indirect Branch Restricted Speculation", - [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", - }; - -@@ -425,6 +432,7 @@ static const struct { - { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, - { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, - { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, -+ { "ibrs", SPECTRE_V2_CMD_IBRS, false }, - { "auto", SPECTRE_V2_CMD_AUTO, false }, - }; - -@@ -479,6 +487,23 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) - return cmd; - } - -+/* Check for Skylake-like CPUs (for RSB handling) */ -+static bool __init is_skylake_era(void) -+{ -+ if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && -+ boot_cpu_data.x86 == 6) { -+ switch (boot_cpu_data.x86_model) { -+ case INTEL_FAM6_SKYLAKE_MOBILE: -+ case INTEL_FAM6_SKYLAKE_DESKTOP: -+ case INTEL_FAM6_SKYLAKE_X: -+ case INTEL_FAM6_KABYLAKE_MOBILE: -+ case INTEL_FAM6_KABYLAKE_DESKTOP: -+ return true; -+ } -+ } -+ return false; -+} -+ - static void __init spectre_v2_select_mitigation(void) - { - enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); -@@ -505,17 +530,31 @@ static void __init spectre_v2_select_mitigation(void) - wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); - goto specv2_set_mode; - } -+ if (boot_cpu_has(X86_FEATURE_IBRS) && -+ (is_skylake_era() || !retp_compiler())) { -+ mode = SPECTRE_V2_IBRS; -+ setup_force_cpu_cap(X86_FEATURE_USE_IBRS); -+ goto specv2_set_mode; -+ } - if (IS_ENABLED(CONFIG_RETPOLINE)) - goto retpoline_auto; - break; -+ -+ case SPECTRE_V2_CMD_IBRS: -+ mode = SPECTRE_V2_IBRS; -+ setup_force_cpu_cap(X86_FEATURE_USE_IBRS); -+ goto specv2_set_mode; -+ - case SPECTRE_V2_CMD_RETPOLINE_AMD: - if (IS_ENABLED(CONFIG_RETPOLINE)) - goto retpoline_amd; - break; -+ - case SPECTRE_V2_CMD_RETPOLINE_GENERIC: - if (IS_ENABLED(CONFIG_RETPOLINE)) - goto retpoline_generic; - break; -+ - case SPECTRE_V2_CMD_RETPOLINE: - if (IS_ENABLED(CONFIG_RETPOLINE)) - goto retpoline_auto; ---- a/arch/x86/lib/Makefile -+++ b/arch/x86/lib/Makefile -@@ -27,7 +27,7 @@ lib-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += rwsem.o - lib-$(CONFIG_INSTRUCTION_DECODER) += insn.o inat.o insn-eval.o - lib-$(CONFIG_RANDOMIZE_BASE) += kaslr.o - lib-$(CONFIG_FUNCTION_ERROR_INJECTION) += error-inject.o --lib-$(CONFIG_RETPOLINE) += retpoline.o -+lib-y += retpoline.o - - obj-y += msr.o msr-reg.o msr-reg-export.o hweight.o - obj-y += iomem.o ---- a/arch/x86/lib/retpoline.S -+++ b/arch/x86/lib/retpoline.S -@@ -8,6 +8,8 @@ - #include <asm/export.h> - #include <asm/nospec-branch.h> - -+#ifdef CONFIG_RETPOLINE -+ - .macro THUNK reg - .section .text.__x86.indirect_thunk - -@@ -46,3 +48,6 @@ GENERATE_THUNK(r13) - GENERATE_THUNK(r14) - GENERATE_THUNK(r15) - #endif -+ -+#endif /* CONFIG_RETPOLINE */ -+ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch new/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch --- old/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch 2019-04-06 16:47:49.000000000 +0200 +++ new/patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,73 +0,0 @@ -From: Thomas Gleixner <[email protected]> -Date: Mon, 15 Jan 2018 14:01:37 +0100 -Subject: x86/speculation: Add inlines to control Indirect Branch Speculation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git -Git-commit: dd9ea1967a0679ae7c44792923c046c950e762f8 -Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5753 - -XX: I am utterly unconvinced that having "friendly, self-explanatory" - names for the IBRS-frobbing inlines is useful. There be dragons - here for anyone who isn't intimately familiar with what's going - on, and it's almost better to just call it IBRS, put a reference - to the spec, and have a clear "you must be →this← tall to ride." - -[karahmed: switch to using ALTERNATIVES instead of static_cpu_has] -[dwmw2: wrmsr args inside the ALTERNATIVE again, bikeshed naming] - -Signed-off-by: Thomas Gleixner <[email protected]> -Signed-off-by: KarimAllah Ahmed <[email protected]> -Signed-off-by: David Woodhouse <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - arch/x86/include/asm/nospec-branch.h | 36 ++++++++++++++++++++++++++++ - 1 file changed, 36 insertions(+) - ---- a/arch/x86/include/asm/nospec-branch.h -+++ b/arch/x86/include/asm/nospec-branch.h -@@ -316,6 +316,42 @@ DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp); - DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); - DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); - -+/* -+ * This also performs a barrier, and setting it again when it was already -+ * set is NOT a no-op. -+ */ -+static inline void restrict_branch_speculation(void) -+{ -+ unsigned long ax, cx, dx; -+ -+ asm volatile(ALTERNATIVE("", -+ "movl %[msr], %%ecx\n\t" -+ "movl %[val], %%eax\n\t" -+ "movl $0, %%edx\n\t" -+ "wrmsr", -+ X86_FEATURE_USE_IBRS) -+ : "=a" (ax), "=c" (cx), "=d" (dx) -+ : [msr] "i" (MSR_IA32_SPEC_CTRL), -+ [val] "i" (SPEC_CTRL_IBRS) -+ : "memory"); -+} -+ -+static inline void unrestrict_branch_speculation(void) -+{ -+ unsigned long ax, cx, dx; -+ -+ asm volatile(ALTERNATIVE("", -+ "movl %[msr], %%ecx\n\t" -+ "movl %[val], %%eax\n\t" -+ "movl $0, %%edx\n\t" -+ "wrmsr", -+ X86_FEATURE_USE_IBRS) -+ : "=a" (ax), "=c" (cx), "=d" (dx) -+ : [msr] "i" (MSR_IA32_SPEC_CTRL), -+ [val] "i" (0) -+ : "memory"); -+} -+ - #endif /* __ASSEMBLY__ */ - - /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch new/patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch --- old/patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch 2019-04-06 16:47:49.000000000 +0200 +++ new/patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,87 +0,0 @@ -From: Thomas Gleixner <[email protected]> -Date: Mon, 15 Jan 2018 14:07:23 +0100 -Subject: x86/idle: Control Indirect Branch Speculation in idle -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git -Git-commit: ec3bf60dd38f67dace74986b31177892884bb787 -Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5753 - -Indirect Branch Speculation (IBS) is controlled per physical core. If one -thread disables it then it's disabled for the core. If a thread enters idle -it makes sense to reenable IBS so the sibling thread can run with full -speculation enabled in user space. - -This makes only sense in mwait_idle_with_hints() because mwait_idle() can -serve an interrupt immediately before speculation can be stopped again. SKL -which requires IBRS should use mwait_idle_with_hints() so this is a non -issue and in the worst case a missed optimization. - -Originally-by: Tim Chen <[email protected]> -Signed-off-by: Thomas Gleixner <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - arch/x86/include/asm/mwait.h | 14 ++++++++++++++ - arch/x86/kernel/process.c | 14 ++++++++++++++ - 2 files changed, 28 insertions(+) - -diff --git a/arch/x86/include/asm/mwait.h b/arch/x86/include/asm/mwait.h -index 39a2fb2937..f173072383 100644 ---- a/arch/x86/include/asm/mwait.h -+++ b/arch/x86/include/asm/mwait.h -@@ -6,6 +6,7 @@ - #include <linux/sched/idle.h> - - #include <asm/cpufeature.h> -+#include <asm/nospec-branch.h> - - #define MWAIT_SUBSTATE_MASK 0xf - #define MWAIT_CSTATE_MASK 0xf -@@ -106,7 +107,20 @@ static inline void mwait_idle_with_hints(unsigned long eax, unsigned long ecx) - mb(); - } - -+ /* -+ * Indirect Branch Speculation (IBS) is controlled per -+ * physical core. If one thread disables it, then it's -+ * disabled on all threads of the core. The kernel disables -+ * it on entry from user space. Reenable it on the thread -+ * which goes idle so the other thread has a chance to run -+ * with full speculation enabled in userspace. -+ */ -+ unrestrict_branch_speculation(); - __monitor((void *)¤t_thread_info()->flags, 0, 0); -+ /* -+ * Restrict IBS again to protect kernel execution. -+ */ -+ restrict_branch_speculation(); - if (!need_resched()) - __mwait(eax, ecx); - } -diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index cb368c2a22..ab5b65173d 100644 ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -466,6 +466,20 @@ static __cpuidle void mwait_idle(void) - mb(); /* quirk */ - } - -+ /* -+ * Indirect Branch Speculation (IBS) is controlled per -+ * physical core. If one thread disables it, then it's -+ * disabled on all threads of the core. The kernel disables -+ * it on entry from user space. For __sti_mwait() it's -+ * wrong to reenable it because an interrupt can be served -+ * before speculation can be stopped again. -+ * -+ * To plug that hole the interrupt entry code would need to -+ * save current state and restore. Not worth the trouble as -+ * SKL should not use mwait_idle(). It should use -+ * mwait_idle_with_hints() which can do speculation control -+ * safely. -+ */ - __monitor((void *)¤t_thread_info()->flags, 0, 0); - if (!need_resched()) - __sti_mwait(0, 0); --- -2.15.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch new/patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch --- old/patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch 2019-04-06 16:47:49.000000000 +0200 +++ new/patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,147 +0,0 @@ -From: Tim Chen <[email protected]> -Date: Tue, 9 Jan 2018 18:26:46 -0800 -Subject: x86/enter: Create macros to restrict/unrestrict Indirect Branch - Speculation -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git -Git-commit: 1dc8355cd7232e5343cb5d96ee27c11322cde270 -Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5753 - -Create macros to control Indirect Branch Speculation. - -Name them so they reflect what they are actually doing. -The macros are used to restrict and unrestrict the indirect branch speculation. -They do not *disable* (or *enable*) indirect branch speculation. A trip back to -user-space after *restricting* speculation would still affect the BTB. - -Quoting from a commit by Tim Chen: - -""" - If IBRS is set, near returns and near indirect jumps/calls will not allow - their predicted target address to be controlled by code that executed in a - less privileged prediction mode *BEFORE* the IBRS mode was last written with - a value of 1 or on another logical processor so long as all Return Stack - Buffer (RSB) entries from the previous less privileged prediction mode are - overwritten. - - Thus a near indirect jump/call/return may be affected by code in a less - privileged prediction mode that executed *AFTER* IBRS mode was last written - with a value of 1. -""" - -[ tglx: Changed macro names and rewrote changelog ] -[ karahmed: changed macro names *again* and rewrote changelog ] - -Signed-off-by: Tim Chen <[email protected]> -Signed-off-by: Thomas Gleixner <[email protected]> -Signed-off-by: KarimAllah Ahmed <[email protected]> -Cc: Andrea Arcangeli <[email protected]> -Cc: Andi Kleen <[email protected]> -Cc: Peter Zijlstra <[email protected]> -Cc: Greg KH <[email protected]> -Cc: Dave Hansen <[email protected]> -Cc: Andy Lutomirski <[email protected]> -Cc: Paolo Bonzini <[email protected]> -Cc: Dan Williams <[email protected]> -Cc: Arjan Van De Ven <[email protected]> -Cc: Linus Torvalds <[email protected]> -Cc: David Woodhouse <[email protected]> -Cc: Ashok Raj <[email protected]> -Link: https://lkml.kernel.org/r/3aab341725ee6a9aafd3141387453b45d788d61a.1515542293.git.tim.c.c...@linux.intel.com -Signed-off-by: David Woodhouse <[email protected]> -Signed-off-by: Jiri Slaby <[email protected]> ---- - arch/x86/entry/calling.h | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 73 insertions(+) - -diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h -index 3f48f695d5..9c279ca456 100644 ---- a/arch/x86/entry/calling.h -+++ b/arch/x86/entry/calling.h -@@ -6,6 +6,8 @@ - #include <asm/percpu.h> - #include <asm/asm-offsets.h> - #include <asm/processor-flags.h> -+#include <asm/msr-index.h> -+#include <asm/cpufeatures.h> - - /* - -@@ -349,3 +351,74 @@ For 32-bit we have the following conventions - kernel is built with - .Lafter_call_\@: - #endif - .endm -+ -+/* -+ * IBRS related macros -+ */ -+.macro PUSH_MSR_REGS -+ pushq %rax -+ pushq %rcx -+ pushq %rdx -+.endm -+ -+.macro POP_MSR_REGS -+ popq %rdx -+ popq %rcx -+ popq %rax -+.endm -+ -+.macro WRMSR_ASM msr_nr:req edx_val:req eax_val:req -+ movl \msr_nr, %ecx -+ movl \edx_val, %edx -+ movl \eax_val, %eax -+ wrmsr -+.endm -+ -+.macro RESTRICT_IB_SPEC -+ ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_USE_IBRS -+ PUSH_MSR_REGS -+ WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $SPEC_CTRL_IBRS -+ POP_MSR_REGS -+.Lskip_\@: -+.endm -+ -+.macro UNRESTRICT_IB_SPEC -+ ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_USE_IBRS -+ PUSH_MSR_REGS -+ WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $0 -+ POP_MSR_REGS -+.Lskip_\@: -+.endm -+ -+.macro RESTRICT_IB_SPEC_CLOBBER -+ ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_USE_IBRS -+ WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $SPEC_CTRL_IBRS -+.Lskip_\@: -+.endm -+ -+.macro UNRESTRICT_IB_SPEC_CLOBBER -+ ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_USE_IBRS -+ WRMSR_ASM $MSR_IA32_SPEC_CTRL, $0, $0 -+.Lskip_\@: -+.endm -+ -+.macro RESTRICT_IB_SPEC_SAVE_AND_CLOBBER save_reg:req -+ ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_USE_IBRS -+ movl $MSR_IA32_SPEC_CTRL, %ecx -+ rdmsr -+ movl %eax, \save_reg -+ movl $0, %edx -+ movl $SPEC_CTRL_IBRS, %eax -+ wrmsr -+.Lskip_\@: -+.endm -+ -+.macro RESTORE_IB_SPEC_CLOBBER save_reg:req -+ ALTERNATIVE "jmp .Lskip_\@", "", X86_FEATURE_USE_IBRS -+ /* Set IBRS to the value saved in the save_reg */ -+ movl $MSR_IA32_SPEC_CTRL, %ecx -+ movl $0, %edx -+ movl \save_reg, %eax -+ wrmsr -+.Lskip_\@: -+.endm --- -2.15.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch new/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch --- old/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch 2019-04-06 16:47:49.000000000 +0200 +++ new/patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,253 +0,0 @@ -From: Tim Chen <[email protected]> -Date: Tue, 9 Jan 2018 18:26:47 -0800 -Subject: x86/enter: Use IBRS on syscall and interrupts -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux.git -Git-commit: a6bd2df2ed25411e2ecd800504e21efe0f2b52f4 -Patch-mainline: Queued in subsystem maintainer repository -References: bsc#1068032 CVE-2017-5753 - -Stop Indirect Branch Speculation on every user space to kernel space -transition and reenable it when returning to user space./ - -The NMI interrupt save/restore of IBRS state was based on Andrea -Arcangeli's implementation. Here's an explanation by Dave Hansen on why we -save IBRS state for NMI. - -The normal interrupt code uses the 'error_entry' path which uses the -Code Segment (CS) of the instruction that was interrupted to tell -whether it interrupted the kernel or userspace and thus has to switch -IBRS, or leave it alone. - -The NMI code is different. It uses 'paranoid_entry' because it can -interrupt the kernel while it is running with a userspace IBRS (and %GS -and CR3) value, but has a kernel CS. If we used the same approach as -the normal interrupt code, we might do the following; - - SYSENTER_entry -<-------------- NMI HERE - IBRS=1 - do_something() - IBRS=0 - SYSRET - -The NMI code might notice that we are running in the kernel and decide -that it is OK to skip the IBRS=1. This would leave it running -unprotected with IBRS=0, which is bad. - -However, if we unconditionally set IBRS=1, in the NMI, we might get the -following case: - - SYSENTER_entry - IBRS=1 - do_something() - IBRS=0 -<-------------- NMI HERE (set IBRS=1) - SYSRET - -and we would return to userspace with IBRS=1. Userspace would run -slowly until we entered and exited the kernel again. - -Instead of those two approaches, we chose a third one where we simply -save the IBRS value in a scratch register (%r13) and then restore that -value, verbatim. - -[karahmed use the new SPEC_CTRL_IBRS defines] - -Co-developed-by: Andrea Arcangeli <[email protected]> -Signed-off-by: Andrea Arcangeli <[email protected]> -Signed-off-by: Tim Chen <[email protected]> -Signed-off-by: Thomas Gleixner <[email protected]> -Signed-off-by: KarimAllah Ahmed <[email protected]> -Cc: Andi Kleen <[email protected]> -Cc: Peter Zijlstra <[email protected]> -Cc: Greg KH <[email protected]> -Cc: Dave Hansen <[email protected]> -Cc: Andy Lutomirski <[email protected]> -Cc: Paolo Bonzini <[email protected]> -Cc: Dan Williams <[email protected]> -Cc: Arjan Van De Ven <[email protected]> -Cc: Linus Torvalds <[email protected]> -Cc: David Woodhouse <[email protected]> -Cc: Ashok Raj <[email protected]> -Link: https://lkml.kernel.org/r/d5e4c03ec290c61dfbe5a769f7287817283fa6b7.1515542293.git.tim.c.c...@linux.intel.com -Signed-off-by: Jiri Slaby <[email protected]> ---- - arch/x86/entry/entry_64.S | 32 ++++++++++++++++++++++++++++++++ - arch/x86/entry/entry_64_compat.S | 23 +++++++++++++++++++++-- - 2 files changed, 53 insertions(+), 2 deletions(-) - ---- a/arch/x86/entry/entry_64.S -+++ b/arch/x86/entry/entry_64.S -@@ -155,6 +155,8 @@ ENTRY(entry_SYSCALL_64) - movq %rsp, PER_CPU_VAR(cpu_tss_rw + TSS_sp2) - SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp - movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC - - /* Construct struct pt_regs on stack */ - pushq $__USER_DS /* pt_regs->ss */ -@@ -262,6 +264,8 @@ syscall_return_via_sysret: - pushq RSP-RDI(%rdi) /* RSP */ - pushq (%rdi) /* RDI */ - -+ /* Unrestrict Indirect Branch Speculation */ -+ UNRESTRICT_IB_SPEC - /* - * We are on the trampoline stack. All regs except RDI are live. - * We can do future final exit work right here. -@@ -520,6 +524,8 @@ ENTRY(interrupt_entry) - SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi - movq %rsp, %rdi - movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC - - /* - * We have RDI, return address, and orig_ax on the stack on -@@ -624,6 +630,8 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode) - /* Push user RDI on the trampoline stack. */ - pushq (%rdi) - -+ /* Unrestrict Indirect Branch Speculation */ -+ UNRESTRICT_IB_SPEC - /* - * We are on the trampoline stack. All regs except RDI are live. - * We can do future final exit work right here. -@@ -720,6 +728,13 @@ native_irq_return_ldt: - SWAPGS /* to kernel GS */ - SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi /* to kernel CR3 */ - -+ /* -+ * There is no point in disabling Indirect Branch Speculation -+ * here as this is going to return to user space immediately -+ * after fixing ESPFIX stack. There is no vulnerable code -+ * to protect so spare two MSR writes. -+ */ -+ - movq PER_CPU_VAR(espfix_waddr), %rdi - movq %rax, (0*8)(%rdi) /* user RAX */ - movq (1*8)(%rsp), %rax /* user RIP */ -@@ -1180,6 +1195,8 @@ ENTRY(paranoid_entry) - * to kernel code, but with a user CR3 value. - */ - SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14 -+ /* Restrict Indirect Branch speculation */ -+ RESTRICT_IB_SPEC_SAVE_AND_CLOBBER save_reg=%r13d - - ret - END(paranoid_entry) -@@ -1203,6 +1220,8 @@ ENTRY(paranoid_exit) - testl %ebx, %ebx /* swapgs needed? */ - jnz .Lparanoid_exit_no_swapgs - TRACE_IRQS_IRETQ -+ /* Restore Indirect Branch Speculation to the previous state */ -+ RESTORE_IB_SPEC_CLOBBER save_reg=%r13d - /* Always restore stashed CR3 value (see paranoid_entry) */ - RESTORE_CR3 scratch_reg=%rbx save_reg=%r14 - SWAPGS_UNSAFE_STACK -@@ -1233,6 +1252,8 @@ ENTRY(error_entry) - SWAPGS - /* We have user CR3. Change to kernel CR3. */ - SWITCH_TO_KERNEL_CR3 scratch_reg=%rax -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC_CLOBBER - - .Lerror_entry_from_usermode_after_swapgs: - /* Put us onto the real thread stack. */ -@@ -1279,6 +1300,8 @@ ENTRY(error_entry) - */ - SWAPGS - SWITCH_TO_KERNEL_CR3 scratch_reg=%rax -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC_CLOBBER - jmp .Lerror_entry_done - - .Lbstep_iret: -@@ -1293,6 +1316,8 @@ ENTRY(error_entry) - */ - SWAPGS - SWITCH_TO_KERNEL_CR3 scratch_reg=%rax -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC - - /* - * Pretend that the exception came from user mode: set up pt_regs -@@ -1386,6 +1411,10 @@ ENTRY(nmi) - SWITCH_TO_KERNEL_CR3 scratch_reg=%rdx - movq %rsp, %rdx - movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp -+ -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC -+ - UNWIND_HINT_IRET_REGS base=%rdx offset=8 - pushq 5*8(%rdx) /* pt_regs->ss */ - pushq 4*8(%rdx) /* pt_regs->rsp */ -@@ -1620,6 +1649,9 @@ end_repeat_nmi: - movq $-1, %rsi - call do_nmi - -+ /* Restore Indirect Branch speculation to the previous state */ -+ RESTORE_IB_SPEC_CLOBBER save_reg=%r13d -+ - /* Always restore stashed CR3 value (see paranoid_entry) */ - RESTORE_CR3 scratch_reg=%r15 save_reg=%r14 - ---- a/arch/x86/entry/entry_64_compat.S -+++ b/arch/x86/entry/entry_64_compat.S -@@ -54,6 +54,8 @@ ENTRY(entry_SYSENTER_compat) - SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp - - movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC - - /* - * User tracing code (ptrace or signal handlers) might assume that -@@ -247,12 +249,18 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe) - pushq $0 /* pt_regs->r15 = 0 */ - xorl %r15d, %r15d /* nospec r15 */ - -- /* -- * User mode is traced as though IRQs are on, and SYSENTER -+ /* Restrict Indirect Branch Speculation. All registers are saved already */ -+ RESTRICT_IB_SPEC_CLOBBER -+ -+ /* User mode is traced as though IRQs are on, and SYSENTER - * turned them off. - */ - TRACE_IRQS_OFF - -+ /* -+ * We just saved %rdi so it is safe to clobber. It is not -+ * preserved during the C calls inside TRACE_IRQS_OFF anyway. -+ */ - movq %rsp, %rdi - call do_fast_syscall_32 - /* XEN PV guests always use IRET path */ -@@ -267,6 +275,15 @@ sysret32_from_system_call: - */ - STACKLEAK_ERASE - TRACE_IRQS_ON /* User mode traces as IRQs on. */ -+ -+ /* -+ * Unrestrict Indirect Branch Speculation. This is safe to do here -+ * because there are no indirect branches between here and the -+ * return to userspace (sysretl). -+ * Clobber of %rax, %rcx, %rdx is OK before register restoring. -+ */ -+ UNRESTRICT_IB_SPEC_CLOBBER -+ - movq RBX(%rsp), %rbx /* pt_regs->rbx */ - movq RBP(%rsp), %rbp /* pt_regs->rbp */ - movq EFLAGS(%rsp), %r11 /* pt_regs->flags (in r11) */ -@@ -364,6 +381,8 @@ ENTRY(entry_INT80_compat) - /* In the Xen PV case we already run on the thread stack. */ - ALTERNATIVE "movq %rsp, %rdi", "jmp .Lint80_keep_stack", X86_FEATURE_XENPV - movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp -+ /* Restrict Indirect Branch Speculation */ -+ RESTRICT_IB_SPEC - - pushq 6*8(%rdi) /* regs->ss */ - pushq 5*8(%rdi) /* regs->rsp */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/Revert-Bluetooth-btusb-driver-to-enable-the-usb-wake.patch new/patches.suse/Revert-Bluetooth-btusb-driver-to-enable-the-usb-wake.patch --- old/patches.suse/Revert-Bluetooth-btusb-driver-to-enable-the-usb-wake.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/Revert-Bluetooth-btusb-driver-to-enable-the-usb-wake.patch 2019-04-17 11:25:20.000000000 +0200 @@ -0,0 +1,42 @@ +From 2292984907bdca09396f25c90bc1d30478d34fd5 Mon Sep 17 00:00:00 2001 +From: Michal Suchanek <[email protected]> +Date: Tue, 26 Mar 2019 22:37:42 +0100 +Subject: [PATCH] Revert "Bluetooth: btusb: driver to enable the usb-wakeup + feature" + +Patch-mainline: no, testing +References: boo#1130448 + +This reverts commit a0085f2510e8976614ad8f766b209448b385492f. + +Signed-off-by: Michal Suchanek <[email protected]> +--- + drivers/bluetooth/btusb.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index 4761499db9ee..6d35cdb99c5e 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -1138,10 +1138,6 @@ static int btusb_open(struct hci_dev *hdev) + } + + data->intf->needs_remote_wakeup = 1; +- /* device specific wakeup source enabled and required for USB +- * remote wakeup while host is suspended +- */ +- device_wakeup_enable(&data->udev->dev); + + if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) + goto done; +@@ -1205,7 +1201,6 @@ static int btusb_close(struct hci_dev *hdev) + goto failed; + + data->intf->needs_remote_wakeup = 0; +- device_wakeup_disable(&data->udev->dev); + usb_autopm_put_interface(data->intf); + + failed: +-- +2.20.1 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/vfio-type1-limit-dma-mappings-per-container new/patches.suse/vfio-type1-limit-dma-mappings-per-container --- old/patches.suse/vfio-type1-limit-dma-mappings-per-container 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/vfio-type1-limit-dma-mappings-per-container 2019-04-17 11:25:20.000000000 +0200 @@ -0,0 +1,94 @@ +From: Alex Williamson <[email protected]> +Date: Wed, 3 Apr 2019 12:36:21 -0600 +Subject: vfio/type1: Limit DMA mappings per container +Git-commit: 492855939bdb59c6f947b0b5b44af9ad82b7e38c +Patch-mainline: v5.1-rc4 +References: CVE-2019-3882 bsc#1131427 + +Memory backed DMA mappings are accounted against a user's locked +memory limit, including multiple mappings of the same memory. This +accounting bounds the number of such mappings that a user can create. +However, DMA mappings that are not backed by memory, such as DMA +mappings of device MMIO via mmaps, do not make use of page pinning +and therefore do not count against the user's locked memory limit. +These mappings still consume memory, but the memory is not well +associated to the process for the purpose of oom killing a task. + +To add bounding on this use case, we introduce a limit to the total +number of concurrent DMA mappings that a user is allowed to create. +This limit is exposed as a tunable module option where the default +value of 64K is expected to be well in excess of any reasonable use +case (a large virtual machine configuration would typically only make +use of tens of concurrent mappings). + +This fixes CVE-2019-3882. + +Reviewed-by: Eric Auger <[email protected]> +Tested-by: Eric Auger <[email protected]> +Reviewed-by: Peter Xu <[email protected]> +Reviewed-by: Cornelia Huck <[email protected]> +Signed-off-by: Alex Williamson <[email protected]> +Acked-by: Joerg Roedel <[email protected]> +--- + drivers/vfio/vfio_iommu_type1.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c +index 73652e21efec..d0f731c9920a 100644 +--- a/drivers/vfio/vfio_iommu_type1.c ++++ b/drivers/vfio/vfio_iommu_type1.c +@@ -58,12 +58,18 @@ module_param_named(disable_hugepages, + MODULE_PARM_DESC(disable_hugepages, + "Disable VFIO IOMMU support for IOMMU hugepages."); + ++static unsigned int dma_entry_limit __read_mostly = U16_MAX; ++module_param_named(dma_entry_limit, dma_entry_limit, uint, 0644); ++MODULE_PARM_DESC(dma_entry_limit, ++ "Maximum number of user DMA mappings per container (65535)."); ++ + struct vfio_iommu { + struct list_head domain_list; + struct vfio_domain *external_domain; /* domain for external user */ + struct mutex lock; + struct rb_root dma_list; + struct blocking_notifier_head notifier; ++ unsigned int dma_avail; + bool v2; + bool nesting; + }; +@@ -836,6 +842,7 @@ static void vfio_remove_dma(struct vfio_iommu *iommu, struct vfio_dma *dma) + vfio_unlink_dma(iommu, dma); + put_task_struct(dma->task); + kfree(dma); ++ iommu->dma_avail++; + } + + static unsigned long vfio_pgsize_bitmap(struct vfio_iommu *iommu) +@@ -1081,12 +1088,18 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu, + goto out_unlock; + } + ++ if (!iommu->dma_avail) { ++ ret = -ENOSPC; ++ goto out_unlock; ++ } ++ + dma = kzalloc(sizeof(*dma), GFP_KERNEL); + if (!dma) { + ret = -ENOMEM; + goto out_unlock; + } + ++ iommu->dma_avail--; + dma->iova = iova; + dma->vaddr = vaddr; + dma->prot = prot; +@@ -1583,6 +1596,7 @@ static void *vfio_iommu_type1_open(unsigned long arg) + + INIT_LIST_HEAD(&iommu->domain_list); + iommu->dma_list = RB_ROOT; ++ iommu->dma_avail = dma_entry_limit; + mutex_init(&iommu->lock); + BLOCKING_INIT_NOTIFIER_HEAD(&iommu->notifier); + + ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:11.975911992 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:11.975911992 +0200 @@ -830,6 +830,124 @@ patches.kernel.org/5.0.7-246-kbuild-add-workaround-for-Debian-make-kpkg.patch patches.kernel.org/5.0.7-247-kbuild-skip-sub-make-for-in-tree-build-with-GNU.patch patches.kernel.org/5.0.7-248-Linux-5.0.7.patch + patches.kernel.org/5.0.8-001-drm-i915-gvt-do-not-let-pin-count-of-shadow-mm-.patch + patches.kernel.org/5.0.8-002-kbuild-pkg-use-f-srctree-Makefile-to-recurse-to.patch + patches.kernel.org/5.0.8-003-netfilter-nft_compat-use-.release_ops-and-remov.patch + patches.kernel.org/5.0.8-004-netfilter-nf_tables-use-after-free-in-dynamic-o.patch + patches.kernel.org/5.0.8-005-netfilter-nf_tables-add-missing-release_ops-in-.patch + patches.kernel.org/5.0.8-006-hv_netvsc-Fix-unwanted-wakeup-after-tx_disable.patch + patches.kernel.org/5.0.8-007-ibmvnic-Fix-completion-structure-initialization.patch + patches.kernel.org/5.0.8-008-ip6_tunnel-Match-to-ARPHRD_TUNNEL6-for-dev-type.patch + patches.kernel.org/5.0.8-009-ipv6-Fix-dangling-pointer-when-ipv6-fragment.patch + patches.kernel.org/5.0.8-010-ipv6-sit-reset-ip-header-pointer-in-ipip6_rcv.patch + patches.kernel.org/5.0.8-011-kcm-switch-order-of-device-registration-to-fix-.patch + patches.kernel.org/5.0.8-012-net-ethtool-not-call-vzalloc-for-zero-sized-mem.patch + patches.kernel.org/5.0.8-013-net-gro-Fix-GRO-flush-when-receiving-a-GSO-pack.patch + patches.kernel.org/5.0.8-014-net-mlx5-Decrease-default-mr-cache-size.patch + patches.kernel.org/5.0.8-015-netns-provide-pure-entropy-for-net_hash_mix.patch + patches.kernel.org/5.0.8-016-net-rds-force-to-destroy-connection-if-t_sock-i.patch + patches.kernel.org/5.0.8-017-net-sched-act_sample-fix-divide-by-zero-in-the-.patch + patches.kernel.org/5.0.8-018-net-sched-fix-get-helper-of-the-matchall-cls.patch + patches.kernel.org/5.0.8-019-openvswitch-fix-flow-actions-reallocation.patch + patches.kernel.org/5.0.8-020-qmi_wwan-add-Olicard-600.patch + patches.kernel.org/5.0.8-021-r8169-disable-ASPM-again.patch + patches.kernel.org/5.0.8-022-sctp-initialize-_pad-of-sockaddr_in-before-copy.patch + patches.kernel.org/5.0.8-023-tcp-Ensure-DCTCP-reacts-to-losses.patch + patches.kernel.org/5.0.8-024-tcp-fix-a-potential-NULL-pointer-dereference-in.patch + patches.kernel.org/5.0.8-025-vrf-check-accept_source_route-on-the-original-n.patch + patches.kernel.org/5.0.8-026-net-mlx5e-Fix-error-handling-when-refreshing-TI.patch + patches.kernel.org/5.0.8-027-net-mlx5e-Add-a-lock-on-tir-list.patch + patches.kernel.org/5.0.8-028-nfp-validate-the-return-code-from-dev_queue_xmi.patch + patches.kernel.org/5.0.8-029-nfp-disable-netpoll-on-representors.patch + patches.kernel.org/5.0.8-030-bnxt_en-Improve-RX-consumer-index-validity-chec.patch + patches.kernel.org/5.0.8-031-bnxt_en-Reset-device-on-RX-buffer-errors.patch + patches.kernel.org/5.0.8-032-net-ip_gre-fix-possible-use-after-free-in-erspa.patch + patches.kernel.org/5.0.8-033-net-ip6_gre-fix-possible-use-after-free-in-ip6e.patch + patches.kernel.org/5.0.8-034-net-bridge-always-clear-mcast-matching-struct-o.patch + patches.kernel.org/5.0.8-035-net-thunderx-fix-NULL-pointer-dereference-in-ni.patch + patches.kernel.org/5.0.8-036-net-vrf-Fix-ping-failed-when-vrf-mtu-is-set-to-.patch + patches.kernel.org/5.0.8-037-net-core-netif_receive_skb_list-unlist-skb-befo.patch + patches.kernel.org/5.0.8-038-r8169-disable-default-rx-interrupt-coalescing-o.patch + patches.kernel.org/5.0.8-039-net-mlx5-Add-a-missing-check-on-idr_find-free-b.patch + patches.kernel.org/5.0.8-040-net-mlx5e-Update-xoff-formula.patch + patches.kernel.org/5.0.8-041-net-mlx5e-Update-xon-formula.patch + patches.kernel.org/5.0.8-042-kbuild-clang-choose-GCC_TOOLCHAIN_DIR-not-on-LD.patch + patches.kernel.org/5.0.8-043-lib-string.c-implement-a-basic-bcmp.patch + patches.kernel.org/5.0.8-044-Revert-clk-meson-clean-up-clock-registration.patch + patches.kernel.org/5.0.8-045-tty-mark-Siemens-R3964-line-discipline-as-BROKE.patch + patches.kernel.org/5.0.8-046-tty-ldisc-add-sysctl-to-prevent-autoloading-of-.patch + patches.kernel.org/5.0.8-047-hwmon-w83773g-Select-REGMAP_I2C-to-fix-build-er.patch + patches.kernel.org/5.0.8-048-hwmon-occ-Fix-power-sensor-indexing.patch + patches.kernel.org/5.0.8-049-SMB3-Allow-persistent-handle-timeout-to-be-conf.patch + patches.kernel.org/5.0.8-050-HID-logitech-Handle-0-scroll-events-for-the-m56.patch + patches.kernel.org/5.0.8-051-ACPICA-Clear-status-of-GPEs-before-enabling-the.patch + patches.kernel.org/5.0.8-052-ACPICA-Namespace-remove-address-node-from-globa.patch + patches.kernel.org/5.0.8-053-ALSA-seq-Fix-OOB-reads-from-strlcpy.patch + patches.kernel.org/5.0.8-054-ALSA-hda-realtek-Enable-headset-MIC-of-Acer-Tra.patch + patches.kernel.org/5.0.8-055-ALSA-hda-realtek-Add-quirk-for-Tuxedo-XC-1509.patch + patches.kernel.org/5.0.8-056-ALSA-xen-front-Do-not-use-stream-buffer-size-be.patch + patches.kernel.org/5.0.8-057-ALSA-hda-Add-two-more-machines-to-the-power_sav.patch + patches.kernel.org/5.0.8-058-mm-huge_memory.c-fix-modifying-of-page-protecti.patch + patches.kernel.org/5.0.8-059-arm64-dts-rockchip-fix-rk3328-sdmmc0-write-erro.patch + patches.kernel.org/5.0.8-060-mmc-alcor-don-t-write-data-before-command-has-c.patch + patches.kernel.org/5.0.8-061-mmc-sdhci-omap-Don-t-finish_mrq-on-a-command-er.patch + patches.kernel.org/5.0.8-062-parisc-Detect-QEMU-earlier-in-boot-process.patch + patches.kernel.org/5.0.8-063-parisc-regs_return_value-should-return-gpr28.patch + patches.kernel.org/5.0.8-064-parisc-also-set-iaoq_b-in-instruction_pointer_s.patch + patches.kernel.org/5.0.8-065-alarmtimer-Return-correct-remaining-time.patch + patches.kernel.org/5.0.8-066-drm-i915-gvt-do-not-deliver-a-workload-if-its-c.patch + patches.kernel.org/5.0.8-067-drm-sun4i-DW-HDMI-Lower-max.-supported-rate-for.patch + patches.kernel.org/5.0.8-068-drm-udl-add-a-release-method-and-delay-modeset-.patch + patches.kernel.org/5.0.8-069-kvm-svm-fix-potential-get_num_contig_pages-over.patch + patches.kernel.org/5.0.8-070-include-linux-bitrev.h-fix-constant-bitrev.patch + patches.kernel.org/5.0.8-071-mm-writeback-use-exact-memcg-dirty-counts.patch + patches.kernel.org/5.0.8-072-ASoC-intel-Fix-crash-at-suspend-resume-after-fa.patch + patches.kernel.org/5.0.8-073-ASoC-fsl_esai-fix-channel-swap-issue-when-strea.patch + patches.kernel.org/5.0.8-074-Btrfs-do-not-allow-trimming-when-a-fs-is-mounte.patch + patches.kernel.org/5.0.8-075-btrfs-prop-fix-zstd-compression-parameter-valid.patch + patches.kernel.org/5.0.8-076-btrfs-prop-fix-vanished-compression-property-af.patch + patches.kernel.org/5.0.8-077-riscv-Fix-syscall_get_arguments-and-syscall_set.patch + patches.kernel.org/5.0.8-078-block-Revert-v5.0-blk_mq_request_issue_directly.patch + patches.kernel.org/5.0.8-079-block-do-not-leak-memory-in-bio_copy_user_iov.patch + patches.kernel.org/5.0.8-080-block-fix-the-return-errno-for-direct-IO.patch + patches.kernel.org/5.0.8-081-genirq-Respect-IRQCHIP_SKIP_SET_WAKE-in-irq_chi.patch + patches.kernel.org/5.0.8-082-genirq-Initialize-request_mutex-if-CONFIG_SPARS.patch + patches.kernel.org/5.0.8-083-virtio-Honour-may_reduce_num-in-vring_create_vi.patch + patches.kernel.org/5.0.8-084-drm-i915-dp-revert-back-to-max-link-rate-and-la.patch + patches.kernel.org/5.0.8-085-ARM-OMAP1-ams-delta-Fix-broken-GPIO-ID-allocati.patch + patches.kernel.org/5.0.8-086-ARM-dts-rockchip-fix-rk3288-cpu-opp-node-refere.patch + patches.kernel.org/5.0.8-087-ARM-dts-am335x-evmsk-Correct-the-regulators-for.patch + patches.kernel.org/5.0.8-088-ARM-dts-am335x-evm-Correct-the-regulators-for-t.patch + patches.kernel.org/5.0.8-089-ARM-dts-rockchip-Fix-SD-card-detection-on-rk328.patch + patches.kernel.org/5.0.8-090-ARM-dts-at91-Fix-typo-in-ISC_D0-on-PC9.patch + patches.kernel.org/5.0.8-091-arm64-futex-Fix-FUTEX_WAKE_OP-atomic-ops-with-n.patch + patches.kernel.org/5.0.8-092-arm64-dts-rockchip-Fix-vcc_host1_5v-GPIO-polari.patch + patches.kernel.org/5.0.8-093-arm64-dts-rockchip-fix-rk3328-rgmii-high-tx-err.patch + patches.kernel.org/5.0.8-094-arm64-backtrace-Don-t-bother-trying-to-unwind-t.patch + patches.kernel.org/5.0.8-095-arm64-ftrace-fix-inadvertent-BUG-in-trampoline-.patch + patches.kernel.org/5.0.8-096-IB-mlx5-Reset-access-mask-when-looping-inside-p.patch + patches.kernel.org/5.0.8-097-xen-Prevent-buffer-overflow-in-privcmd-ioctl.patch + patches.kernel.org/5.0.8-098-sched-fair-Do-not-re-read-h_load_next-during-hi.patch + patches.kernel.org/5.0.8-099-xtensa-fix-return_address.patch + patches.kernel.org/5.0.8-100-csky-Fix-syscall_get_arguments-and-syscall_set_.patch + patches.kernel.org/5.0.8-101-x86-asm-Remove-dead-__GNUC__-conditionals.patch + patches.kernel.org/5.0.8-102-x86-asm-Use-stricter-assembly-constraints-in-bi.patch + patches.kernel.org/5.0.8-103-x86-perf-amd-Resolve-race-condition-when-disabl.patch + patches.kernel.org/5.0.8-104-x86-perf-amd-Resolve-NMI-latency-issues-for-act.patch + patches.kernel.org/5.0.8-105-x86-perf-amd-Remove-need-to-check-running-bit-i.patch + patches.kernel.org/5.0.8-106-PCI-Add-function-1-DMA-alias-quirk-for-Marvell-.patch + patches.kernel.org/5.0.8-107-PCI-pciehp-Ignore-Link-State-Changes-after-powe.patch + patches.kernel.org/5.0.8-108-xprtrdma-Fix-helper-that-drains-the-transport.patch + patches.kernel.org/5.0.8-109-powerpc-64s-radix-Fix-radix-segment-exception-h.patch + patches.kernel.org/5.0.8-110-dm-integrity-change-memcmp-to-strncmp-in-dm_int.patch + patches.kernel.org/5.0.8-111-dm-revert-8f50e358153d-dm-limit-the-max-bio-siz.patch + patches.kernel.org/5.0.8-112-dm-table-propagate-BDI_CAP_STABLE_WRITES-to-fix.patch + patches.kernel.org/5.0.8-113-dm-disable-DISCARD-if-the-underlying-storage-no.patch + patches.kernel.org/5.0.8-114-dm-integrity-fix-deadlock-with-overlapping-I-O.patch + patches.kernel.org/5.0.8-115-KVM-x86-nVMX-close-leak-of-L0-s-x2APIC-MSRs-CVE.patch + patches.kernel.org/5.0.8-116-KVM-x86-nVMX-fix-x2APIC-VTPR-read-intercept.patch + patches.kernel.org/5.0.8-117-drm-virtio-do-NOT-reuse-resource-ids.patch + patches.kernel.org/5.0.8-118-Linux-5.0.8.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -884,12 +1002,6 @@ ######################################################## patches.suse/setuid-dumpable-wrongdir - patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch - patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch - patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch - patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch - patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch - ######################################################## # Architecture-specific patches. These used to be all # at the end of series.conf, but since we don't do @@ -1138,6 +1250,7 @@ ######################################################## patches.suse/0001-media-usb-pwc-Don-t-use-coherent-DMA-buffers-for-ISO.patch + patches.suse/Revert-Bluetooth-btusb-driver-to-enable-the-usb-wake.patch ######################################################## # I2C @@ -1233,6 +1346,8 @@ # KVM patches ######################################################## + patches.suse/vfio-type1-limit-dma-mappings-per-container + ######################################################## # documentation ######################################################## @@ -1246,3 +1361,4 @@ # You'd better have a good reason for adding a patch # below here. ######################################################## + ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.COMJBW/_old 2019-04-18 13:54:12.011912004 +0200 +++ /var/tmp/diff_new_pack.COMJBW/_new 2019-04-18 13:54:12.011912004 +0200 @@ -1,3 +1,3 @@ -2019-04-06 14:47:49 +0000 -GIT Revision: 8f1834244edbe34ab85ed17d5b24ab001b03cc5a +2019-04-17 09:25:56 +0000 +GIT Revision: 8b88553f9147696c4bb6f23d849b00503ecd5586 GIT Branch: stable
