From bdec0fe8f0345ab494b80c14a509070c1932df32 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 25 Sep 2016 01:33:08 +0100 Subject: [PATCH] Update to 4.7.5 --- debian/changelog | 137 +++++++++++++++++- ...remature-oom-killer-invocation-for-h.patch | 121 ---------------- ...er-free-in-tcp_xmit_retransmit_queue.patch | 50 ------- .../uaccess-avoid-abi-change-in-4.7.5.patch | 33 +++++ .../debian/uio-fix-abi-change-in-4.7.5.patch | 28 ++++ debian/patches/series | 4 +- 6 files changed, 199 insertions(+), 174 deletions(-) delete mode 100644 debian/patches/bugfix/all/mm-oom-prevent-premature-oom-killer-invocation-for-h.patch delete mode 100644 debian/patches/bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch create mode 100644 debian/patches/debian/uaccess-avoid-abi-change-in-4.7.5.patch create mode 100644 debian/patches/debian/uio-fix-abi-change-in-4.7.5.patch diff --git a/debian/changelog b/debian/changelog index 890cd956b2ee..c78141884dd6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,144 @@ -linux (4.7.4-3) UNRELEASED; urgency=medium +linux (4.7.5-1) UNRELEASED; urgency=medium + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 + - [armhf] clocksource/drivers/sun4i: Clear interrupts after stopping timer + in probe function + - fscrypto: require write access to mount to set encryption policy + - [arm64] drm/msm: protect against faults from copy_from_user() in submit + ioctl + - bpf: fix method of PTR_TO_PACKET reg id generation + - ipv4: panic in leaf_walk_rcu due to stale node pointer + - vti: flush x-netns xfrm cache when vti interface is removed + - bpf: fix write helpers with regards to non-linear parts + - net/irda: handle iriap_register_lsap() allocation failure + - net/sctp: always initialise sctp_ht_iter::start_fail + - net: ipv6: Do not keep IPv6 addresses when IPv6 is disabled + - tipc: fix NULL pointer dereference in shutdown() + - net/mlx5: Fix pci error recovery flow + - net/mlx5: Added missing check of msg length in verifying its signature + - net/mlx5e: Use correct flow dissector key on flower offloading + - net sched: fix encoding to use real length + - udp: fix poll() issue with zero sized packets + - tcp: properly scale window in tcp_v[46]_reqsk_send_ack() + - sctp: fix overrun in sctp_diag_dump_one() + - tun: fix transmit timestamp support + - [armhf] net: dsa: bcm_sf2: Fix race condition while unmasking interrupts + - Revert "phy: IRQ cannot be shared" + - net: smc91x: fix SMC accesses + - bridge: re-introduce 'fix parsing of MLDv2 reports' + - bonding: Fix bonding crash + - Revert "af_unix: Fix splice-bind deadlock" + - af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock' + - ipv6: release dst in ping_v6_sendmsg + - [arm64] bnxt_en: Fix TX push operation on ARM64. + - ipv6: addrconf: fix dev refcont leak when DAD failed + - tcp: fastopen: avoid negative sk_forward_alloc + - net/mlx5e: Fix parsing of vlan packets when updating lro header + - tcp: cwnd does not increase in TCP YeAH + - [powerpc*] tm: do not use r13 for tabort_syscall + - [powerpc*] powernv : Drop reference added by kset_find_obj() + - [powerpc*] sysdev: cpm: fix gpio save_regs functions + - [powerpc*] mm: Don't alias user region to other regions below PAGE_OFFSET + - [powerpc*] powernv: Fix corrupted PE allocation bitmap on releasing PE + - kernfs: don't depend on d_find_any_alias() when generating notifications + - pNFS/flexfiles: Fix an Oopsable condition when connection to the DS fails + - pNFS: The client must not do I/O to the DS if it's lease has expired + - NFSv4.1: Fix Oopsable condition in server callback races + - NFSv4.x: Fix a refcount leak in nfs_callback_up_net + - nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock + - pNFS: Ensure LAYOUTGET and LAYOUTRETURN are properly serialised + - NFSv4.1: Fix the CREATE_SESSION slot number accounting + - kexec: fix double-free when failing to relocate the purgatory + - mm, mempolicy: task->mempolicy must be NULL before dropping final + reference + - ahci: disable correct irq for dummy ports + - audit: fix exe_file access in audit_exe_compare + - dm flakey: fix reads to be issued if drop_writes configured + - IB/hfi1,IB/qib: Fix qp_stats sleep with rcu read lock held + - IB/uverbs: Fix race between uverbs_close and remove_one + - IB/hfi1: Reset QSFP on every run through channel tuning + - [amd64] mm: fix cache mode of dax pmd mappings + - [x86] paravirt: Do not trace _paravirt_ident_*() functions + - [x86] AMD: Apply erratum 665 on machines without a BIOS fix + - [s390x] KVM: don't use current->thread.fpu.* when accessing registers + - [armhf,arm64] kvm-arm: Unmap shadow pagetables properly + - [x86] kvm: correctly reset dest_map->vector when restoring LAPIC state + - iio: sw-trigger: Fix config group initialization + - [armhf] iio: adc: rockchip_saradc: reset saradc controller before + programming it + - [armhf] iio: adc: ti_am335x_adc: Protect FIFO1 from concurrent access + - [armhf] iio: adc: ti_am335x_adc: Increase timeout value waiting for ADC + sample + - iio:ti-ads1015: fix a wrong pointer definition. + - [x86] iio: accel: bmc150: reset chip at init time + - iio: fix pressure data output unit in hid-sensor-attributes + - iio:core: fix IIO_VAL_FRACTIONAL sign handling + - iio: ensure ret is initialized to zero before entering do loop + - serial: 8250_mid: fix divide error bug if baud rate is 0 + - serial: 8250: added acces i/o products quad and octal serial cards + - [armhf,arm64] usb: chipidea: udc: fix NULL ptr dereference in + isr_setup_status_phase + - USB: change bInterval default to 10 ms + - devpts: return NULL pts 'priv' entry for non-devpts nodes + - cpuset: make sure new tasks conform to the current config of the cpuset + - [armhf] dts: rockchip: add reset node for the exist saradc SoCs + - [armhf] imx6: add missing BM_CLPCR_BYP_MMDC_CH0_LPM_HS setting for imx6ul + - [armhf] imx6: add missing BM_CLPCR_BYPASS_PMIC_READY setting for imx6sx + - [armel] kirkwood: ib62x0: fix size of u-boot environment partition + - [armhf] OMAP3: hwmod data: Add sysc information for DSI + - [armel] dts: kirkwood: Fix PCIe label on OpenRD + - [armhf] dts: imx6qdl: Fix SPDIF regression + - [armhf] dts: armada-388-clearfog: number LAN ports properly + - dm log writes: fix check of kthread_run() return value + - dm crypt: fix free of bad values after tfm allocation failure + - dm log writes: move IO accounting earlier to fix error path + - dm crypt: fix error with too large bios + - [armhf] pinctrl: sunxi: fix uart1 CTS/RTS pins at PG on A23/A33 + - [armhf] memory: omap-gpmc: allow probe of child nodes to fail + - [arm64] spinlocks: implement smp_mb__before_spinlock() as smp_mb() + - crypto: cryptd - initialize child shash_desc on import + - Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns + - fuse: direct-io: don't dirty ITER_BVEC pages + - xhci: fix null pointer dereference in stop command timeout function + - brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() + - md-cluster: make md-cluster also can work when compiled into kernel + - ath9k: fix using sta->drv_priv before initializing it + - ath9k: bring back direction setting in ath9k_{start_stop} + - [x86] perf/intel: Fix PEBSv3 record drain + - [x86] perf/intel/cqm: Check cqm/mbm enabled state in event init + - [x86] perf/amd: Make HW_CACHE_REFERENCES and HW_CACHE_MISSES measure L2 + - [x86] perf/intel/pt: Fix an off-by-one in address filter configuration + - [x86] perf/intel/pt: Fix kernel address filter's offset validation + - [x86] perf/intel/pt: Do validate the size of a kernel address filter + - Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel" + - sched/core: Fix a race between try_to_wake_up() and a woken up task + - ipv6: Don't unset flowi6_proto in ipxip6_tnl_xmit() + - efi: Make for_each_efi_memory_desc_in_map() cope with running on Xen + - efi/libstub: Allocate headspace in efi_get_memory_map() + - efi/libstub: Introduce ExitBootServices helper + - efi/libstub: Use efi_exit_boot_services() in FDT + - [x86] efi: Use efi_exit_boot_services() + - [powerpc,powerpcspe] Fix csum_partial_copy_generic() + - [powerpc,powerpcspe] Fix again csum_partial_copy_generic() + - [x86] drm/i915: Ignore OpRegion panel type except on select machines + - [x86] drm: Only use compat ioctl for addfb2 on X86/IA64 + - svcauth_gss: Revert 64c59a3726f2 ("Remove unnecessary allocation") + - genirq: Provide irq_gc_{lock_irqsave,unlock_irqrestore}() helpers + - fix iov_iter_fault_in_readable() + - [x86] fix minor infoleak in get_user_ex() + - [s390x] get_user() should zero on failure + - asm-generic: make get_user() clear the destination on errors + - asm-generic: make copy_from_user() zero the destination properly + - [alpha,hppa,mips*,powerpc,powerpcspe,sh4] make copy_from_user() zero the + destination properly + + [ Ben Hutchings ] * [hppa,mips*,powerpc*] linux-image: Strip debug symbols from vmlinux (really closes: #837588) * [hppa] tracing: Re-enable FTRACE * [powerpc,powerpcspe,ppc64] linux-image: Suppress automatic dbgsym packages + * uaccess,uio: Fix ABI changes in 4.7.5 -- Ben Hutchings Fri, 23 Sep 2016 00:50:40 +0100 diff --git a/debian/patches/bugfix/all/mm-oom-prevent-premature-oom-killer-invocation-for-h.patch b/debian/patches/bugfix/all/mm-oom-prevent-premature-oom-killer-invocation-for-h.patch deleted file mode 100644 index 85f96ad2b73e..000000000000 --- a/debian/patches/bugfix/all/mm-oom-prevent-premature-oom-killer-invocation-for-h.patch +++ /dev/null @@ -1,121 +0,0 @@ -From: Michal Hocko -Date: Thu, 1 Sep 2016 16:14:41 -0700 -Subject: mm, oom: prevent premature OOM killer invocation for high order - request -Origin: https://git.kernel.org/linus/6b4e3181d7bd5ca5ab6f45929e4a5ffa7ab4ab7f - -There have been several reports about pre-mature OOM killer invocation -in 4.7 kernel when order-2 allocation request (for the kernel stack) -invoked OOM killer even during basic workloads (light IO or even kernel -compile on some filesystems). In all reported cases the memory is -fragmented and there are no order-2+ pages available. There is usually -a large amount of slab memory (usually dentries/inodes) and further -debugging has shown that there are way too many unmovable blocks which -are skipped during the compaction. Multiple reporters have confirmed -that the current linux-next which includes [1] and [2] helped and OOMs -are not reproducible anymore. - -A simpler fix for the late rc and stable is to simply ignore the -compaction feedback and retry as long as there is a reclaim progress and -we are not getting OOM for order-0 pages. We already do that for -CONFING_COMPACTION=n so let's reuse the same code when compaction is -enabled as well. - -[1] http://lkml.kernel.org/r/20160810091226.6709-1-vbabka@suse.cz -[2] http://lkml.kernel.org/r/f7a9ea9d-bb88-bfd6-e340-3a933559305a@suse.cz - -Fixes: 0a0337e0d1d1 ("mm, oom: rework oom detection") -Link: http://lkml.kernel.org/r/20160823074339.GB23577@dhcp22.suse.cz -Signed-off-by: Michal Hocko -Tested-by: Olaf Hering -Tested-by: Ralf-Peter Rohbeck -Cc: Markus Trippelsdorf -Cc: Arkadiusz Miskiewicz -Cc: Ralf-Peter Rohbeck -Cc: Jiri Slaby -Cc: Vlastimil Babka -Cc: Joonsoo Kim -Cc: Tetsuo Handa -Cc: David Rientjes -Cc: [4.7.x] -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds -[bwh: Backported to 4.7: should_compact_retry() takes a parameter of type - enum migrate_node * instead of enum compact_priority *] ---- - mm/page_alloc.c | 51 ++------------------------------------------------- - 1 file changed, 2 insertions(+), 49 deletions(-) - ---- a/mm/page_alloc.c -+++ b/mm/page_alloc.c -@@ -3254,53 +3254,6 @@ __alloc_pages_direct_compact(gfp_t gfp_m - return NULL; - } - --static inline bool --should_compact_retry(struct alloc_context *ac, int order, int alloc_flags, -- enum compact_result compact_result, enum migrate_mode *migrate_mode, -- int compaction_retries) --{ -- int max_retries = MAX_COMPACT_RETRIES; -- -- if (!order) -- return false; -- -- /* -- * compaction considers all the zone as desperately out of memory -- * so it doesn't really make much sense to retry except when the -- * failure could be caused by weak migration mode. -- */ -- if (compaction_failed(compact_result)) { -- if (*migrate_mode == MIGRATE_ASYNC) { -- *migrate_mode = MIGRATE_SYNC_LIGHT; -- return true; -- } -- return false; -- } -- -- /* -- * make sure the compaction wasn't deferred or didn't bail out early -- * due to locks contention before we declare that we should give up. -- * But do not retry if the given zonelist is not suitable for -- * compaction. -- */ -- if (compaction_withdrawn(compact_result)) -- return compaction_zonelist_suitable(ac, order, alloc_flags); -- -- /* -- * !costly requests are much more important than __GFP_REPEAT -- * costly ones because they are de facto nofail and invoke OOM -- * killer to move on while costly can fail and users are ready -- * to cope with that. 1/4 retries is rather arbitrary but we -- * would need much more detailed feedback from compaction to -- * make a better decision. -- */ -- if (order > PAGE_ALLOC_COSTLY_ORDER) -- max_retries /= 4; -- if (compaction_retries <= max_retries) -- return true; -- -- return false; --} - #else - static inline struct page * - __alloc_pages_direct_compact(gfp_t gfp_mask, unsigned int order, -@@ -3311,6 +3264,8 @@ __alloc_pages_direct_compact(gfp_t gfp_m - return NULL; - } - -+#endif /* CONFIG_COMPACTION */ -+ - static inline bool - should_compact_retry(struct alloc_context *ac, unsigned int order, int alloc_flags, - enum compact_result compact_result, -@@ -3337,7 +3292,6 @@ should_compact_retry(struct alloc_contex - } - return false; - } --#endif /* CONFIG_COMPACTION */ - - /* Perform direct synchronous page reclaim */ - static int diff --git a/debian/patches/bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch b/debian/patches/bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch deleted file mode 100644 index 47edeb396cd6..000000000000 --- a/debian/patches/bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Eric Dumazet -Date: Wed, 17 Aug 2016 05:56:26 -0700 -Subject: tcp: fix use after free in tcp_xmit_retransmit_queue() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=bb1fceca22492109be12640d49f5ea5a544c6bb4 - -When tcp_sendmsg() allocates a fresh and empty skb, it puts it at the -tail of the write queue using tcp_add_write_queue_tail() - -Then it attempts to copy user data into this fresh skb. - -If the copy fails, we undo the work and remove the fresh skb. - -Unfortunately, this undo lacks the change done to tp->highest_sack and -we can leave a dangling pointer (to a freed skb) - -Later, tcp_xmit_retransmit_queue() can dereference this pointer and -access freed memory. For regular kernels where memory is not unmapped, -this might cause SACK bugs because tcp_highest_sack_seq() is buggy, -returning garbage instead of tp->snd_nxt, but with various debug -features like CONFIG_DEBUG_PAGEALLOC, this can crash the kernel. - -This bug was found by Marco Grassi thanks to syzkaller. - -Fixes: 6859d49475d4 ("[TCP]: Abstract tp->highest_sack accessing & point to next skb") -Reported-by: Marco Grassi -Signed-off-by: Eric Dumazet -Cc: Ilpo Järvinen -Cc: Yuchung Cheng -Cc: Neal Cardwell -Acked-by: Neal Cardwell -Reviewed-by: Cong Wang -Signed-off-by: David S. Miller ---- - include/net/tcp.h | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/include/net/tcp.h -+++ b/include/net/tcp.h -@@ -1522,6 +1522,8 @@ static inline void tcp_check_send_head(s - { - if (sk->sk_send_head == skb_unlinked) - sk->sk_send_head = NULL; -+ if (tcp_sk(sk)->highest_sack == skb_unlinked) -+ tcp_sk(sk)->highest_sack = NULL; - } - - static inline void tcp_init_send_head(struct sock *sk) diff --git a/debian/patches/debian/uaccess-avoid-abi-change-in-4.7.5.patch b/debian/patches/debian/uaccess-avoid-abi-change-in-4.7.5.patch new file mode 100644 index 000000000000..3296e44b92d6 --- /dev/null +++ b/debian/patches/debian/uaccess-avoid-abi-change-in-4.7.5.patch @@ -0,0 +1,33 @@ +From: Ben Hutchings +Date: Sun, 25 Sep 2016 01:36:13 +0100 +Subject: uaccess: Avoid ABI change in 4.7.5 +Forwarded: not-needed + +Hide the new #include's from genksyms. I'm not sure whether they'll +change symbol versions but it's a possibility. + +--- +--- a/arch/mips/include/asm/uaccess.h ++++ b/arch/mips/include/asm/uaccess.h +@@ -14,7 +14,9 @@ + #include + #include + #include ++#ifndef __GENKSYMS__ + #include ++#endif + #include + + /* +--- a/arch/parisc/include/asm/uaccess.h ++++ b/arch/parisc/include/asm/uaccess.h +@@ -10,7 +10,9 @@ + #include + + #include ++#ifndef __GENKSYMS__ + #include ++#endif + + #define VERIFY_READ 0 + #define VERIFY_WRITE 1 diff --git a/debian/patches/debian/uio-fix-abi-change-in-4.7.5.patch b/debian/patches/debian/uio-fix-abi-change-in-4.7.5.patch new file mode 100644 index 000000000000..32d03512d0b9 --- /dev/null +++ b/debian/patches/debian/uio-fix-abi-change-in-4.7.5.patch @@ -0,0 +1,28 @@ +From: Ben Hutchings +Date: Sun, 25 Sep 2016 01:42:34 +0100 +Subject: uio: Fix ABI change in 4.7.5 +Forwarded: not-needed + +iov_iter_fault_in_readable() and +iov_iter_fault_in_multipages_readable() are now equivalent, with the +latter name defined as a macro. Restore it as a real function too for +ABI compatibility. + +--- +--- a/lib/iov_iter.c ++++ b/lib/iov_iter.c +@@ -301,6 +301,14 @@ done: + return wanted - bytes; + } + ++/* bwh: Retained for ABI compatibility */ ++#undef iov_iter_fault_in_multipages_readable ++int iov_iter_fault_in_multipages_readable(struct iov_iter *i, size_t bytes) ++{ ++ return iov_iter_fault_in_readable(i, bytes); ++} ++EXPORT_SYMBOL(iov_iter_fault_in_multipages_readable); ++ + /* + * Fault in one or more iovecs of the given iov_iter, to a maximum length of + * bytes. For each iovec, fault in each page that constitutes the iovec. diff --git a/debian/patches/series b/debian/patches/series index 9956b1d55abe..52fdabde0bb7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -74,7 +74,6 @@ bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch -bugfix/all/mm-oom-prevent-premature-oom-killer-invocation-for-h.patch # Miscellaneous features @@ -111,11 +110,12 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa # Security fixes bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/all/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch # ABI maintenance debian/i8042-revert-abi-break-in-4.7.3.patch debian/revert-arm64-define-at_vector_size_arch-for-arch_dlinfo.patch +debian/uaccess-avoid-abi-change-in-4.7.5.patch +debian/uio-fix-abi-change-in-4.7.5.patch # Tools bug fixes bugfix/all/usbip-document-tcp-wrappers.patch