Linux v4.5.2
This commit is contained in:
parent
81f7b31b57
commit
a6422490d5
|
@ -1,45 +0,0 @@
|
|||
From 79abe2bd501d628b165f323098d6972d69bd13d7 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Wed, 16 Mar 2016 13:20:51 +0100
|
||||
Subject: [PATCH] uas: Limit qdepth at the scsi-host level
|
||||
|
||||
Commit 64d513ac31bd ("scsi: use host wide tags by default") causes
|
||||
the scsi-core to queue more cmnds then we can handle on devices with
|
||||
multiple LUNs, limit the qdepth at the scsi-host level instead of
|
||||
per slave to fix this.
|
||||
|
||||
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1315013
|
||||
Cc: stable@vger.kernel.org # 4.4.x and 4.5.x
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
---
|
||||
drivers/usb/storage/uas.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
|
||||
index c90a7e4..b5cb7ab 100644
|
||||
--- a/drivers/usb/storage/uas.c
|
||||
+++ b/drivers/usb/storage/uas.c
|
||||
@@ -800,7 +800,6 @@ static int uas_slave_configure(struct scsi_device *sdev)
|
||||
if (devinfo->flags & US_FL_BROKEN_FUA)
|
||||
sdev->broken_fua = 1;
|
||||
|
||||
- scsi_change_queue_depth(sdev, devinfo->qdepth - 2);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -932,6 +931,12 @@ static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id)
|
||||
if (result)
|
||||
goto set_alt0;
|
||||
|
||||
+ /*
|
||||
+ * 1 tag is reserved for untagged commands +
|
||||
+ * 1 tag to avoid of by one errors in some bridge firmwares
|
||||
+ */
|
||||
+ shost->can_queue = devinfo->qdepth - 2;
|
||||
+
|
||||
usb_set_intfdata(intf, shost);
|
||||
result = scsi_add_host(shost, &intf->dev);
|
||||
if (result)
|
||||
--
|
||||
2.7.3
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
From 580549ef6b3e3fb3b958de490ca99f43a089a2cf Mon Sep 17 00:00:00 2001
|
||||
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Date: Fri, 25 Mar 2016 15:26:55 +0100
|
||||
Subject: [PATCH] HID: wacom: fix Bamboo ONE oops
|
||||
|
||||
Looks like recent changes in the Wacom driver made the Bamboo ONE crashes.
|
||||
The tablet behaves as if it was a regular Bamboo device with pen, touch
|
||||
and pad, but there is no physical pad connected to it.
|
||||
The weird part is that the pad is still sending events and given that
|
||||
there is no input node connected to it, we get anull pointer exception.
|
||||
|
||||
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1317116
|
||||
|
||||
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Acked-by: Ping Cheng <pingc@wacom.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
||||
---
|
||||
drivers/hid/wacom_wac.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
|
||||
index bd198bbd4df0..02c4efea241c 100644
|
||||
--- a/drivers/hid/wacom_wac.c
|
||||
+++ b/drivers/hid/wacom_wac.c
|
||||
@@ -2426,6 +2426,17 @@ void wacom_setup_device_quirks(struct wacom *wacom)
|
||||
}
|
||||
|
||||
/*
|
||||
+ * Hack for the Bamboo One:
|
||||
+ * the device presents a PAD/Touch interface as most Bamboos and even
|
||||
+ * sends ghosts PAD data on it. However, later, we must disable this
|
||||
+ * ghost interface, and we can not detect it unless we set it here
|
||||
+ * to WACOM_DEVICETYPE_PAD or WACOM_DEVICETYPE_TOUCH.
|
||||
+ */
|
||||
+ if (features->type == BAMBOO_PEN &&
|
||||
+ features->pktlen == WACOM_PKGLEN_BBTOUCH3)
|
||||
+ features->device_type |= WACOM_DEVICETYPE_PAD;
|
||||
+
|
||||
+ /*
|
||||
* Raw Wacom-mode pen and touch events both come from interface
|
||||
* 0, whose HID descriptor has an application usage of 0xFF0D
|
||||
* (i.e., WACOM_VENDORDEFINED_PEN). We route pen packets back
|
||||
--
|
||||
2.5.5
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
From 208fae5c3b9431013ad7bcea07cbcee114e7d163 Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Pitre <nicolas.pitre@linaro.org>
|
||||
Date: Mon, 14 Mar 2016 02:55:45 +0100
|
||||
Subject: ARM: 8550/1: protect idiv patching against undefined gcc behavior
|
||||
|
||||
It was reported that a kernel with CONFIG_ARM_PATCH_IDIV=y stopped
|
||||
booting when compiled with the upcoming gcc 6. Turns out that turning
|
||||
a function address into a writable array is undefined and gcc 6 decided
|
||||
it was OK to omit the store to the first word of the function while
|
||||
still preserving the store to the second word.
|
||||
|
||||
Even though gcc 6 is now fixed to behave more coherently, it is a
|
||||
mystery that gcc 4 and gcc 5 actually produce wanted code in the kernel.
|
||||
And in fact the reduced test case to illustrate the issue does indeed
|
||||
break with gcc < 6 as well.
|
||||
|
||||
In any case, let's guard the kernel against undefined compiler behavior
|
||||
by hiding the nature of the array location as suggested by gcc
|
||||
developers.
|
||||
|
||||
Reference: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70128
|
||||
|
||||
Signed-off-by: Nicolas Pitre <nico@linaro.org>
|
||||
Reported-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
|
||||
Cc: Arnd Bergmann <arnd@arndb.de>
|
||||
Cc: stable@vger.kernel.org # v4.5
|
||||
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
|
||||
---
|
||||
arch/arm/kernel/setup.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
|
||||
index 139791e..a28fce0 100644
|
||||
--- a/arch/arm/kernel/setup.c
|
||||
+++ b/arch/arm/kernel/setup.c
|
||||
@@ -430,11 +430,13 @@ static void __init patch_aeabi_idiv(void)
|
||||
pr_info("CPU: div instructions available: patching division code\n");
|
||||
|
||||
fn_addr = ((uintptr_t)&__aeabi_uidiv) & ~1;
|
||||
+ asm ("" : "+g" (fn_addr));
|
||||
((u32 *)fn_addr)[0] = udiv_instruction();
|
||||
((u32 *)fn_addr)[1] = bx_lr_instruction();
|
||||
flush_icache_range(fn_addr, fn_addr + 8);
|
||||
|
||||
fn_addr = ((uintptr_t)&__aeabi_idiv) & ~1;
|
||||
+ asm ("" : "+g" (fn_addr));
|
||||
((u32 *)fn_addr)[0] = sdiv_instruction();
|
||||
((u32 *)fn_addr)[1] = bx_lr_instruction();
|
||||
flush_icache_range(fn_addr, fn_addr + 8);
|
||||
--
|
||||
cgit v0.12
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
From patchwork Mon Nov 23 09:32:42 2015
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: [09/29] drm/udl: Use unlocked gem unreferencing
|
||||
From: Daniel Vetter <daniel.vetter@ffwll.ch>
|
||||
X-Patchwork-Id: 65722
|
||||
Message-Id: <1448271183-20523-10-git-send-email-daniel.vetter@ffwll.ch>
|
||||
To: DRI Development <dri-devel@lists.freedesktop.org>
|
||||
Cc: Daniel Vetter <daniel.vetter@intel.com>,
|
||||
Daniel Vetter <daniel.vetter@ffwll.ch>,
|
||||
Intel Graphics Development <intel-gfx@lists.freedesktop.org>,
|
||||
Dave Airlie <airlied@redhat.com>
|
||||
Date: Mon, 23 Nov 2015 10:32:42 +0100
|
||||
|
||||
For drm_gem_object_unreference callers are required to hold
|
||||
dev->struct_mutex, which these paths don't. Enforcing this requirement
|
||||
has become a bit more strict with
|
||||
|
||||
commit ef4c6270bf2867e2f8032e9614d1a8cfc6c71663
|
||||
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
|
||||
Date: Thu Oct 15 09:36:25 2015 +0200
|
||||
|
||||
drm/gem: Check locking in drm_gem_object_unreference
|
||||
|
||||
Cc: Dave Airlie <airlied@redhat.com>
|
||||
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
|
||||
---
|
||||
drivers/gpu/drm/udl/udl_fb.c | 2 +-
|
||||
drivers/gpu/drm/udl/udl_gem.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
|
||||
index 200419d4d43c..18a2acbccb7d 100644
|
||||
--- a/drivers/gpu/drm/udl/udl_fb.c
|
||||
+++ b/drivers/gpu/drm/udl/udl_fb.c
|
||||
@@ -538,7 +538,7 @@ static int udlfb_create(struct drm_fb_helper *helper,
|
||||
out_destroy_fbi:
|
||||
drm_fb_helper_release_fbi(helper);
|
||||
out_gfree:
|
||||
- drm_gem_object_unreference(&ufbdev->ufb.obj->base);
|
||||
+ drm_gem_object_unreference_unlocked(&ufbdev->ufb.obj->base);
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
diff --git a/drivers/gpu/drm/udl/udl_gem.c b/drivers/gpu/drm/udl/udl_gem.c
|
||||
index 2a0a784ab6ee..d7528e0d8442 100644
|
||||
--- a/drivers/gpu/drm/udl/udl_gem.c
|
||||
+++ b/drivers/gpu/drm/udl/udl_gem.c
|
||||
@@ -52,7 +52,7 @@ udl_gem_create(struct drm_file *file,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- drm_gem_object_unreference(&obj->base);
|
||||
+ drm_gem_object_unreference_unlocked(&obj->base);
|
||||
*handle_p = handle;
|
||||
return 0;
|
||||
}
|
|
@ -1,97 +0,0 @@
|
|||
From fbd40ea0180a2d328c5adc61414dc8bab9335ce2 Mon Sep 17 00:00:00 2001
|
||||
From: "David S. Miller" <davem@davemloft.net>
|
||||
Date: Sun, 13 Mar 2016 23:28:00 -0400
|
||||
Subject: ipv4: Don't do expensive useless work during inetdev destroy.
|
||||
|
||||
When an inetdev is destroyed, every address assigned to the interface
|
||||
is removed. And in this scenerio we do two pointless things which can
|
||||
be very expensive if the number of assigned interfaces is large:
|
||||
|
||||
1) Address promotion. We are deleting all addresses, so there is no
|
||||
point in doing this.
|
||||
|
||||
2) A full nf conntrack table purge for every address. We only need to
|
||||
do this once, as is already caught by the existing
|
||||
masq_dev_notifier so masq_inet_event() can skip this.
|
||||
|
||||
Reported-by: Solar Designer <solar@openwall.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
Tested-by: Cyrill Gorcunov <gorcunov@openvz.org>
|
||||
---
|
||||
net/ipv4/devinet.c | 4 ++++
|
||||
net/ipv4/fib_frontend.c | 4 ++++
|
||||
net/ipv4/netfilter/nf_nat_masquerade_ipv4.c | 12 ++++++++++--
|
||||
3 files changed, 18 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
|
||||
index 65e76a4..e333bc8 100644
|
||||
--- a/net/ipv4/devinet.c
|
||||
+++ b/net/ipv4/devinet.c
|
||||
@@ -334,6 +334,9 @@ static void __inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap,
|
||||
|
||||
ASSERT_RTNL();
|
||||
|
||||
+ if (in_dev->dead)
|
||||
+ goto no_promotions;
|
||||
+
|
||||
/* 1. Deleting primary ifaddr forces deletion all secondaries
|
||||
* unless alias promotion is set
|
||||
**/
|
||||
@@ -380,6 +383,7 @@ static void __inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap,
|
||||
fib_del_ifaddr(ifa, ifa1);
|
||||
}
|
||||
|
||||
+no_promotions:
|
||||
/* 2. Unlink it */
|
||||
|
||||
*ifap = ifa1->ifa_next;
|
||||
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
|
||||
index 4734475..21add55 100644
|
||||
--- a/net/ipv4/fib_frontend.c
|
||||
+++ b/net/ipv4/fib_frontend.c
|
||||
@@ -922,6 +922,9 @@ void fib_del_ifaddr(struct in_ifaddr *ifa, struct in_ifaddr *iprim)
|
||||
subnet = 1;
|
||||
}
|
||||
|
||||
+ if (in_dev->dead)
|
||||
+ goto no_promotions;
|
||||
+
|
||||
/* Deletion is more complicated than add.
|
||||
* We should take care of not to delete too much :-)
|
||||
*
|
||||
@@ -997,6 +1000,7 @@ void fib_del_ifaddr(struct in_ifaddr *ifa, struct in_ifaddr *iprim)
|
||||
}
|
||||
}
|
||||
|
||||
+no_promotions:
|
||||
if (!(ok & BRD_OK))
|
||||
fib_magic(RTM_DELROUTE, RTN_BROADCAST, ifa->ifa_broadcast, 32, prim);
|
||||
if (subnet && ifa->ifa_prefixlen < 31) {
|
||||
diff --git a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
|
||||
index c6eb421..ea91058 100644
|
||||
--- a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
|
||||
+++ b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
|
||||
@@ -108,10 +108,18 @@ static int masq_inet_event(struct notifier_block *this,
|
||||
unsigned long event,
|
||||
void *ptr)
|
||||
{
|
||||
- struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev;
|
||||
+ struct in_device *idev = ((struct in_ifaddr *)ptr)->ifa_dev;
|
||||
struct netdev_notifier_info info;
|
||||
|
||||
- netdev_notifier_info_init(&info, dev);
|
||||
+ /* The masq_dev_notifier will catch the case of the device going
|
||||
+ * down. So if the inetdev is dead and being destroyed we have
|
||||
+ * no work to do. Otherwise this is an individual address removal
|
||||
+ * and we have to perform the flush.
|
||||
+ */
|
||||
+ if (idev->dead)
|
||||
+ return NOTIFY_DONE;
|
||||
+
|
||||
+ netdev_notifier_info_init(&info, idev->dev);
|
||||
return masq_device_event(this, event, &info);
|
||||
}
|
||||
|
||||
--
|
||||
cgit v0.12
|
||||
|
19
kernel.spec
19
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 1
|
||||
%define stable_update 2
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -509,8 +509,6 @@ Patch423: Initial-AllWinner-A64-and-PINE64-support.patch
|
|||
# http://www.spinics.net/lists/arm-kernel/msg493431.html
|
||||
Patch424: efi-arm64-don-t-apply-MEMBLOCK_NOMAP-to-UEFI-memory-map-mapping.patch
|
||||
|
||||
Patch425: arm-fix-idiv.patch
|
||||
|
||||
# http://patchwork.ozlabs.org/patch/587554/
|
||||
Patch430: ARM-tegra-usb-no-reset.patch
|
||||
|
||||
|
@ -616,9 +614,6 @@ Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
|
|||
#rhbz 1286293
|
||||
Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
|
||||
|
||||
#rhbz 1295646
|
||||
Patch621: drm-udl-Use-unlocked-gem-unreferencing.patch
|
||||
|
||||
#Required for some persistent memory options
|
||||
Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch
|
||||
|
||||
|
@ -634,21 +629,12 @@ Patch664: netfilter-x_tables-check-for-size-overflow.patch
|
|||
#CVE-2016-3134 rhbz 1317383 1317384
|
||||
Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
|
||||
|
||||
#CVE-2016-3135 rhbz 1318172 1318270
|
||||
Patch666: ipv4-Dont-do-expensive-useless-work-during-inetdev-des.patch
|
||||
|
||||
#rhbz 1315013
|
||||
Patch679: 0001-uas-Limit-qdepth-at-the-scsi-host-level.patch
|
||||
|
||||
#CVE-2016-2187 rhbz 1317017 1317010
|
||||
Patch686: input-gtco-fix-crash-on-detecting-device-without-end.patch
|
||||
|
||||
# CVE-2016-3672 rhbz 1324749 1324750
|
||||
Patch689: x86-mm-32-Enable-full-randomization-on-i386-and-X86_.patch
|
||||
|
||||
#rhbz 1317116
|
||||
Patch697: HID-wacom-fix-Bamboo-ONE-oops.patch
|
||||
|
||||
#rhbz 1309980
|
||||
Patch698: 0001-ACPI-processor-Request-native-thermal-interrupt-hand.patch
|
||||
|
||||
|
@ -2179,6 +2165,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Wed Apr 20 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.5.2-300
|
||||
- Linux v4.5.2
|
||||
|
||||
* Tue Apr 19 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2016-3955 usbip: buffer overflow by trusting length of incoming packets (rhbz 1328478 1328479)
|
||||
|
||||
|
|
Loading…
Reference in New Issue