Linux v4.5.2

0001-uas-Limit-qdepth-at-the-scsi-host-level.patch

@@ -1,45 +0,0 @@
-From 79abe2bd501d628b165f323098d6972d69bd13d7 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Wed, 16 Mar 2016 13:20:51 +0100
-Subject: [PATCH] uas: Limit qdepth at the scsi-host level
-
-Commit 64d513ac31bd ("scsi: use host wide tags by default") causes
-the scsi-core to queue more cmnds then we can handle on devices with
-multiple LUNs, limit the qdepth at the scsi-host level instead of
-per slave to fix this.
-
-BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1315013
-Cc: stable@vger.kernel.org # 4.4.x and 4.5.x
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- drivers/usb/storage/uas.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
-index c90a7e4..b5cb7ab 100644
---- a/drivers/usb/storage/uas.c
-+++ b/drivers/usb/storage/uas.c
-@@ -800,7 +800,6 @@ static int uas_slave_configure(struct scsi_device *sdev)
- 	if (devinfo->flags & US_FL_BROKEN_FUA)
- 		sdev->broken_fua = 1;
- 
--	scsi_change_queue_depth(sdev, devinfo->qdepth - 2);
- 	return 0;
- }
- 
-@@ -932,6 +931,12 @@ static int uas_probe(struct usb_interface *intf, const struct usb_device_id *id)
- 	if (result)
- 		goto set_alt0;
- 
-+	/*
-+	 * 1 tag is reserved for untagged commands +
-+	 * 1 tag to avoid of by one errors in some bridge firmwares
-+	 */
-+	shost->can_queue = devinfo->qdepth - 2;
-+
- 	usb_set_intfdata(intf, shost);
- 	result = scsi_add_host(shost, &intf->dev);
- 	if (result)
--- 
-2.7.3
-

HID-wacom-fix-Bamboo-ONE-oops.patch

@@ -1,46 +0,0 @@
-From 580549ef6b3e3fb3b958de490ca99f43a089a2cf Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Date: Fri, 25 Mar 2016 15:26:55 +0100
-Subject: [PATCH] HID: wacom: fix Bamboo ONE oops
-
-Looks like recent changes in the Wacom driver made the Bamboo ONE crashes.
-The tablet behaves as if it was a regular Bamboo device with pen, touch
-and pad, but there is no physical pad connected to it.
-The weird part is that the pad is still sending events and given that
-there is no input node connected to it, we get  anull pointer exception.
-
-Link: https://bugzilla.redhat.com/show_bug.cgi?id=1317116
-
-Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
-Acked-by: Ping Cheng <pingc@wacom.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Jiri Kosina <jkosina@suse.cz>
----
- drivers/hid/wacom_wac.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
-index bd198bbd4df0..02c4efea241c 100644
---- a/drivers/hid/wacom_wac.c
-+++ b/drivers/hid/wacom_wac.c
-@@ -2426,6 +2426,17 @@ void wacom_setup_device_quirks(struct wacom *wacom)
- 	}
- 
- 	/*
-+	 * Hack for the Bamboo One:
-+	 * the device presents a PAD/Touch interface as most Bamboos and even
-+	 * sends ghosts PAD data on it. However, later, we must disable this
-+	 * ghost interface, and we can not detect it unless we set it here
-+	 * to WACOM_DEVICETYPE_PAD or WACOM_DEVICETYPE_TOUCH.
-+	 */
-+	if (features->type == BAMBOO_PEN &&
-+	    features->pktlen == WACOM_PKGLEN_BBTOUCH3)
-+		features->device_type |= WACOM_DEVICETYPE_PAD;
-+
-+	/*
- 	 * Raw Wacom-mode pen and touch events both come from interface
- 	 * 0, whose HID descriptor has an application usage of 0xFF0D
- 	 * (i.e., WACOM_VENDORDEFINED_PEN). We route pen packets back
--- 
-2.5.5
-

arm-fix-idiv.patch

@@ -1,52 +0,0 @@
-From 208fae5c3b9431013ad7bcea07cbcee114e7d163 Mon Sep 17 00:00:00 2001
-From: Nicolas Pitre <nicolas.pitre@linaro.org>
-Date: Mon, 14 Mar 2016 02:55:45 +0100
-Subject: ARM: 8550/1: protect idiv patching against undefined gcc behavior
-
-It was reported that a kernel with CONFIG_ARM_PATCH_IDIV=y stopped
-booting when compiled with the upcoming gcc 6.  Turns out that turning
-a function address into a writable array is undefined and gcc 6 decided
-it was OK to omit the store to the first word of the function while
-still preserving the store to the second word.
-
-Even though gcc 6 is now fixed to behave more coherently, it is a
-mystery that gcc 4 and gcc 5 actually produce wanted code in the kernel.
-And in fact the reduced test case to illustrate the issue does indeed
-break with gcc < 6 as well.
-
-In any case, let's guard the kernel against undefined compiler behavior
-by hiding the nature of the array location as suggested by gcc
-developers.
-
-Reference: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70128
-
-Signed-off-by: Nicolas Pitre <nico@linaro.org>
-Reported-by: Marcin Juszkiewicz <mjuszkiewicz@redhat.com>
-Cc: Arnd Bergmann <arnd@arndb.de>
-Cc: stable@vger.kernel.org # v4.5
-Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
----
- arch/arm/kernel/setup.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index 139791e..a28fce0 100644
---- a/arch/arm/kernel/setup.c
-+++ b/arch/arm/kernel/setup.c
-@@ -430,11 +430,13 @@ static void __init patch_aeabi_idiv(void)
- 	pr_info("CPU: div instructions available: patching division code\n");
- 
- 	fn_addr = ((uintptr_t)&__aeabi_uidiv) & ~1;
-+	asm ("" : "+g" (fn_addr));
- 	((u32 *)fn_addr)[0] = udiv_instruction();
- 	((u32 *)fn_addr)[1] = bx_lr_instruction();
- 	flush_icache_range(fn_addr, fn_addr + 8);
- 
- 	fn_addr = ((uintptr_t)&__aeabi_idiv) & ~1;
-+	asm ("" : "+g" (fn_addr));
- 	((u32 *)fn_addr)[0] = sdiv_instruction();
- 	((u32 *)fn_addr)[1] = bx_lr_instruction();
- 	flush_icache_range(fn_addr, fn_addr + 8);
--- 
-cgit v0.12
-

drm-udl-Use-unlocked-gem-unreferencing.patch

@@ -1,58 +0,0 @@
-From patchwork Mon Nov 23 09:32:42 2015
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: [09/29] drm/udl: Use unlocked gem unreferencing
-From: Daniel Vetter <daniel.vetter@ffwll.ch>
-X-Patchwork-Id: 65722
-Message-Id: <1448271183-20523-10-git-send-email-daniel.vetter@ffwll.ch>
-To: DRI Development <dri-devel@lists.freedesktop.org>
-Cc: Daniel Vetter <daniel.vetter@intel.com>,
- Daniel Vetter <daniel.vetter@ffwll.ch>,
- Intel Graphics Development <intel-gfx@lists.freedesktop.org>,
- Dave Airlie <airlied@redhat.com>
-Date: Mon, 23 Nov 2015 10:32:42 +0100
-
-For drm_gem_object_unreference callers are required to hold
-dev->struct_mutex, which these paths don't. Enforcing this requirement
-has become a bit more strict with
-
-commit ef4c6270bf2867e2f8032e9614d1a8cfc6c71663
-Author: Daniel Vetter <daniel.vetter@ffwll.ch>
-Date:   Thu Oct 15 09:36:25 2015 +0200
-
-    drm/gem: Check locking in drm_gem_object_unreference
-
-Cc: Dave Airlie <airlied@redhat.com>
-Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
----
- drivers/gpu/drm/udl/udl_fb.c  | 2 +-
- drivers/gpu/drm/udl/udl_gem.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
-index 200419d4d43c..18a2acbccb7d 100644
---- a/drivers/gpu/drm/udl/udl_fb.c
-+++ b/drivers/gpu/drm/udl/udl_fb.c
-@@ -538,7 +538,7 @@ static int udlfb_create(struct drm_fb_helper *helper,
- out_destroy_fbi:
- 	drm_fb_helper_release_fbi(helper);
- out_gfree:
--	drm_gem_object_unreference(&ufbdev->ufb.obj->base);
-+	drm_gem_object_unreference_unlocked(&ufbdev->ufb.obj->base);
- out:
- 	return ret;
- }
-diff --git a/drivers/gpu/drm/udl/udl_gem.c b/drivers/gpu/drm/udl/udl_gem.c
-index 2a0a784ab6ee..d7528e0d8442 100644
---- a/drivers/gpu/drm/udl/udl_gem.c
-+++ b/drivers/gpu/drm/udl/udl_gem.c
-@@ -52,7 +52,7 @@ udl_gem_create(struct drm_file *file,
- 		return ret;
- 	}
- 
--	drm_gem_object_unreference(&obj->base);
-+	drm_gem_object_unreference_unlocked(&obj->base);
- 	*handle_p = handle;
- 	return 0;
- }

ipv4-Dont-do-expensive-useless-work-during-inetdev-des.patch

@@ -1,97 +0,0 @@
-From fbd40ea0180a2d328c5adc61414dc8bab9335ce2 Mon Sep 17 00:00:00 2001
-From: "David S. Miller" <davem@davemloft.net>
-Date: Sun, 13 Mar 2016 23:28:00 -0400
-Subject: ipv4: Don't do expensive useless work during inetdev destroy.
-
-When an inetdev is destroyed, every address assigned to the interface
-is removed.  And in this scenerio we do two pointless things which can
-be very expensive if the number of assigned interfaces is large:
-
-1) Address promotion.  We are deleting all addresses, so there is no
-   point in doing this.
-
-2) A full nf conntrack table purge for every address.  We only need to
-   do this once, as is already caught by the existing
-   masq_dev_notifier so masq_inet_event() can skip this.
-
-Reported-by: Solar Designer <solar@openwall.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Tested-by: Cyrill Gorcunov <gorcunov@openvz.org>
----
- net/ipv4/devinet.c                          |  4 ++++
- net/ipv4/fib_frontend.c                     |  4 ++++
- net/ipv4/netfilter/nf_nat_masquerade_ipv4.c | 12 ++++++++++--
- 3 files changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index 65e76a4..e333bc8 100644
---- a/net/ipv4/devinet.c
-+++ b/net/ipv4/devinet.c
-@@ -334,6 +334,9 @@ static void __inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap,
- 
- 	ASSERT_RTNL();
- 
-+	if (in_dev->dead)
-+		goto no_promotions;
-+
- 	/* 1. Deleting primary ifaddr forces deletion all secondaries
- 	 * unless alias promotion is set
- 	 **/
-@@ -380,6 +383,7 @@ static void __inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap,
- 			fib_del_ifaddr(ifa, ifa1);
- 	}
- 
-+no_promotions:
- 	/* 2. Unlink it */
- 
- 	*ifap = ifa1->ifa_next;
-diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
-index 4734475..21add55 100644
---- a/net/ipv4/fib_frontend.c
-+++ b/net/ipv4/fib_frontend.c
-@@ -922,6 +922,9 @@ void fib_del_ifaddr(struct in_ifaddr *ifa, struct in_ifaddr *iprim)
- 		subnet = 1;
- 	}
- 
-+	if (in_dev->dead)
-+		goto no_promotions;
-+
- 	/* Deletion is more complicated than add.
- 	 * We should take care of not to delete too much :-)
- 	 *
-@@ -997,6 +1000,7 @@ void fib_del_ifaddr(struct in_ifaddr *ifa, struct in_ifaddr *iprim)
- 		}
- 	}
- 
-+no_promotions:
- 	if (!(ok & BRD_OK))
- 		fib_magic(RTM_DELROUTE, RTN_BROADCAST, ifa->ifa_broadcast, 32, prim);
- 	if (subnet && ifa->ifa_prefixlen < 31) {
-diff --git a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
-index c6eb421..ea91058 100644
---- a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
-+++ b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
-@@ -108,10 +108,18 @@ static int masq_inet_event(struct notifier_block *this,
- 			   unsigned long event,
- 			   void *ptr)
- {
--	struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev;
-+	struct in_device *idev = ((struct in_ifaddr *)ptr)->ifa_dev;
- 	struct netdev_notifier_info info;
- 
--	netdev_notifier_info_init(&info, dev);
-+	/* The masq_dev_notifier will catch the case of the device going
-+	 * down.  So if the inetdev is dead and being destroyed we have
-+	 * no work to do.  Otherwise this is an individual address removal
-+	 * and we have to perform the flush.
-+	 */
-+	if (idev->dead)
-+		return NOTIFY_DONE;
-+
-+	netdev_notifier_info_init(&info, idev->dev);
- 	return masq_device_event(this, event, &info);
- }
- 
--- 
-cgit v0.12
-

kernel.spec

@@ -54,7 +54,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 1
+%define stable_update 2
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -509,8 +509,6 @@ Patch423: Initial-AllWinner-A64-and-PINE64-support.patch
 # http://www.spinics.net/lists/arm-kernel/msg493431.html
 Patch424: efi-arm64-don-t-apply-MEMBLOCK_NOMAP-to-UEFI-memory-map-mapping.patch
 
-Patch425: arm-fix-idiv.patch
-
 # http://patchwork.ozlabs.org/patch/587554/
 Patch430: ARM-tegra-usb-no-reset.patch
 
@@ -616,9 +614,6 @@ Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
 #rhbz 1286293
 Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
 
-#rhbz 1295646
-Patch621: drm-udl-Use-unlocked-gem-unreferencing.patch
-
 #Required for some persistent memory options
 Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch
 
@@ -634,21 +629,12 @@ Patch664: netfilter-x_tables-check-for-size-overflow.patch
 #CVE-2016-3134 rhbz 1317383 1317384
 Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
 
-#CVE-2016-3135 rhbz 1318172 1318270
-Patch666: ipv4-Dont-do-expensive-useless-work-during-inetdev-des.patch
-
-#rhbz 1315013
-Patch679: 0001-uas-Limit-qdepth-at-the-scsi-host-level.patch
-
 #CVE-2016-2187 rhbz 1317017 1317010
 Patch686: input-gtco-fix-crash-on-detecting-device-without-end.patch
 
 # CVE-2016-3672 rhbz 1324749 1324750
 Patch689: x86-mm-32-Enable-full-randomization-on-i386-and-X86_.patch
 
-#rhbz 1317116
-Patch697: HID-wacom-fix-Bamboo-ONE-oops.patch
-
 #rhbz 1309980
 Patch698: 0001-ACPI-processor-Request-native-thermal-interrupt-hand.patch
 
@@ -2179,6 +2165,9 @@ fi
 #
 # 
 %changelog
+* Wed Apr 20 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.5.2-300
+- Linux v4.5.2
+
 * Tue Apr 19 2016 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2016-3955 usbip: buffer overflow by trusting length of incoming packets  (rhbz 1328478 1328479)
 

sources

@@ -1,3 +1,3 @@
 a60d48eee08ec0536d5efb17ca819aef  linux-4.5.tar.xz
 6f557fe90b800b615c85c2ca04da6154  perf-man-4.5.tar.gz
-1df9ff0283c1732ebbf7c55f340a121b  patch-4.5.1.xz
+19a835c1d16183f629d45779f62d36b6  patch-4.5.2.xz