Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2016-02-17 10:23:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes 2016-02-01 19:55:22.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes 2016-02-17 10:23:16.000000000 +0100 @@ -1,0 +2,72 @@ +Mon Feb 15 12:03:27 CET 2016 - ti...@suse.de + +- ALSA: usb-audio: avoid freeing umidi object twice + (CVE-2016-2384,bsc#966693). +- commit 6398c2d + +------------------------------------------------------------------- +Thu Feb 11 09:46:23 CET 2016 - jsl...@suse.cz + +- rpm/kernel-obs-build.spec.in: do not limit TasksMax + We run with build as PID 1 (boo#965564). +- commit 39b708b + +------------------------------------------------------------------- +Wed Feb 10 10:19:40 CET 2016 - mma...@suse.com + +- rpm/kernel-binary.spec.in: Adapt certificate handling for changes in v4.3 +- commit 589be33 + +------------------------------------------------------------------- +Tue Feb 2 17:31:39 CET 2016 - ti...@suse.de + +- Revert "xfs: clear PF_NOFREEZE for xfsaild kthread" + (boo#962250). +- commit ddc5d70 + +------------------------------------------------------------------- +Mon Feb 1 23:16:05 CET 2016 - dmuel...@suse.com + +- Disable CMOS RTC + This Motorola compatible RTC doesn't exist on ARMv7, and triggers + an non-root triggerable immediate panic on the system when being + accessed, so we better don't include it. +- commit 2b16688 + +------------------------------------------------------------------- +Mon Feb 1 16:44:17 CET 2016 - jsl...@suse.cz + +- drm/i915: Pin the ifbdev for the info->system_base GGTT mmapping + (bnc#962866). +- drm/i915: Fix failure paths around initial fbdev allocation + (bnc#962866). +- drm/i915: Fix double unref in intelfb_alloc failure path + (bnc#962866). +- commit 283b562 + +------------------------------------------------------------------- +Mon Feb 1 09:26:44 CET 2016 - jsl...@suse.cz + +- Refresh + patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch. +- Refresh + patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch. + Upstream status. +- commit ce7756a + +------------------------------------------------------------------- +Mon Feb 1 09:15:22 CET 2016 - jsl...@suse.cz + +- Linux 4.4.1 (boo#960710 bnc#962075 CVE-2016-0728). +- Delete + patches.drivers/ALSA-hda-Flush-the-pending-probe-work-at-remove. +- Delete patches.fixes/keys-fix-leak.patch. +- commit b969f5d + +------------------------------------------------------------------- +Sun Jan 31 22:31:35 CET 2016 - ti...@suse.de + +- sd: Optimal I/O size is in bytes, not sectors (boo#961263). +- commit 2198765 + +------------------------------------------------------------------- @@ -18,0 +91,15 @@ + +------------------------------------------------------------------- +Tue Jan 26 12:46:26 CET 2016 - jsl...@suse.cz + +- n_tty: Fix unsafe reference to "other" ldisc (bnc#961500 + CVE-2016-0723). +- tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (bnc#961500 + CVE-2016-0723). +- commit 4ca6fa4 + +------------------------------------------------------------------- +Tue Jan 26 10:39:45 CET 2016 - mma...@suse.com + +- rpm/kernel-spec-macros: Do not modify the release string in PTFs (bsc#963449) +- commit dc2b096 kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:20.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.4 -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %define vanilla_only 0 @@ -46,7 +46,7 @@ # Define some CONFIG variables as rpm macros as well. (rpm cannot handle # defining them all at once.) -%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB +%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_MODULE_SIG_KEY CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB %{expand:%(eval "$(test -n "%cpu_arch_flavor" && tar -xjf %_sourcedir/config.tar.bz2 --to-stdout config/%cpu_arch_flavor)"; for config in %config_vars; do echo "%%global $config ${!config:-n}"; done)} %define split_base (%CONFIG_SPLIT_PACKAGE == "y") %define split_extra (%CONFIG_SPLIT_PACKAGE == "y" && %CONFIG_SUSE_KERNEL_SUPPORTED == "y") @@ -61,9 +61,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0 Group: System/Kernel -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif @@ -481,31 +481,27 @@ %_sourcedir/modversions --unpack . < $_ fi -# copy optional module signing files: -# *.x509, *.crt -# - certificates with pubkeys used to verify module and firmware signatures -# at runtime. *.crt files assumed to be in the PEM format. -# signing_key.priv -# - unencrypted private key used to sign modules and firmware during build -# x509.genkey -# - openssl req config to generate a new signing_key.{x509,priv} pair for the -# build -for f in %_sourcedir/*.x509 %_sourcedir/{signing_key.priv,x509.genkey}; do - if test -e "$f"; then - cp "$f" . - fi -done +# copy module signing certificate(s) +found_sigkey=false for f in %_sourcedir/*.crt; do if ! test -e "$f"; then continue fi - out=${f##*/} - out=${out%.crt}.x509 - openssl x509 -inform PEM -in "$f" -outform DER -out "$out" + if test "${f##*/}" = %CONFIG_MODULE_SIG_KEY; then + found_sigkey=true + cp "$f" . + else + cat "$f" >>keyring.crt + fi done -# Convince kernel/Makefile not to generate a new keypair -touch x509.genkey -touch signing_key.x509 +if ! $found_sigkey; then + echo "warning: %CONFIG_MODULE_SIG_KEY not found" + # Let certs/Makefile generate a keypair + ../scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/signing_key.pem" +fi +if test -s keyring.crt; then + ../scripts/config --set-str SYSTEM_TRUSTED_KEYS_FILENAME "keyring.crt" +fi MAKE_ARGS="$MAKE_ARGS %{?_smp_mflags}" kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:20.000000000 +0100 @@ -16,7 +16,7 @@ # -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -27,9 +27,9 @@ Summary: Kernel Documentation (man pages) License: GPL-2.0 Group: Documentation/Man -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:20.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.4 -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %define vanilla_only 0 @@ -46,7 +46,7 @@ # Define some CONFIG variables as rpm macros as well. (rpm cannot handle # defining them all at once.) -%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB +%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_MODULE_SIG_KEY CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB %{expand:%(eval "$(test -n "%cpu_arch_flavor" && tar -xjf %_sourcedir/config.tar.bz2 --to-stdout config/%cpu_arch_flavor)"; for config in %config_vars; do echo "%%global $config ${!config:-n}"; done)} %define split_base (%CONFIG_SPLIT_PACKAGE == "y") %define split_extra (%CONFIG_SPLIT_PACKAGE == "y" && %CONFIG_SUSE_KERNEL_SUPPORTED == "y") @@ -61,9 +61,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif @@ -475,31 +475,27 @@ %_sourcedir/modversions --unpack . < $_ fi -# copy optional module signing files: -# *.x509, *.crt -# - certificates with pubkeys used to verify module and firmware signatures -# at runtime. *.crt files assumed to be in the PEM format. -# signing_key.priv -# - unencrypted private key used to sign modules and firmware during build -# x509.genkey -# - openssl req config to generate a new signing_key.{x509,priv} pair for the -# build -for f in %_sourcedir/*.x509 %_sourcedir/{signing_key.priv,x509.genkey}; do - if test -e "$f"; then - cp "$f" . - fi -done +# copy module signing certificate(s) +found_sigkey=false for f in %_sourcedir/*.crt; do if ! test -e "$f"; then continue fi - out=${f##*/} - out=${out%.crt}.x509 - openssl x509 -inform PEM -in "$f" -outform DER -out "$out" + if test "${f##*/}" = %CONFIG_MODULE_SIG_KEY; then + found_sigkey=true + cp "$f" . + else + cat "$f" >>keyring.crt + fi done -# Convince kernel/Makefile not to generate a new keypair -touch x509.genkey -touch signing_key.x509 +if ! $found_sigkey; then + echo "warning: %CONFIG_MODULE_SIG_KEY not found" + # Let certs/Makefile generate a keypair + ../scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/signing_key.pem" +fi +if test -s keyring.crt; then + ../scripts/config --set-str SYSTEM_TRUSTED_KEYS_FILENAME "keyring.crt" +fi MAKE_ARGS="$MAKE_ARGS %{?_smp_mflags}" ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:20.000000000 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -51,9 +51,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif @@ -96,6 +96,10 @@ modprobe binfmt_misc EOF chmod a+rx /usr/lib/dracut/modules.d/80obs/setup_obs.sh +# Configure systemd in kernel-obs-build's initrd not to limit TasksMax, +# we run with build as PID 1 (boo#965564) +echo "DefaultTasksMax=infinity" >> /etc/systemd/system.conf +echo "DefaultTasksAccounting=no" >> /etc/systemd/system.conf # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env. # this list of modules where available on build workers of build.opensuse.org, so we stay compatible. ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:20.000000000 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:20.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:20.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.4 -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %define vanilla_only 0 @@ -46,7 +46,7 @@ # Define some CONFIG variables as rpm macros as well. (rpm cannot handle # defining them all at once.) -%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB +%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_MODULE_SIG_KEY CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB %{expand:%(eval "$(test -n "%cpu_arch_flavor" && tar -xjf %_sourcedir/config.tar.bz2 --to-stdout config/%cpu_arch_flavor)"; for config in %config_vars; do echo "%%global $config ${!config:-n}"; done)} %define split_base (%CONFIG_SPLIT_PACKAGE == "y") %define split_extra (%CONFIG_SPLIT_PACKAGE == "y" && %CONFIG_SUSE_KERNEL_SUPPORTED == "y") @@ -61,9 +61,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif @@ -501,31 +501,27 @@ %_sourcedir/modversions --unpack . < $_ fi -# copy optional module signing files: -# *.x509, *.crt -# - certificates with pubkeys used to verify module and firmware signatures -# at runtime. *.crt files assumed to be in the PEM format. -# signing_key.priv -# - unencrypted private key used to sign modules and firmware during build -# x509.genkey -# - openssl req config to generate a new signing_key.{x509,priv} pair for the -# build -for f in %_sourcedir/*.x509 %_sourcedir/{signing_key.priv,x509.genkey}; do - if test -e "$f"; then - cp "$f" . - fi -done +# copy module signing certificate(s) +found_sigkey=false for f in %_sourcedir/*.crt; do if ! test -e "$f"; then continue fi - out=${f##*/} - out=${out%.crt}.x509 - openssl x509 -inform PEM -in "$f" -outform DER -out "$out" + if test "${f##*/}" = %CONFIG_MODULE_SIG_KEY; then + found_sigkey=true + cp "$f" . + else + cat "$f" >>keyring.crt + fi done -# Convince kernel/Makefile not to generate a new keypair -touch x509.genkey -touch signing_key.x509 +if ! $found_sigkey; then + echo "warning: %CONFIG_MODULE_SIG_KEY not found" + # Let certs/Makefile generate a keypair + ../scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/signing_key.pem" +fi +if test -s keyring.crt; then + ../scripts/config --set-str SYSTEM_TRUSTED_KEYS_FILENAME "keyring.crt" +fi MAKE_ARGS="$MAKE_ARGS %{?_smp_mflags}" ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:21.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:21.000000000 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.4 -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:21.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:21.000000000 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.4.0 +Version: 4.4.1 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:21.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:21.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.4 -%define patchversion 4.4.0 +%define patchversion 4.4.1 %define variant %{nil} %define vanilla_only 0 @@ -46,7 +46,7 @@ # Define some CONFIG variables as rpm macros as well. (rpm cannot handle # defining them all at once.) -%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB +%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_MODULE_SIG_KEY CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB %{expand:%(eval "$(test -n "%cpu_arch_flavor" && tar -xjf %_sourcedir/config.tar.bz2 --to-stdout config/%cpu_arch_flavor)"; for config in %config_vars; do echo "%%global $config ${!config:-n}"; done)} %define split_base (%CONFIG_SPLIT_PACKAGE == "y") %define split_extra (%CONFIG_SPLIT_PACKAGE == "y" && %CONFIG_SUSE_KERNEL_SUPPORTED == "y") @@ -61,9 +61,9 @@ Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0 Group: System/Kernel -Version: 4.4.0 +Version: 4.4.1 %if 0%{?is_kotd} -Release: <RELEASE>.g9f68b90 +Release: <RELEASE>.g6398c2d %else Release: 0 %endif @@ -474,31 +474,27 @@ %_sourcedir/modversions --unpack . < $_ fi -# copy optional module signing files: -# *.x509, *.crt -# - certificates with pubkeys used to verify module and firmware signatures -# at runtime. *.crt files assumed to be in the PEM format. -# signing_key.priv -# - unencrypted private key used to sign modules and firmware during build -# x509.genkey -# - openssl req config to generate a new signing_key.{x509,priv} pair for the -# build -for f in %_sourcedir/*.x509 %_sourcedir/{signing_key.priv,x509.genkey}; do - if test -e "$f"; then - cp "$f" . - fi -done +# copy module signing certificate(s) +found_sigkey=false for f in %_sourcedir/*.crt; do if ! test -e "$f"; then continue fi - out=${f##*/} - out=${out%.crt}.x509 - openssl x509 -inform PEM -in "$f" -outform DER -out "$out" + if test "${f##*/}" = %CONFIG_MODULE_SIG_KEY; then + found_sigkey=true + cp "$f" . + else + cat "$f" >>keyring.crt + fi done -# Convince kernel/Makefile not to generate a new keypair -touch x509.genkey -touch signing_key.x509 +if ! $found_sigkey; then + echo "warning: %CONFIG_MODULE_SIG_KEY not found" + # Let certs/Makefile generate a keypair + ../scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/signing_key.pem" +fi +if test -s keyring.crt; then + ../scripts/config --set-str SYSTEM_TRUSTED_KEYS_FILENAME "keyring.crt" +fi MAKE_ARGS="$MAKE_ARGS %{?_smp_mflags}" ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/default new/config/armv7hl/default --- old/config/armv7hl/default 2016-01-27 18:30:19.000000000 +0100 +++ new/config/armv7hl/default 2016-02-04 18:43:46.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.4.0 Kernel Configuration +# Linux/arm 4.4.1 Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -3618,7 +3618,6 @@ CONFIG_HW_RANDOM_TPM=m CONFIG_HW_RANDOM_MSM=m CONFIG_HW_RANDOM_ST=m -CONFIG_NVRAM=y CONFIG_R3964=m # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m @@ -6628,7 +6627,7 @@ # # Platform RTC drivers # -CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_CMOS is not set # CONFIG_RTC_DRV_DS1286 is not set # CONFIG_RTC_DRV_DS1511 is not set # CONFIG_RTC_DRV_DS1553 is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/lpae new/config/armv7hl/lpae --- old/config/armv7hl/lpae 2016-01-27 18:30:19.000000000 +0100 +++ new/config/armv7hl/lpae 2016-02-04 18:43:46.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.4.0 Kernel Configuration +# Linux/arm 4.4.1 Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -3486,7 +3486,6 @@ CONFIG_HW_RANDOM_EXYNOS=m CONFIG_HW_RANDOM_TPM=m CONFIG_HW_RANDOM_MSM=m -CONFIG_NVRAM=y CONFIG_R3964=m # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m @@ -6300,7 +6299,7 @@ # # Platform RTC drivers # -CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_CMOS is not set # CONFIG_RTC_DRV_DS1286 is not set # CONFIG_RTC_DRV_DS1511 is not set # CONFIG_RTC_DRV_DS1553 is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/vanilla new/config/armv7hl/vanilla --- old/config/armv7hl/vanilla 2016-01-27 18:30:19.000000000 +0100 +++ new/config/armv7hl/vanilla 2016-02-04 18:43:46.000000000 +0100 @@ -3614,7 +3614,6 @@ CONFIG_HW_RANDOM_TPM=m CONFIG_HW_RANDOM_MSM=m CONFIG_HW_RANDOM_ST=m -CONFIG_NVRAM=y CONFIG_R3964=m # CONFIG_APPLICOM is not set CONFIG_RAW_DRIVER=m @@ -6622,7 +6621,7 @@ # # Platform RTC drivers # -CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_CMOS is not set # CONFIG_RTC_DRV_DS1286 is not set # CONFIG_RTC_DRV_DS1511 is not set # CONFIG_RTC_DRV_DS1553 is not set ++++++ kernel-binary.spec.in ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:21.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:21.000000000 +0100 @@ -46,7 +46,7 @@ # Define some CONFIG variables as rpm macros as well. (rpm cannot handle # defining them all at once.) -%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB +%define config_vars CONFIG_MODULES CONFIG_MODULE_SIG CONFIG_MODULE_SIG_KEY CONFIG_KMSG_IDS CONFIG_SPLIT_PACKAGE CONFIG_SUSE_KERNEL_SUPPORTED CONFIG_EFI_STUB %{expand:%(eval "$(test -n "%cpu_arch_flavor" && tar -xjf %_sourcedir/config.tar.bz2 --to-stdout config/%cpu_arch_flavor)"; for config in %config_vars; do echo "%%global $config ${!config:-n}"; done)} %define split_base (%CONFIG_SPLIT_PACKAGE == "y") %define split_extra (%CONFIG_SPLIT_PACKAGE == "y" && %CONFIG_SUSE_KERNEL_SUPPORTED == "y") @@ -350,31 +350,27 @@ %_sourcedir/modversions --unpack . < $_ fi -# copy optional module signing files: -# *.x509, *.crt -# - certificates with pubkeys used to verify module and firmware signatures -# at runtime. *.crt files assumed to be in the PEM format. -# signing_key.priv -# - unencrypted private key used to sign modules and firmware during build -# x509.genkey -# - openssl req config to generate a new signing_key.{x509,priv} pair for the -# build -for f in %_sourcedir/*.x509 %_sourcedir/{signing_key.priv,x509.genkey}; do - if test -e "$f"; then - cp "$f" . - fi -done +# copy module signing certificate(s) +found_sigkey=false for f in %_sourcedir/*.crt; do if ! test -e "$f"; then continue fi - out=${f##*/} - out=${out%.crt}.x509 - openssl x509 -inform PEM -in "$f" -outform DER -out "$out" + if test "${f##*/}" = %CONFIG_MODULE_SIG_KEY; then + found_sigkey=true + cp "$f" . + else + cat "$f" >>keyring.crt + fi done -# Convince kernel/Makefile not to generate a new keypair -touch x509.genkey -touch signing_key.x509 +if ! $found_sigkey; then + echo "warning: %CONFIG_MODULE_SIG_KEY not found" + # Let certs/Makefile generate a keypair + ../scripts/config --set-str CONFIG_MODULE_SIG_KEY "certs/signing_key.pem" +fi +if test -s keyring.crt; then + ../scripts/config --set-str SYSTEM_TRUSTED_KEYS_FILENAME "keyring.crt" +fi MAKE_ARGS="$MAKE_ARGS %{?_smp_mflags}" ++++++ kernel-obs-build.spec.in ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:21.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:21.000000000 +0100 @@ -96,6 +96,10 @@ modprobe binfmt_misc EOF chmod a+rx /usr/lib/dracut/modules.d/80obs/setup_obs.sh +# Configure systemd in kernel-obs-build's initrd not to limit TasksMax, +# we run with build as PID 1 (boo#965564) +echo "DefaultTasksMax=infinity" >> /etc/systemd/system.conf +echo "DefaultTasksAccounting=no" >> /etc/systemd/system.conf # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env. # this list of modules where available on build workers of build.opensuse.org, so we stay compatible. ++++++ kernel-spec-macros ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:21.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:21.000000000 +0100 @@ -10,9 +10,11 @@ # generated by the build service. If the release string has a non-digit # suffix, we keep that suffix and strip the rightmost digit component. # This is used in KOTD builds: 2.1.g1234567 -> 2.g1234567 +# In PTF projects, there is no rebuild counter, so we leave the release +# string intact. %define source_rel %release %define obsolete_rebuilds() %nil -%if %using_buildservice +%if %using_buildservice && ! 0%{?is_ptf} %define source_rel %(echo %release | sed -r 's/\\.[0-9]+($|\\.[^.]*[^.0-9][^.]*$)/\\1/') # If the rebuild counter is > 1, obsolete all previous rebuilds (boo#867595) %define obsolete_rebuilds() %( %{verbose:set -x} \ ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Flush-the-pending-probe-work-at-remove new/patches.drivers/ALSA-hda-Flush-the-pending-probe-work-at-remove --- old/patches.drivers/ALSA-hda-Flush-the-pending-probe-work-at-remove 2016-01-20 17:43:09.000000000 +0100 +++ new/patches.drivers/ALSA-hda-Flush-the-pending-probe-work-at-remove 1970-01-01 01:00:00.000000000 +0100 @@ -1,46 +0,0 @@ -From 991f86d7ae4e1f8c15806e62f97af519e3cdd860 Mon Sep 17 00:00:00 2001 -From: Takashi Iwai <ti...@suse.de> -Date: Wed, 20 Jan 2016 17:19:02 +0100 -Subject: [PATCH] ALSA: hda - Flush the pending probe work at remove -Patch-mainline: Queued in subsystem maintainer repository -Git-commit: 991f86d7ae4e1f8c15806e62f97af519e3cdd860 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -References: boo#960710 - -As HD-audio driver does deferred probe internally via workqueue, the -driver might go into the mixed state doing both probe and remove when -the module gets unloaded during the probe work. This eventually -triggers an Oops, unsurprisingly. - -For avoiding this race, we just need to flush the pending probe work -explicitly before actually starting the resource release. - -Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=960710 -Cc: <sta...@vger.kernel.org> # v3.17+ -Signed-off-by: Takashi Iwai <ti...@suse.de> - ---- - sound/pci/hda/hda_intel.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - ---- a/sound/pci/hda/hda_intel.c -+++ b/sound/pci/hda/hda_intel.c -@@ -2126,9 +2126,17 @@ i915_power_fail: - static void azx_remove(struct pci_dev *pci) - { - struct snd_card *card = pci_get_drvdata(pci); -+ struct azx *chip; -+ struct hda_intel *hda; -+ -+ if (card) { -+ /* flush the pending probing work */ -+ chip = card->private_data; -+ hda = container_of(chip, struct hda_intel, chip); -+ flush_work(&hda->probe_work); - -- if (card) - snd_card_free(card); -+ } - } - - static void azx_shutdown(struct pci_dev *pci) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice new/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice --- old/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice 2016-02-15 12:03:27.000000000 +0100 @@ -0,0 +1,33 @@ +From 07d86ca93db7e5cdf4743564d98292042ec21af7 Mon Sep 17 00:00:00 2001 +From: Andrey Konovalov <andreyk...@gmail.com> +Date: Sat, 13 Feb 2016 11:08:06 +0300 +Subject: [PATCH] ALSA: usb-audio: avoid freeing umidi object twice +Git-commit: 07d86ca93db7e5cdf4743564d98292042ec21af7 +Patch-mainline: 4.5-rc4 +References: CVE-2016-2384,bsc#966693 + +The 'umidi' object will be free'd on the error path by snd_usbmidi_free() +when tearing down the rawmidi interface. So we shouldn't try to free it +in snd_usbmidi_create() after having registered the rawmidi interface. + +Found by KASAN. + +Signed-off-by: Andrey Konovalov <andreyk...@gmail.com> +Acked-by: Clemens Ladisch <clem...@ladisch.de> +Cc: <sta...@vger.kernel.org> +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + sound/usb/midi.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/sound/usb/midi.c ++++ b/sound/usb/midi.c +@@ -2454,7 +2454,6 @@ int snd_usbmidi_create(struct snd_card * + else + err = snd_usbmidi_create_endpoints(umidi, endpoints); + if (err < 0) { +- snd_usbmidi_free(umidi); + return err; + } + ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-drm-i915-Fix-double-unref-in-intelfb_alloc-failure-p.patch new/patches.fixes/0001-drm-i915-Fix-double-unref-in-intelfb_alloc-failure-p.patch --- old/patches.fixes/0001-drm-i915-Fix-double-unref-in-intelfb_alloc-failure-p.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0001-drm-i915-Fix-double-unref-in-intelfb_alloc-failure-p.patch 2016-02-02 17:31:39.000000000 +0100 @@ -0,0 +1,51 @@ +From: Lukas Wunner <lu...@wunner.de> +Date: Thu, 22 Oct 2015 13:37:18 +0200 +Subject: drm/i915: Fix double unref in intelfb_alloc failure path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: ca40ba855c9e3f19f2715fd8a1ced5128359d3d9 +Patch-mainline: v4.5-rc1 +References: bnc#962866 + +In intelfb_alloc(), if the call to intel_pin_and_fence_fb_obj() fails, +the bo is unrefed twice: By drm_framebuffer_remove() and once more by +drm_gem_object_unreference(). Fix it. + +Reported-by: Ville Syrjälä <ville.syrj...@linux.intel.com> +Signed-off-by: Lukas Wunner <lu...@wunner.de> +Reviewed-by: Daniel Vetter <daniel.vet...@ffwll.ch> +Link: http://patchwork.freedesktop.org/patch/msgid/cd7b33330621a350b0159ec5e098297b139cfaf7.1446892879.git.lu...@wunner.de +Signed-off-by: Jani Nikula <jani.nik...@intel.com> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/gpu/drm/i915/intel_fbdev.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/i915/intel_fbdev.c b/drivers/gpu/drm/i915/intel_fbdev.c +index 4fd5fdfef6bd..ec82b51dde3d 100644 +--- a/drivers/gpu/drm/i915/intel_fbdev.c ++++ b/drivers/gpu/drm/i915/intel_fbdev.c +@@ -156,8 +156,9 @@ static int intelfb_alloc(struct drm_fb_helper *helper, + + fb = __intel_framebuffer_create(dev, &mode_cmd, obj); + if (IS_ERR(fb)) { ++ drm_gem_object_unreference(&obj->base); + ret = PTR_ERR(fb); +- goto out_unref; ++ goto out; + } + + /* Flush everything out, we'll be doing GTT only from now on */ +@@ -173,8 +174,6 @@ static int intelfb_alloc(struct drm_fb_helper *helper, + + out_fb: + drm_framebuffer_remove(fb); +-out_unref: +- drm_gem_object_unreference(&obj->base); + out: + return ret; + } +-- +2.7.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch new/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch --- old/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch 2016-02-02 17:31:39.000000000 +0100 @@ -0,0 +1,66 @@ +From: Peter Hurley <pe...@hurleysoftware.com> +Date: Sun, 10 Jan 2016 22:40:55 -0800 +Subject: tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) +Patch-mainline: v4.5-rc2 +Git-commit: 5c17c861a357e9458001f021a7afa7aab9937439 +References: bnc#961500 CVE-2016-0723 + +ioctl(TIOCGETD) retrieves the line discipline id directly from the +ldisc because the line discipline id (c_line) in termios is untrustworthy; +userspace may have set termios via ioctl(TCSETS*) without actually +changing the line discipline via ioctl(TIOCSETD). + +However, directly accessing the current ldisc via tty->ldisc is +unsafe; the ldisc ptr dereferenced may be stale if the line discipline +is changing via ioctl(TIOCSETD) or hangup. + +Wait for the line discipline reference (just like read() or write()) +to retrieve the "current" line discipline id. + +Cc: <sta...@vger.kernel.org> +Signed-off-by: Peter Hurley <pe...@hurleysoftware.com> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/tty/tty_io.c | 24 +++++++++++++++++++++++- + 1 file changed, 23 insertions(+), 1 deletion(-) + +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -2653,6 +2653,28 @@ static int tiocsetd(struct tty_struct *t + } + + /** ++ * tiocgetd - get line discipline ++ * @tty: tty device ++ * @p: pointer to user data ++ * ++ * Retrieves the line discipline id directly from the ldisc. ++ * ++ * Locking: waits for ldisc reference (in case the line discipline ++ * is changing or the tty is being hungup) ++ */ ++ ++static int tiocgetd(struct tty_struct *tty, int __user *p) ++{ ++ struct tty_ldisc *ld; ++ int ret; ++ ++ ld = tty_ldisc_ref_wait(tty); ++ ret = put_user(ld->ops->num, p); ++ tty_ldisc_deref(ld); ++ return ret; ++} ++ ++/** + * send_break - performed time break + * @tty: device to break on + * @duration: timeout in mS +@@ -2878,7 +2900,7 @@ long tty_ioctl(struct file *file, unsign + case TIOCGSID: + return tiocgsid(tty, real_tty, p); + case TIOCGETD: +- return put_user(tty->ldisc->ops->num, (int __user *)p); ++ return tiocgetd(tty, p); + case TIOCSETD: + return tiocsetd(tty, p); + case TIOCVHANGUP: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0002-drm-i915-Fix-failure-paths-around-initial-fbdev-allo.patch new/patches.fixes/0002-drm-i915-Fix-failure-paths-around-initial-fbdev-allo.patch --- old/patches.fixes/0002-drm-i915-Fix-failure-paths-around-initial-fbdev-allo.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0002-drm-i915-Fix-failure-paths-around-initial-fbdev-allo.patch 2016-02-02 17:31:39.000000000 +0100 @@ -0,0 +1,149 @@ +From: Tvrtko Ursulin <tvrtko.ursu...@intel.com> +Date: Tue, 30 Jun 2015 10:06:27 +0100 +Subject: drm/i915: Fix failure paths around initial fbdev allocation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 51f1385b90c1ad30896bd62b1ff97aa4edb1a163 +Patch-mainline: v4.5-rc1 +References: bnc#962866 + +We had two failure modes here: + +1. +Deadlock in intelfb_alloc failure path where it calls +drm_framebuffer_remove, which grabs the struct mutex and intelfb_create +(caller of intelfb_alloc) was already holding it. + +2. +Deadlock in intelfb_create failure path where it calls +drm_framebuffer_unreference, which grabs the struct mutex and +intelfb_create was already holding it. + +[Daniel Vetter on why struct_mutex needs to be locked in the second half +of intelfb_create: "The vma [for the fbdev] is pinned, the problem is +that we re-lookup it a few times, which is racy. We should instead track +the vma directly, but oh well we don't."] + +v2: + * Reformat commit msg to 72 chars. (Lukas Wunner) + * Add third failure mode. (Lukas Wunner) + +v5: + * Rebase on drm-intel-nightly 2015y-09m-01d-09h-06m-08s UTC, + rephrase commit message. (Jani Nicula) + +v6: + * In intelfb_alloc, if __intel_framebuffer_create failed, + fb will be an ERR_PTR, thus not null. So in the failure + path we need to check for IS_ERR_OR_NULL to avoid calling + drm_framebuffer_remove on the ERR_PTR. (Lukas Wunner) + * Since this is init code a drm_framebuffer_unreference should + be all we need. drm_framebuffer_remove is for framebuffers + that userspace has created - and is getting somewhat + defeatured. (Daniel Vetter) + +v7: + * Clarify why struct_mutex needs to be locked in the second half + of intelfb_create. (Daniel Vetter) + +Fixes: 60a5ca015ffd ("drm/i915: Add locking around + framebuffer_references--") +Reported-by: Lukas Wunner <lu...@wunner.de> +Signed-off-by: Tvrtko Ursulin <tvrtko.ursu...@intel.com> +[Lukas: Create v3 + v4 + v5 + v6 + v7 based on Tvrtko's v2] +Signed-off-by: Lukas Wunner <lu...@wunner.de> +Cc: Chris Wilson <ch...@chris-wilson.co.uk> +Cc: Ville Syrjälä <ville.syrj...@linux.intel.com> +Reviewed-by: Daniel Vetter <daniel.vet...@ffwll.ch> +Link: http://patchwork.freedesktop.org/patch/msgid/47d4e88c91b3bf0f7a280cabec54c8c8cf0cf6f2.1446892879.git.lu...@wunner.de +Signed-off-by: Jani Nikula <jani.nik...@intel.com> + +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/gpu/drm/i915/intel_fbdev.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/drivers/gpu/drm/i915/intel_fbdev.c b/drivers/gpu/drm/i915/intel_fbdev.c +index ec82b51dde3d..12597b532e0e 100644 +--- a/drivers/gpu/drm/i915/intel_fbdev.c ++++ b/drivers/gpu/drm/i915/intel_fbdev.c +@@ -119,7 +119,7 @@ static int intelfb_alloc(struct drm_fb_helper *helper, + { + struct intel_fbdev *ifbdev = + container_of(helper, struct intel_fbdev, helper); +- struct drm_framebuffer *fb; ++ struct drm_framebuffer *fb = NULL; + struct drm_device *dev = helper->dev; + struct drm_i915_private *dev_priv = to_i915(dev); + struct drm_mode_fb_cmd2 mode_cmd = {}; +@@ -138,6 +138,8 @@ static int intelfb_alloc(struct drm_fb_helper *helper, + mode_cmd.pixel_format = drm_mode_legacy_fb_format(sizes->surface_bpp, + sizes->surface_depth); + ++ mutex_lock(&dev->struct_mutex); ++ + size = mode_cmd.pitches[0] * mode_cmd.height; + size = PAGE_ALIGN(size); + +@@ -165,16 +167,19 @@ static int intelfb_alloc(struct drm_fb_helper *helper, + ret = intel_pin_and_fence_fb_obj(NULL, fb, NULL, NULL, NULL); + if (ret) { + DRM_ERROR("failed to pin obj: %d\n", ret); +- goto out_fb; ++ goto out; + } + ++ mutex_unlock(&dev->struct_mutex); ++ + ifbdev->fb = to_intel_framebuffer(fb); + + return 0; + +-out_fb: +- drm_framebuffer_remove(fb); + out: ++ mutex_unlock(&dev->struct_mutex); ++ if (!IS_ERR_OR_NULL(fb)) ++ drm_framebuffer_unreference(fb); + return ret; + } + +@@ -192,8 +197,6 @@ static int intelfb_create(struct drm_fb_helper *helper, + int size, ret; + bool prealloc = false; + +- mutex_lock(&dev->struct_mutex); +- + if (intel_fb && + (sizes->fb_width > intel_fb->base.width || + sizes->fb_height > intel_fb->base.height)) { +@@ -208,7 +211,7 @@ static int intelfb_create(struct drm_fb_helper *helper, + DRM_DEBUG_KMS("no BIOS fb, allocating a new one\n"); + ret = intelfb_alloc(helper, sizes); + if (ret) +- goto out_unlock; ++ return ret; + intel_fb = ifbdev->fb; + } else { + DRM_DEBUG_KMS("re-using BIOS fb\n"); +@@ -220,6 +223,8 @@ static int intelfb_create(struct drm_fb_helper *helper, + obj = intel_fb->obj; + size = obj->base.size; + ++ mutex_lock(&dev->struct_mutex); ++ + info = drm_fb_helper_alloc_fbi(helper); + if (IS_ERR(info)) { + ret = PTR_ERR(info); +@@ -281,7 +286,6 @@ out_destroy_fbi: + out_unpin: + i915_gem_object_ggtt_unpin(obj); + drm_gem_object_unreference(&obj->base); +-out_unlock: + mutex_unlock(&dev->struct_mutex); + return ret; + } +-- +2.7.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch new/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch --- old/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch 2016-02-02 17:31:39.000000000 +0100 @@ -0,0 +1,42 @@ +From: Peter Hurley <pe...@hurleysoftware.com> +Date: Sun, 10 Jan 2016 22:40:56 -0800 +Subject: n_tty: Fix unsafe reference to "other" ldisc +Patch-mainline: v4.5-rc2 +Git-commit: 6d27a63caad3f13e96cf065d2d96828c2006be6b +References: bnc#961500 + +Although n_tty_check_unthrottle() has a valid ldisc reference (since +the tty core gets the ldisc ref in tty_read() before calling the line +discipline read() method), it does not have a valid ldisc reference to +the "other" pty of a pty pair. Since getting an ldisc reference for +tty->link essentially open-codes tty_wakeup(), just replace with the +equivalent tty_wakeup(). + +Cc: <sta...@vger.kernel.org> +Signed-off-by: Peter Hurley <pe...@hurleysoftware.com> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/tty/n_tty.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -258,16 +258,13 @@ static void n_tty_check_throttle(struct + + static void n_tty_check_unthrottle(struct tty_struct *tty) + { +- if (tty->driver->type == TTY_DRIVER_TYPE_PTY && +- tty->link->ldisc->ops->write_wakeup == n_tty_write_wakeup) { ++ if (tty->driver->type == TTY_DRIVER_TYPE_PTY) { + if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE) + return; + if (!tty->count) + return; + n_tty_kick_worker(tty); +- n_tty_write_wakeup(tty->link); +- if (waitqueue_active(&tty->link->write_wait)) +- wake_up_interruptible_poll(&tty->link->write_wait, POLLOUT); ++ tty_wakeup(tty->link); + return; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0003-drm-i915-Pin-the-ifbdev-for-the-info-system_base-GGT.patch new/patches.fixes/0003-drm-i915-Pin-the-ifbdev-for-the-info-system_base-GGT.patch --- old/patches.fixes/0003-drm-i915-Pin-the-ifbdev-for-the-info-system_base-GGT.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0003-drm-i915-Pin-the-ifbdev-for-the-info-system_base-GGT.patch 2016-02-02 17:31:39.000000000 +0100 @@ -0,0 +1,100 @@ +From: Chris Wilson <ch...@chris-wilson.co.uk> +Date: Fri, 4 Dec 2015 16:05:26 +0000 +Subject: drm/i915: Pin the ifbdev for the info->system_base GGTT mmapping +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 0c82312f3f15538f4e6ceda2a82caee8fbac4501 +Patch-mainline: v4.5-rc1 +References: bnc#962866 + +A long time ago (before 3.14) we relied on a permanent pinning of the +ifbdev to lock the fb in place inside the GGTT. However, the +introduction of stealing the BIOS framebuffer and reusing its address in +the GGTT for the fbdev has muddied waters and we use an inherited fb. +However, the inherited fb is only pinned whilst it is active and we no +longer have an explicit pin for the info->system_base mmapping used by +the fbdev. The result is that after some aperture pressure the fbdev may +be evicted, but we continue to write the fbcon into the same GGTT +address - overwriting anything else that may be put into that offset. +The effect is most pronounced across suspend/resume as +intel_fbdev_set_suspend() does a full clear over the whole scanout. + +v2: Only unpin the intel_fb is we allocate it. If we inherit the fb from +the BIOS, we do not own the pinned vma (except for the reference we add +in this patch for our access via info->screen_base). + +v3: Finish balancing the vma pinning for the normal !preallocated case. + +v4: Try to simplify the pinning even further. +v5: Leak the VMA (cleaned up by object-free) to avoid complicated error paths. + +Signed-off-by: Chris Wilson <ch...@chris-wilson.co.uk> +Cc: "Goel, Akash" <akash.g...@intel.com> +Cc: Daniel Vetter <daniel.vet...@ffwll.ch> +Cc: Jesse Barnes <jbar...@virtuousgeek.org> +Cc: Lukas Wunner <lu...@wunner.de> +Cc: drm-intel-fi...@lists.freedesktop.org +Link: http://patchwork.freedesktop.org/patch/msgid/1449245126-26158-1-git-send-email-ch...@chris-wilson.co.uk +Tested-by: Ville Syrjälä <ville.syrj...@linux.intel.com> +Signed-off-by: Daniel Vetter <daniel.vet...@ffwll.ch> +Signed-off-by: Jiri Slaby <jsl...@suse.cz> +--- + drivers/gpu/drm/i915/intel_fbdev.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +diff --git a/drivers/gpu/drm/i915/intel_fbdev.c b/drivers/gpu/drm/i915/intel_fbdev.c +index 12597b532e0e..0722acc1599e 100644 +--- a/drivers/gpu/drm/i915/intel_fbdev.c ++++ b/drivers/gpu/drm/i915/intel_fbdev.c +@@ -163,13 +163,6 @@ static int intelfb_alloc(struct drm_fb_helper *helper, + goto out; + } + +- /* Flush everything out, we'll be doing GTT only from now on */ +- ret = intel_pin_and_fence_fb_obj(NULL, fb, NULL, NULL, NULL); +- if (ret) { +- DRM_ERROR("failed to pin obj: %d\n", ret); +- goto out; +- } +- + mutex_unlock(&dev->struct_mutex); + + ifbdev->fb = to_intel_framebuffer(fb); +@@ -225,6 +218,14 @@ static int intelfb_create(struct drm_fb_helper *helper, + + mutex_lock(&dev->struct_mutex); + ++ /* Pin the GGTT vma for our access via info->screen_base. ++ * This also validates that any existing fb inherited from the ++ * BIOS is suitable for own access. ++ */ ++ ret = intel_pin_and_fence_fb_obj(NULL, &ifbdev->fb->base, NULL, NULL, NULL); ++ if (ret) ++ goto out_unlock; ++ + info = drm_fb_helper_alloc_fbi(helper); + if (IS_ERR(info)) { + ret = PTR_ERR(info); +@@ -286,6 +287,7 @@ out_destroy_fbi: + out_unpin: + i915_gem_object_ggtt_unpin(obj); + drm_gem_object_unreference(&obj->base); ++out_unlock: + mutex_unlock(&dev->struct_mutex); + return ret; + } +@@ -523,6 +525,10 @@ static const struct drm_fb_helper_funcs intel_fb_helper_funcs = { + static void intel_fbdev_destroy(struct drm_device *dev, + struct intel_fbdev *ifbdev) + { ++ /* We rely on the object-free to release the VMA pinning for ++ * the info->screen_base mmaping. Leaking the VMA is simpler than ++ * trying to rectify all the possible error paths leading here. ++ */ + + drm_fb_helper_unregister_fbi(&ifbdev->helper); + drm_fb_helper_release_fbi(&ifbdev->helper); +-- +2.7.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/Revert-xfs-clear-PF_NOFREEZE-for-xfsaild-kthread new/patches.fixes/Revert-xfs-clear-PF_NOFREEZE-for-xfsaild-kthread --- old/patches.fixes/Revert-xfs-clear-PF_NOFREEZE-for-xfsaild-kthread 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/Revert-xfs-clear-PF_NOFREEZE-for-xfsaild-kthread 2016-02-02 17:31:39.000000000 +0100 @@ -0,0 +1,38 @@ +From 3e85286e75224fa3f08bdad20e78c8327742634e Mon Sep 17 00:00:00 2001 +From: Dave Chinner <da...@fromorbit.com> +Date: Tue, 19 Jan 2016 08:21:46 +1100 +Subject: [PATCH] Revert "xfs: clear PF_NOFREEZE for xfsaild kthread" +Git-commit: 3e85286e75224fa3f08bdad20e78c8327742634e +Patch-mainline: 4.5-rc1 +References: boo#962250 + +This reverts commit 24ba16bb3d499c49974669cd8429c3e4138ab102 as it +prevents machines from suspending. This regression occurs when the +xfsaild is idle on entry to suspend, and so there s no activity to +wake it from it's idle sleep and hence see that it is supposed to +freeze. Hence the freezer times out waiting for it and suspend is +cancelled. + +There is no obvious fix for this short of freezing the filesystem +properly, so revert this change for now. + +Cc: <sta...@vger.kernel.org> # 4.4 +Signed-off-by: Dave Chinner <da...@fromorbit.com> +Acked-by: Jiri Kosina <jkos...@suse.cz> +Reviewed-by: Brian Foster <bfos...@redhat.com> +Acked-by: Takashi Iwai <ti...@suse.de> + +--- + fs/xfs/xfs_trans_ail.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/fs/xfs/xfs_trans_ail.c ++++ b/fs/xfs/xfs_trans_ail.c +@@ -497,7 +497,6 @@ xfsaild( + long tout = 0; /* milliseconds */ + + current->flags |= PF_MEMALLOC; +- set_freezable(); + + while (!kthread_should_stop()) { + if (tout && tout <= 20) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/keys-fix-leak.patch new/patches.fixes/keys-fix-leak.patch --- old/patches.fixes/keys-fix-leak.patch 2016-01-28 09:15:06.000000000 +0100 +++ new/patches.fixes/keys-fix-leak.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,78 +0,0 @@ -commit 5c65d8a9989a89901b87ad13a06011a9a0e3d828 -Author: Yevgeny Pats <yevg...@perception-point.io> -From: Yevgeny Pats <yevg...@perception-point.io> -Date: Mon Jan 11 12:05:28 2016 +0000 -Subject: [PATCH] KEYS: Fix Use-after-free vulnerability in keyring facility - -Patch-mainline: Not yet, waiting merge to upstream -References: bnc#962075, CVE-2016-0728 - - KEYS: Fix keyring ref leak in join_session_keyring() - - If a thread is asked to join as a session keyring the keyring that's already - set as its session, we leak a keyring reference. - - This can be tested with the following program: - - #include <stddef.h> - #include <stdio.h> - #include <sys/types.h> - #include <keyutils.h> - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - - If, after the program has run, there something like the following line in - /proc/keys: - - 3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - - with a usage count of 100 * the number of times the program has been run, - then the kernel is malfunctioning. If leaked-keyring has zero usages or - has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats <yevg...@perception-point.io> -Signed-off-by: David Howells <dhowe...@redhat.com> -Acked-by: Lee, Chun-Yi <j...@suse.com> - ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *na - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/sd-Optimal-I-O-size-is-in-bytes-not-sectors new/patches.fixes/sd-Optimal-I-O-size-is-in-bytes-not-sectors --- old/patches.fixes/sd-Optimal-I-O-size-is-in-bytes-not-sectors 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/sd-Optimal-I-O-size-is-in-bytes-not-sectors 2016-02-02 17:31:39.000000000 +0100 @@ -0,0 +1,37 @@ +From d0eb20a863ba7dc1d3f4b841639671f134560be2 Mon Sep 17 00:00:00 2001 +From: "Martin K. Petersen" <martin.peter...@oracle.com> +Date: Wed, 20 Jan 2016 11:01:23 -0500 +Subject: [PATCH] sd: Optimal I/O size is in bytes, not sectors +Git-commit: d0eb20a863ba7dc1d3f4b841639671f134560be2 +Patch-mainline: 4.5-rc2 +References: boo#961263 + +Commit ca369d51b3e1 ("block/sd: Fix device-imposed transfer length +limits") accidentally switched optimal I/O size reporting from bytes to +block layer sectors. + +Signed-off-by: Martin K. Petersen <martin.peter...@oracle.com> +Reported-by: Christian Borntraeger <borntrae...@de.ibm.com> +Tested-by: Christian Borntraeger <borntrae...@de.ibm.com> +Fixes: ca369d51b3e1649be4a72addd6d6a168cfb3f537 +Cc: sta...@vger.kernel.org # 4.4+ +Reviewed-by: James E.J. Bottomley <james.bottom...@hansenpartnership.com> +Reviewed-by: Ewan D. Milne <emi...@redhat.com> +Reviewed-by: Matthew R. Ochs <mro...@linux.vnet.ibm.com> +Acked-by: Takashi Iwai <ti...@suse.de> + +--- + drivers/scsi/sd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -2892,7 +2892,7 @@ static int sd_revalidate_disk(struct gen + sdkp->opt_xfer_blocks <= SD_DEF_XFER_BLOCKS && + sdkp->opt_xfer_blocks * sdp->sector_size >= PAGE_CACHE_SIZE) + rw_max = q->limits.io_opt = +- logical_to_sectors(sdp, sdkp->opt_xfer_blocks); ++ sdkp->opt_xfer_blocks * sdp->sector_size; + else + rw_max = BLK_DEF_MAX_SECTORS; + ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 2620 lines of diff (skipped) ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:22.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:22.000000000 +0100 @@ -27,6 +27,7 @@ # DO NOT MODIFY THEM! # Send separate patches upstream if you find a problem... ######################################################## + patches.kernel.org/patch-4.4.1 ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -267,6 +268,7 @@ ######################################################## # xfs ######################################################## + patches.fixes/Revert-xfs-clear-PF_NOFREEZE-for-xfsaild-kthread ######################################################## # other filesystem stuff @@ -328,12 +330,16 @@ patches.drivers/bcache-fix-writeback-thread-incomplete-stripes-starvation.patch patches.fixes/scsi-ignore-errors-from-scsi_dh_add_device + patches.fixes/sd-Optimal-I-O-size-is-in-bytes-not-sectors ######################################################## # DRM/Video ######################################################## patches.drivers/drm-i915-shut-up-gen8-SDE-irq-dmesg-noise patches.fixes/drm-radeon-Update-radeon_get_vblank_counter_kms.patch + patches.fixes/0001-drm-i915-Fix-double-unref-in-intelfb_alloc-failure-p.patch + patches.fixes/0002-drm-i915-Fix-failure-paths-around-initial-fbdev-allo.patch + patches.fixes/0003-drm-i915-Pin-the-ifbdev-for-the-info-system_base-GGT.patch ######################################################## # video4linux @@ -384,11 +390,13 @@ ########################################################## # Sound ########################################################## - patches.drivers/ALSA-hda-Flush-the-pending-probe-work-at-remove + patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice ######################################################## # Char / serial ######################################################## + patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch + patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch ######################################################## # Other driver fixes @@ -430,7 +438,6 @@ ########################################################## # CVE-2016-0728: kernel: Use-after-free vulnerability in keyring facility - patches.fixes/keys-fix-leak.patch ########################################################## # Audit ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.zz1aLr/_old 2016-02-17 10:23:22.000000000 +0100 +++ /var/tmp/diff_new_pack.zz1aLr/_new 2016-02-17 10:23:22.000000000 +0100 @@ -1,3 +1,3 @@ -2016-01-28 09:15:06 +0100 -GIT Revision: 9f68b909e79a8520cee723b728fec80e33eaef6b +2016-02-15 12:03:27 +0100 +GIT Revision: 6398c2df356e9052b52ba35e636955cf7a7154d9 GIT Branch: stable