diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-05-05 09:10:38 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2016-05-05 09:10:38 +0200 |
commit | ccf4768e4692813db62c18b884c791b842fc82ed (patch) | |
tree | 7df8f07e8ae920d4cdc68f7b131da2219ab36ed8 | |
parent | 7717d3cdd707c45e5e8e2f013e96536b293dc2be (diff) | |
parent | 4d81848a2b0f1040041a335551c14740202cf2ba (diff) | |
download | kernel-ccf4768e4692813db62c18b884c791b842fc82ed.tar.gz kernel-ccf4768e4692813db62c18b884c791b842fc82ed.tar.xz kernel-ccf4768e4692813db62c18b884c791b842fc82ed.zip |
Merge remote-tracking branch 'origin/f24' into f24-user-thl-vanilla-fedorakernel-4.5.3-300.vanilla.knurd.1.fc24
-rw-r--r-- | 0001-ARM-mvebu-Correct-unit-address-for-linksys.patch | 32 | ||||
-rw-r--r-- | 0001-gpu-ipu-v3-Fix-imx-ipuv3-crtc-module-autoloading.patch | 37 | ||||
-rw-r--r-- | USB-usbfs-fix-potential-infoleak-in-devio.patch | 41 | ||||
-rw-r--r-- | USB-usbip-fix-potential-out-of-bounds-write.patch | 45 | ||||
-rw-r--r-- | config-armv7-generic | 1 | ||||
-rw-r--r-- | config-generic | 7 | ||||
-rw-r--r-- | config-x86_64-generic | 3 | ||||
-rw-r--r-- | efi-arm64-don-t-apply-MEMBLOCK_NOMAP-to-UEFI-memory-map-mapping.patch | 92 | ||||
-rw-r--r-- | input-gtco-fix-crash-on-detecting-device-without-end.patch | 49 | ||||
-rw-r--r-- | ipv4-fib-don-t-warn-when-primary-address-is-missing-.patch | 40 | ||||
-rw-r--r-- | kernel.spec | 66 | ||||
-rw-r--r-- | mm-thp-kvm-fix-memory-corruption-in-KVM-with-THP-ena.patch | 126 | ||||
-rw-r--r-- | rebase-notes.txt | 6 | ||||
-rw-r--r-- | sources | 2 | ||||
-rw-r--r-- | usb-phy-tegra-Add-38.4MHz-clock-table-entry.patch | 53 | ||||
-rw-r--r-- | x86-build-Build-compressed-x86-kernels-as-PIE.patch | 159 | ||||
-rw-r--r-- | x86-efi-bgrt-Switch-all-pr_err-to-pr_debug-for-inval.patch | 94 | ||||
-rw-r--r-- | x86-xen-suppress-hugetlbfs-in-PV-guests.patch | 70 |
18 files changed, 611 insertions, 312 deletions
diff --git a/0001-ARM-mvebu-Correct-unit-address-for-linksys.patch b/0001-ARM-mvebu-Correct-unit-address-for-linksys.patch deleted file mode 100644 index ba0320c8e..000000000 --- a/0001-ARM-mvebu-Correct-unit-address-for-linksys.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0eebfe3b5ae99d3a825be8e45395cea478fd83d8 Mon Sep 17 00:00:00 2001 -From: Patrick Uiterwijk <patrick@puiterwijk.org> -Date: Mon, 28 Mar 2016 21:30:41 +0000 -Subject: [PATCH] ARM: mvebu: Correct unit address for linksys - -The USB2 port for Armada 38x is defined to be at 58000, not at -50000. - -Acked-by: Imre Kaloz <kaloz@openwrt.org> -Cc: <stable@vger.kernel.org> -Fixes: 2d0a7addbd10 ("ARM: Kirkwood: Add support for many Synology NAS devices") -Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> ---- - arch/arm/boot/dts/armada-385-linksys.dtsi | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm/boot/dts/armada-385-linksys.dtsi b/arch/arm/boot/dts/armada-385-linksys.dtsi -index 3710755..85d2c37 100644 ---- a/arch/arm/boot/dts/armada-385-linksys.dtsi -+++ b/arch/arm/boot/dts/armada-385-linksys.dtsi -@@ -117,7 +117,7 @@ - }; - - /* USB part of the eSATA/USB 2.0 port */ -- usb@50000 { -+ usb@58000 { - status = "okay"; - }; - --- -2.5.0 - diff --git a/0001-gpu-ipu-v3-Fix-imx-ipuv3-crtc-module-autoloading.patch b/0001-gpu-ipu-v3-Fix-imx-ipuv3-crtc-module-autoloading.patch new file mode 100644 index 000000000..d26c5d52d --- /dev/null +++ b/0001-gpu-ipu-v3-Fix-imx-ipuv3-crtc-module-autoloading.patch @@ -0,0 +1,37 @@ +From 88fd0f33c3cc5aa6a26f56902241941ac717e9f8 Mon Sep 17 00:00:00 2001 +From: Peter Robinson <pbrobinson@gmail.com> +Date: Wed, 27 Apr 2016 13:44:05 +0100 +Subject: [PATCH] gpu: ipu-v3: Fix imx-ipuv3-crtc module autoloading + +--- + drivers/gpu/ipu-v3/ipu-common.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/ipu-v3/ipu-common.c b/drivers/gpu/ipu-v3/ipu-common.c +index e00db3f..abb98c7 100644 +--- a/drivers/gpu/ipu-v3/ipu-common.c ++++ b/drivers/gpu/ipu-v3/ipu-common.c +@@ -1068,7 +1068,6 @@ static int ipu_add_client_devices(struct ipu_soc *ipu, unsigned long ipu_base) + goto err_register; + } + +- pdev->dev.of_node = of_node; + pdev->dev.parent = dev; + + ret = platform_device_add_data(pdev, ®->pdata, +@@ -1079,6 +1078,12 @@ static int ipu_add_client_devices(struct ipu_soc *ipu, unsigned long ipu_base) + platform_device_put(pdev); + goto err_register; + } ++ ++ /* ++ * Set of_node only after calling platform_device_add. Otherwise ++ * the platform:imx-ipuv3-crtc modalias won't be used. ++ */ ++ pdev->dev.of_node = of_node; + } + + return 0; +-- +2.7.4 + diff --git a/USB-usbfs-fix-potential-infoleak-in-devio.patch b/USB-usbfs-fix-potential-infoleak-in-devio.patch new file mode 100644 index 000000000..48360c930 --- /dev/null +++ b/USB-usbfs-fix-potential-infoleak-in-devio.patch @@ -0,0 +1,41 @@ +From 7adc5cbc25dcc47dc3856108d9823d08da75da9d Mon Sep 17 00:00:00 2001 +From: Kangjie Lu <kangjielu@gmail.com> +Date: Tue, 3 May 2016 16:32:16 -0400 +Subject: [PATCH] USB: usbfs: fix potential infoleak in devio +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The stack object “ci” has a total size of 8 bytes. Its last 3 bytes +are padding bytes which are not initialized and leaked to userland +via “copy_to_user”. + +Signed-off-by: Kangjie Lu <kjlu@gatech.edu> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/usb/core/devio.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c +index 52c4461dfccd..9b7f1f75e887 100644 +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -1316,10 +1316,11 @@ static int proc_getdriver(struct usb_dev_state *ps, void __user *arg) + + static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg) + { +- struct usbdevfs_connectinfo ci = { +- .devnum = ps->dev->devnum, +- .slow = ps->dev->speed == USB_SPEED_LOW +- }; ++ struct usbdevfs_connectinfo ci; ++ ++ memset(&ci, 0, sizeof(ci)); ++ ci.devnum = ps->dev->devnum; ++ ci.slow = ps->dev->speed == USB_SPEED_LOW; + + if (copy_to_user(arg, &ci, sizeof(ci))) + return -EFAULT; +-- +2.5.5 + diff --git a/USB-usbip-fix-potential-out-of-bounds-write.patch b/USB-usbip-fix-potential-out-of-bounds-write.patch deleted file mode 100644 index 3d9f7c294..000000000 --- a/USB-usbip-fix-potential-out-of-bounds-write.patch +++ /dev/null @@ -1,45 +0,0 @@ -From b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb Mon Sep 17 00:00:00 2001 -From: Ignat Korchagin <ignat.korchagin@gmail.com> -Date: Thu, 17 Mar 2016 18:00:29 +0000 -Subject: [PATCH] USB: usbip: fix potential out-of-bounds write - -Fix potential out-of-bounds write to urb->transfer_buffer -usbip handles network communication directly in the kernel. When receiving a -packet from its peer, usbip code parses headers according to protocol. As -part of this parsing urb->actual_length is filled. Since the input for -urb->actual_length comes from the network, it should be treated as untrusted. -Any entity controlling the network may put any value in the input and the -preallocated urb->transfer_buffer may not be large enough to hold the data. -Thus, the malicious entity is able to write arbitrary data to kernel memory. - -Signed-off-by: Ignat Korchagin <ignat.korchagin@gmail.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/usb/usbip/usbip_common.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/drivers/usb/usbip/usbip_common.c b/drivers/usb/usbip/usbip_common.c -index facaaf003f19..e40da7759a0e 100644 ---- a/drivers/usb/usbip/usbip_common.c -+++ b/drivers/usb/usbip/usbip_common.c -@@ -741,6 +741,17 @@ int usbip_recv_xbuff(struct usbip_device *ud, struct urb *urb) - if (!(size > 0)) - return 0; - -+ if (size > urb->transfer_buffer_length) { -+ /* should not happen, probably malicious packet */ -+ if (ud->side == USBIP_STUB) { -+ usbip_event_add(ud, SDEV_EVENT_ERROR_TCP); -+ return 0; -+ } else { -+ usbip_event_add(ud, VDEV_EVENT_ERROR_TCP); -+ return -EPIPE; -+ } -+ } -+ - ret = usbip_recv(ud->tcp_socket, urb->transfer_buffer, size); - if (ret != size) { - dev_err(&urb->dev->dev, "recv xbuf, %d\n", ret); --- -2.5.5 - diff --git a/config-armv7-generic b/config-armv7-generic index 846667598..54f79c962 100644 --- a/config-armv7-generic +++ b/config-armv7-generic @@ -711,7 +711,6 @@ CONFIG_LIBERTAS_SPI=m CONFIG_P54_SPI=m CONFIG_P54_SPI_DEFAULT_EEPROM=n CONFIG_MICREL_KS8995MA=m -CONFIG_IEEE802154_AT86RF230=m CONFIG_IEEE802154_MRF24J40=m CONFIG_ARM_KPROBES_TEST=m diff --git a/config-generic b/config-generic index c03972816..c2e8352ce 100644 --- a/config-generic +++ b/config-generic @@ -1983,11 +1983,11 @@ CONFIG_IEEE802154_DRIVERS=m CONFIG_IEEE802154_FAKELB=m CONFIG_IEEE802154_ATUSB=m CONFIG_IEEE802154_CC2520=m -# CONFIG_IEEE802154_AT86RF230 is not set +CONFIG_IEEE802154_AT86RF230=m +# CONFIG_IEEE802154_AT86RF230_DEBUGFS is not set # CONFIG_IEEE802154_ADF7242 is not set # CONFIG_IEEE802154_MRF24J40 is not set # CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set -# CONFIG_IEEE802154_AT86RF230_DEBUGFS is not set CONFIG_MAC802154=m CONFIG_NET_MPLS_GSO=m @@ -2113,7 +2113,8 @@ CONFIG_NFC_ST21NFCA_I2C=m # CONFIG_NFC_ST21NFCB is not set # CONFIG_NFC_ST21NFCB_I2C is not set # CONFIG_NFC_ST95HF is not set -# CONFIG_NFC_NXP_NCI is not set +CONFIG_NFC_NXP_NCI=m +CONFIG_NFC_NXP_NCI_I2C=m # CONFIG_NFC_NCI_SPI is not set # CONFIG_NFC_NCI_UART is not set # CONFIG_NFC_ST_NCI is not set diff --git a/config-x86_64-generic b/config-x86_64-generic index 8d8b27519..5d0f7b2b2 100644 --- a/config-x86_64-generic +++ b/config-x86_64-generic @@ -231,3 +231,6 @@ CONFIG_INFINIBAND_HFI1=m CONFIG_HFI1_VERBS_31BIT_PSN=y # CONFIG_SDMA_VERBOSITY is not set # CONFIG_PRESCAN_RXQ is not set + +# Temporary workaround until SND_SOC_INTEL_HASWELL_MACH no longer requires builtin +CONFIG_DW_DMAC=y diff --git a/efi-arm64-don-t-apply-MEMBLOCK_NOMAP-to-UEFI-memory-map-mapping.patch b/efi-arm64-don-t-apply-MEMBLOCK_NOMAP-to-UEFI-memory-map-mapping.patch deleted file mode 100644 index 2e3ae0c9b..000000000 --- a/efi-arm64-don-t-apply-MEMBLOCK_NOMAP-to-UEFI-memory-map-mapping.patch +++ /dev/null @@ -1,92 +0,0 @@ -From patchwork Wed Mar 30 07:46:23 2016 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: efi/arm64: don't apply MEMBLOCK_NOMAP to UEFI memory map mapping -From: Ard Biesheuvel <ard.biesheuvel@linaro.org> -X-Patchwork-Id: 8693271 -Message-Id: <1459323983-9120-1-git-send-email-ard.biesheuvel@linaro.org> -To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, - matt@codeblueprint.co.uk -Cc: mark.rutland@arm.com, mlangsdo@redhat.com, - Ard Biesheuvel <ard.biesheuvel@linaro.org>, leif.lindholm@linaro.org, - jeremy.linton@arm.com, msalter@redhat.com -Date: Wed, 30 Mar 2016 09:46:23 +0200 - -Hi Matt, - -Could we queue this as a fix for v4.6 with a cc:stable for v4.5, please? -(assuming no objections from any of the cc'ees) - -Thanks, -Ard. - -----------8<-------------- -Commit 4dffbfc48d65 ("arm64/efi: mark UEFI reserved regions as -MEMBLOCK_NOMAP") updated the mapping logic of both the RuntimeServices -regions as well as the kernel's copy of the UEFI memory map to set the -MEMBLOCK_NOMAP flag, which causes these regions to be omitted from the -kernel direct mapping, and from being covered by a struct page. -For the RuntimeServices regions, this is an obvious win, since the contents -of these regions have significance to the firmware executable code itself, -and are mapped in the EFI page tables using attributes that are described in -the UEFI memory map, and which may differ from the attributes we use for -mapping system RAM. It also prevents the contents from being modified -inadvertently, since the EFI page tables are only live during runtime -service invocations. - -None of these concerns apply to the allocation that covers the UEFI memory -map, since it is entirely owned by the kernel. Setting the MEMBLOCK_NOMAP on -the region did allow us to use ioremap_cache() to map it both on arm64 and -on ARM, since the latter does not allow ioremap_cache() to be used on -regions that are covered by a struct page. - -The ioremap_cache() on ARM restriction will be lifted in the v4.7 timeframe, -but in the mean time, it has been reported that commit 4dffbfc48d65 causes -a regression on 64k granule kernels. This is due to the fact that, given -the 64 KB page size, the region that we end up removing from the kernel -direct mapping is rounded up to 64 KB, and this 64 KB page frame may be -shared with the initrd when booting via GRUB (which does not align its -EFI_LOADER_DATA allocations to 64 KB like the stub does). This will crash -the kernel as soon as it tries to access the initrd. - -Since the issue is specific to arm64, revert back to memblock_reserve()'ing -the UEFI memory map when running on arm64. This is a temporary fix for v4.5 -and v4.6, and will be superseded in the v4.7 timeframe when we will be able -to move back to memblock_reserve() unconditionally. - -Fixes: 4dffbfc48d65 ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") -Reported-by: Mark Salter <msalter@redhat.com> -Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> - ---- -drivers/firmware/efi/arm-init.c | 18 +++++++++++++++--- - 1 file changed, 15 insertions(+), 3 deletions(-) - -diff --git a/drivers/firmware/efi/arm-init.c b/drivers/firmware/efi/arm-init.c -index aa1f743152a2..8714f8c271ba 100644 ---- a/drivers/firmware/efi/arm-init.c -+++ b/drivers/firmware/efi/arm-init.c -@@ -203,7 +203,19 @@ void __init efi_init(void) - - reserve_regions(); - early_memunmap(memmap.map, params.mmap_size); -- memblock_mark_nomap(params.mmap & PAGE_MASK, -- PAGE_ALIGN(params.mmap_size + -- (params.mmap & ~PAGE_MASK))); -+ -+ if (IS_ENABLED(CONFIG_ARM)) { -+ /* -+ * ARM currently does not allow ioremap_cache() to be called on -+ * memory regions that are covered by struct page. So remove the -+ * UEFI memory map from the linear mapping. -+ */ -+ memblock_mark_nomap(params.mmap & PAGE_MASK, -+ PAGE_ALIGN(params.mmap_size + -+ (params.mmap & ~PAGE_MASK))); -+ } else { -+ memblock_reserve(params.mmap & PAGE_MASK, -+ PAGE_ALIGN(params.mmap_size + -+ (params.mmap & ~PAGE_MASK))); -+ } - } diff --git a/input-gtco-fix-crash-on-detecting-device-without-end.patch b/input-gtco-fix-crash-on-detecting-device-without-end.patch deleted file mode 100644 index 849f607a5..000000000 --- a/input-gtco-fix-crash-on-detecting-device-without-end.patch +++ /dev/null @@ -1,49 +0,0 @@ -Subject: [PATCH] Input: gtco: fix crash on detecting device without endpoints -From: Vladis Dronov <vdronov@redhat.com> -Date: 2016-03-18 18:35:00 - -The gtco driver expects at least one valid endpoint. If given -malicious descriptors that specify 0 for the number of endpoints, -it will crash in the probe function. Ensure there is at least -one endpoint on the interface before using it. Fix minor coding -style issue. - -The full report of this issue can be found here: -http://seclists.org/bugtraq/2016/Mar/86 - -Reported-by: Ralf Spenneberg <ralf@spenneberg.net> -Signed-off-by: Vladis Dronov <vdronov@redhat.com> ---- - drivers/input/tablet/gtco.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c -index 3a7f3a4..7c18249 100644 ---- a/drivers/input/tablet/gtco.c -+++ b/drivers/input/tablet/gtco.c -@@ -858,6 +858,14 @@ static int gtco_probe(struct usb_interface *usbinterface, - goto err_free_buf; - } - -+ /* Sanity check that a device has an endpoint */ -+ if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { -+ dev_err(&usbinterface->dev, -+ "Invalid number of endpoints\n"); -+ error = -EINVAL; -+ goto err_free_urb; -+ } -+ - /* - * The endpoint is always altsetting 0, we know this since we know - * this device only has one interrupt endpoint -@@ -879,7 +887,7 @@ static int gtco_probe(struct usb_interface *usbinterface, - * HID report descriptor - */ - if (usb_get_extra_descriptor(usbinterface->cur_altsetting, -- HID_DEVICE_TYPE, &hid_desc) != 0){ -+ HID_DEVICE_TYPE, &hid_desc) != 0) { - dev_err(&usbinterface->dev, - "Can't retrieve exta USB descriptor to get hid report descriptor length\n"); - error = -EIO; --- -2.5.0 diff --git a/ipv4-fib-don-t-warn-when-primary-address-is-missing-.patch b/ipv4-fib-don-t-warn-when-primary-address-is-missing-.patch new file mode 100644 index 000000000..9e4cf4e0e --- /dev/null +++ b/ipv4-fib-don-t-warn-when-primary-address-is-missing-.patch @@ -0,0 +1,40 @@ +From 9f79323a0aebccb9915ab8f4b7dcf531578b9cf9 Mon Sep 17 00:00:00 2001 +From: Paolo Abeni <pabeni@redhat.com> +Date: Thu, 21 Apr 2016 20:23:31 -0400 +Subject: [PATCH] ipv4/fib: don't warn when primary address is missing if + in_dev is dead + +After commit fbd40ea0180a ("ipv4: Don't do expensive useless work +during inetdev destroy.") when deleting an interface, +fib_del_ifaddr() can be executed without any primary address +present on the dead interface. + +The above is safe, but triggers some "bug: prim == NULL" warnings. + +This commit avoids warning if the in_dev is dead + +Signed-off-by: Paolo Abeni <pabeni@redhat.com> +--- + net/ipv4/fib_frontend.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c +index 8a9246deccfe..63566ec54794 100644 +--- a/net/ipv4/fib_frontend.c ++++ b/net/ipv4/fib_frontend.c +@@ -904,7 +904,11 @@ void fib_del_ifaddr(struct in_ifaddr *ifa, struct in_ifaddr *iprim) + if (ifa->ifa_flags & IFA_F_SECONDARY) { + prim = inet_ifa_byprefix(in_dev, any, ifa->ifa_mask); + if (!prim) { +- pr_warn("%s: bug: prim == NULL\n", __func__); ++ /* if the device has been deleted, we don't perform ++ * address promotion ++ */ ++ if (!in_dev->dead) ++ pr_warn("%s: bug: prim == NULL\n", __func__); + return; + } + if (iprim && iprim != prim) { +-- +2.5.5 + diff --git a/kernel.spec b/kernel.spec index b34bb1222..3f3ef903f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -59,7 +59,7 @@ Summary: The Linux kernel # Do we have a -stable update to apply? -%define stable_update 2 +%define stable_update 3 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -361,7 +361,7 @@ Summary: The Linux kernel # Packages that need to be installed before the kernel is, because the %%post # scripts use them. # -%define kernel_prereq fileutils, systemd >= 203-2 +%define kernel_prereq fileutils, systemd >= 203-2, /usr/bin/kernel-install %define initrd_prereq dracut >= 027 @@ -524,8 +524,11 @@ Patch422: geekbox-v4-device-tree-support.patch # http://www.spinics.net/lists/arm-kernel/msg483898.html Patch423: Initial-AllWinner-A64-and-PINE64-support.patch -# http://www.spinics.net/lists/arm-kernel/msg493431.html -Patch424: efi-arm64-don-t-apply-MEMBLOCK_NOMAP-to-UEFI-memory-map-mapping.patch +# rhbz 1321330 http://www.spinics.net/lists/dri-devel/msg105829.html +Patch425: 0001-gpu-ipu-v3-Fix-imx-ipuv3-crtc-module-autoloading.patch + +# http://www.spinics.net/lists/linux-tegra/msg26029.html +Patch426: usb-phy-tegra-Add-38.4MHz-clock-table-entry.patch # http://patchwork.ozlabs.org/patch/587554/ Patch430: ARM-tegra-usb-no-reset.patch @@ -543,9 +546,6 @@ Patch435: stmmac-fix-MDIO-settings.patch Patch436: ARM-mvebu-change-order-of-ethernet-DT-nodes-on-Armada-38x.patch -# mvebu usb fixes http://www.spinics.net/lists/arm-kernel/msg493305.html -Patch437: 0001-ARM-mvebu-Correct-unit-address-for-linksys.patch - # mvebu DSA switch fixes # http://www.spinics.net/lists/netdev/msg370841.html http://www.spinics.net/lists/netdev/msg370842.html Patch438: 0001-net-dsa-mv88e6xxx-Introduce-_mv88e6xxx_phy_page_-rea.patch @@ -647,24 +647,30 @@ Patch664: netfilter-x_tables-check-for-size-overflow.patch #CVE-2016-3134 rhbz 1317383 1317384 Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch -#CVE-2016-2187 rhbz 1317017 1317010 -Patch686: input-gtco-fix-crash-on-detecting-device-without-end.patch - # CVE-2016-3672 rhbz 1324749 1324750 Patch689: x86-mm-32-Enable-full-randomization-on-i386-and-X86_.patch #rhbz 1309980 Patch698: 0001-ACPI-processor-Request-native-thermal-interrupt-hand.patch -# CVE-2016-3961 rhbz 1327219 1323956 -Patch699: x86-xen-suppress-hugetlbfs-in-PV-guests.patch - -# CVE-2016-3955 rhbz 1328478 1328479 -Patch700: USB-usbip-fix-potential-out-of-bounds-write.patch - #rhbz 1309487 Patch701: antenna_select.patch +#rhbz 1302071 +Patch702: x86-build-Build-compressed-x86-kernels-as-PIE.patch + +# Follow on for CVE-2016-3156 +Patch703: ipv4-fib-don-t-warn-when-primary-address-is-missing-.patch + +# Stop splashing crap about broken firmware BGRT +Patch704: x86-efi-bgrt-Switch-all-pr_err-to-pr_debug-for-inval.patch + +#rhbz 1331092 +Patch705: mm-thp-kvm-fix-memory-corruption-in-KVM-with-THP-ena.patch + +#CVE-2016-4482 rhbz 1332931 1332932 +Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch + # END OF PATCH DEFINITIONS %endif @@ -2189,6 +2195,34 @@ fi # # %changelog +* Wed May 04 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.5.3-300 +- Linux v4.5.3 + +* Wed May 04 2016 Josh Boyer <jwboyer@fedoraproject.org> +- Enable NFC_NXP_NCI options (rhbz 1290556) +- CVE-2016-4482 info leak in devio.c (rhbz 1332931 1332932) + +* Thu Apr 28 2016 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix KVM with THP corruption (rhbz 1331092) + +* Thu Apr 28 2016 Josh Boyer <jwboyer@fedoraproject.org> +- Don't splash warnings from broken BGRT firmware implementations +- Require /usr/bin/kernel-install (rhbz 1331012) + +* Wed Apr 27 2016 Peter Robinson <pbrobinson@fedoraproject.org> 4.5.2-302 +- Fix i.MX6 gpu loading - rhbz 1321330 +- Fix usb loading on some tegra devices + +* Tue Apr 26 2016 Justin M. Forbes <jforbes@fedoraproject.org> +- Change CONFIG_DW_DMAC to built-in to fix sound on some intel platforms + This needs to be revisited later. + +* Tue Apr 26 2016 Josh Boyer <jwboyer@fedoraproject.org> +- Enable IEEE802154_AT86RF230 on more arches (rhbz 1330356) + +* Thu Apr 21 2016 Justin M. Forbes <jforbes@fedoraproject.org> - 4.5.2-301 +- Build 32bit x86 compressed kernels as PIE (rhbz 1302071) + * Wed Apr 20 2016 Laura Abbott <labbott@fedoraproject.org> - Allow antenna selection for rtl8723be (rhbz 1309487) diff --git a/mm-thp-kvm-fix-memory-corruption-in-KVM-with-THP-ena.patch b/mm-thp-kvm-fix-memory-corruption-in-KVM-with-THP-ena.patch new file mode 100644 index 000000000..cc3e2168c --- /dev/null +++ b/mm-thp-kvm-fix-memory-corruption-in-KVM-with-THP-ena.patch @@ -0,0 +1,126 @@ +From 94f984ff563d1777652b822d7a282cacc1e481c2 Mon Sep 17 00:00:00 2001 +From: Andrea Arcangeli <aarcange@redhat.com> +Date: Wed, 27 Apr 2016 12:04:46 -0500 +Subject: [PATCH] mm: thp: kvm: fix memory corruption in KVM with THP enabled + +After the THP refcounting change, obtaining a compound pages from +get_user_pages() no longer allows us to assume the entire compound +page is immediately mappable from a secondary MMU. + +A secondary MMU doesn't want to call get_user_pages() more than once +for each compound page, in order to know if it can map the whole +compound page. So a secondary MMU needs to know from a single +get_user_pages() invocation when it can map immediately the entire +compound page to avoid a flood of unnecessary secondary MMU faults and +spurious atomic_inc()/atomic_dec() (pages don't have to be pinned by +MMU notifier users). + +Ideally instead of the page->_mapcount < 1 check, get_user_pages() +should return the granularity of the "page" mapping in the "mm" passed +to get_user_pages(). However it's non trivial change to pass the "pmd" +status belonging to the "mm" walked by get_user_pages up the stack (up +to the caller of get_user_pages). So the fix just checks if there is +not a single pte mapping on the page returned by get_user_pages, and +in turn if the caller can assume that the whole compound page is +mapped in the current "mm" (in a pmd_trans_huge()). In such case the +entire compound page is safe to map into the secondary MMU without +additional get_user_pages() calls on the surrounding tail/head +pages. In addition of being faster, not having to run other +get_user_pages() calls also reduces the memory footprint of the +secondary MMU fault in case the pmd split happened as result of memory +pressure. + +Without this fix after a MADV_DONTNEED (like invoked by QEMU during +postcopy live migration or balloning) or after generic swapping (with +a failure in split_huge_page() that would only result in pmd splitting +and not a physical page split), KVM would map the whole compound page +into the shadow pagetables, despite regular faults or userfaults (like +UFFDIO_COPY) may map regular pages into the primary MMU as result of +the pte faults, leading to the guest mode and userland mode going out +of sync and not working on the same memory at all times. + +Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> +--- + arch/arm/kvm/mmu.c | 2 +- + arch/x86/kvm/mmu.c | 4 ++-- + include/linux/page-flags.h | 22 ++++++++++++++++++++++ + 3 files changed, 25 insertions(+), 3 deletions(-) + +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c +index aba61fd..8dafe97 100644 +--- a/arch/arm/kvm/mmu.c ++++ b/arch/arm/kvm/mmu.c +@@ -997,7 +997,7 @@ static bool transparent_hugepage_adjust(kvm_pfn_t *pfnp, phys_addr_t *ipap) + kvm_pfn_t pfn = *pfnp; + gfn_t gfn = *ipap >> PAGE_SHIFT; + +- if (PageTransCompound(pfn_to_page(pfn))) { ++ if (PageTransCompoundMap(pfn_to_page(pfn))) { + unsigned long mask; + /* + * The address we faulted on is backed by a transparent huge +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c +index 1e7a49b..3a371f7 100644 +--- a/arch/x86/kvm/mmu.c ++++ b/arch/x86/kvm/mmu.c +@@ -2767,7 +2767,7 @@ static void transparent_hugepage_adjust(struct kvm_vcpu *vcpu, + */ + if (!is_error_noslot_pfn(pfn) && !kvm_is_reserved_pfn(pfn) && + level == PT_PAGE_TABLE_LEVEL && +- PageTransCompound(pfn_to_page(pfn)) && ++ PageTransCompoundMap(pfn_to_page(pfn)) && + !has_wrprotected_page(vcpu, gfn, PT_DIRECTORY_LEVEL)) { + unsigned long mask; + /* +@@ -4621,7 +4621,7 @@ restart: + */ + if (sp->role.direct && + !kvm_is_reserved_pfn(pfn) && +- PageTransCompound(pfn_to_page(pfn))) { ++ PageTransCompoundMap(pfn_to_page(pfn))) { + drop_spte(kvm, sptep); + need_tlb_flush = 1; + goto restart; +diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h +index 19724e6..522bd6d 100644 +--- a/include/linux/page-flags.h ++++ b/include/linux/page-flags.h +@@ -517,6 +517,27 @@ static inline int PageTransCompound(struct page *page) + } + + /* ++ * PageTransCompoundMap is the same as PageTransCompound, but it also ++ * guarantees the primary MMU has the entire compound page mapped ++ * through pmd_trans_huge, which in turn guarantees the secondary MMUs ++ * can also map the entire compound page. This allows the secondary ++ * MMUs to call get_user_pages() only once for each compound page and ++ * to immediately map the entire compound page with a single secondary ++ * MMU fault. If there will be a pmd split later, the secondary MMUs ++ * will get an update through the MMU notifier invalidation through ++ * split_huge_pmd(). ++ * ++ * Unlike PageTransCompound, this is safe to be called only while ++ * split_huge_pmd() cannot run from under us, like if protected by the ++ * MMU notifier, otherwise it may result in page->_mapcount < 0 false ++ * positives. ++ */ ++static inline int PageTransCompoundMap(struct page *page) ++{ ++ return PageTransCompound(page) && atomic_read(&page->_mapcount) < 0; ++} ++ ++/* + * PageTransTail returns true for both transparent huge pages + * and hugetlbfs pages, so it should only be called when it's known + * that hugetlbfs pages aren't involved. +@@ -559,6 +580,7 @@ static inline int TestClearPageDoubleMap(struct page *page) + #else + TESTPAGEFLAG_FALSE(TransHuge) + TESTPAGEFLAG_FALSE(TransCompound) ++TESTPAGEFLAG_FALSE(TransCompoundMap) + TESTPAGEFLAG_FALSE(TransTail) + TESTPAGEFLAG_FALSE(DoubleMap) + TESTSETFLAG_FALSE(DoubleMap) +-- +2.7.4 + diff --git a/rebase-notes.txt b/rebase-notes.txt index 0d7d76f2d..1cc632157 100644 --- a/rebase-notes.txt +++ b/rebase-notes.txt @@ -1,8 +1,8 @@ Linux 4.5 rebase notes: -- Check on status of drm-i915-turn-off-wc-mmaps.patch -- Check on status of disabled ZONE_DMA -- Check on status of CONFIG_DW_DMAC_CORE +- Check on status of drm-i915-turn-off-wc-mmaps.patch (Should be okay to remove in F24, but not F22 or F23) +- Check on status of disabled ZONE_DMA (They can now coexist with ZONE_DEVICE) +- Check on status of CONFIG_DW_DMAC_CORE ( Built-in DW_DMAC for now, revisit later) Linux 4.4 rebase notes: @@ -1,3 +1,3 @@ a60d48eee08ec0536d5efb17ca819aef linux-4.5.tar.xz 6f557fe90b800b615c85c2ca04da6154 perf-man-4.5.tar.gz -19a835c1d16183f629d45779f62d36b6 patch-4.5.2.xz +efc81327bd2bd0d946f057ac71cbb1a7 patch-4.5.3.xz diff --git a/usb-phy-tegra-Add-38.4MHz-clock-table-entry.patch b/usb-phy-tegra-Add-38.4MHz-clock-table-entry.patch new file mode 100644 index 000000000..2a44851d7 --- /dev/null +++ b/usb-phy-tegra-Add-38.4MHz-clock-table-entry.patch @@ -0,0 +1,53 @@ +From patchwork Wed Apr 6 07:54:05 2016 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: usb: phy: tegra: Add 38.4MHz clock table entry +From: Hunter Laux <hunterlaux@gmail.com> +X-Patchwork-Id: 606877 +Message-Id: <1459929245-23449-1-git-send-email-hunterlaux@gmail.com> +To: Stephen Warren <swarren@wwwdotorg.org>, + Thierry Reding <thierry.reding@gmail.com>, + Alexandre Courbot <gnurou@gmail.com>, linux-tegra@vger.kernel.org +Cc: Hunter Laux <hunterlaux@gmail.com> +Date: Wed, 6 Apr 2016 00:54:05 -0700 + +The Tegra210 uses a 38.4MHz OSC. This clock table entry is required to +use the ehci phy on the Jetson TX1. + +The xtal_freq_count is actually a 12 bit value, so it should be a u16 +instead of u8. + +Signed-off-by: Hunter Laux <hunterlaux@gmail.com> +--- + drivers/usb/phy/phy-tegra-usb.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/phy/phy-tegra-usb.c b/drivers/usb/phy/phy-tegra-usb.c +index 5fe4a57..f0431f0 100644 +--- a/drivers/usb/phy/phy-tegra-usb.c ++++ b/drivers/usb/phy/phy-tegra-usb.c +@@ -164,7 +164,7 @@ struct tegra_xtal_freq { + u8 enable_delay; + u8 stable_count; + u8 active_delay; +- u8 xtal_freq_count; ++ u16 xtal_freq_count; + u16 debounce; + }; + +@@ -201,6 +201,14 @@ static const struct tegra_xtal_freq tegra_freq_table[] = { + .xtal_freq_count = 0xFE, + .debounce = 0xFDE8, + }, ++ { ++ .freq = 38400000, ++ .enable_delay = 0x00, ++ .stable_count = 0x00, ++ .active_delay = 0x18, ++ .xtal_freq_count = 0x177, ++ .debounce = 0xBB80, ++ }, + }; + + static void set_pts(struct tegra_usb_phy *phy, u8 pts_val) diff --git a/x86-build-Build-compressed-x86-kernels-as-PIE.patch b/x86-build-Build-compressed-x86-kernels-as-PIE.patch new file mode 100644 index 000000000..064cb485b --- /dev/null +++ b/x86-build-Build-compressed-x86-kernels-as-PIE.patch @@ -0,0 +1,159 @@ +From 6d92bc9d483aa1751755a66fee8fb39dffb088c0 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" <hjl.tools@gmail.com> +Date: Wed, 16 Mar 2016 20:04:35 -0700 +Subject: [PATCH] x86/build: Build compressed x86 kernels as PIE + +The 32-bit x86 assembler in binutils 2.26 will generate R_386_GOT32X +relocation to get the symbol address in PIC. When the compressed x86 +kernel isn't built as PIC, the linker optimizes R_386_GOT32X relocations +to their fixed symbol addresses. However, when the compressed x86 +kernel is loaded at a different address, it leads to the following +load failure: + + Failed to allocate space for phdrs + +during the decompression stage. + +If the compressed x86 kernel is relocatable at run-time, it should be +compiled with -fPIE, instead of -fPIC, if possible and should be built as +Position Independent Executable (PIE) so that linker won't optimize +R_386_GOT32X relocation to its fixed symbol address. + +Older linkers generate R_386_32 relocations against locally defined +symbols, _bss, _ebss, _got and _egot, in PIE. It isn't wrong, just less +optimal than R_386_RELATIVE. But the x86 kernel fails to properly handle +R_386_32 relocations when relocating the kernel. To generate +R_386_RELATIVE relocations, we mark _bss, _ebss, _got and _egot as +hidden in both 32-bit and 64-bit x86 kernels. + +To build a 64-bit compressed x86 kernel as PIE, we need to disable the +relocation overflow check to avoid relocation overflow errors. We do +this with a new linker command-line option, -z noreloc-overflow, which +got added recently: + + commit 4c10bbaa0912742322f10d9d5bb630ba4e15dfa7 + Author: H.J. Lu <hjl.tools@gmail.com> + Date: Tue Mar 15 11:07:06 2016 -0700 + + Add -z noreloc-overflow option to x86-64 ld + + Add -z noreloc-overflow command-line option to the x86-64 ELF linker to + disable relocation overflow check. This can be used to avoid relocation + overflow check if there will be no dynamic relocation overflow at + run-time. + +The 64-bit compressed x86 kernel is built as PIE only if the linker supports +-z noreloc-overflow. So far 64-bit relocatable compressed x86 kernel +boots fine even when it is built as a normal executable. + +Signed-off-by: H.J. Lu <hjl.tools@gmail.com> +Cc: Andy Lutomirski <luto@amacapital.net> +Cc: Borislav Petkov <bp@alien8.de> +Cc: Brian Gerst <brgerst@gmail.com> +Cc: Denys Vlasenko <dvlasenk@redhat.com> +Cc: H. Peter Anvin <hpa@zytor.com> +Cc: Linus Torvalds <torvalds@linux-foundation.org> +Cc: Peter Zijlstra <peterz@infradead.org> +Cc: Thomas Gleixner <tglx@linutronix.de> +Cc: linux-kernel@vger.kernel.org +[ Edited the changelog and comments. ] +Signed-off-by: Ingo Molnar <mingo@kernel.org> +--- + arch/x86/boot/compressed/Makefile | 14 +++++++++++++- + arch/x86/boot/compressed/head_32.S | 28 ++++++++++++++++++++++++++++ + arch/x86/boot/compressed/head_64.S | 8 ++++++++ + 3 files changed, 49 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile +index 6915ff2..8774cb2 100644 +--- a/arch/x86/boot/compressed/Makefile ++++ b/arch/x86/boot/compressed/Makefile +@@ -26,7 +26,7 @@ targets := vmlinux vmlinux.bin vmlinux.bin.gz vmlinux.bin.bz2 vmlinux.bin.lzma \ + vmlinux.bin.xz vmlinux.bin.lzo vmlinux.bin.lz4 + + KBUILD_CFLAGS := -m$(BITS) -D__KERNEL__ $(LINUX_INCLUDE) -O2 +-KBUILD_CFLAGS += -fno-strict-aliasing -fPIC ++KBUILD_CFLAGS += -fno-strict-aliasing $(call cc-option, -fPIE, -fPIC) + KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING + cflags-$(CONFIG_X86_32) := -march=i386 + cflags-$(CONFIG_X86_64) := -mcmodel=small +@@ -40,6 +40,18 @@ GCOV_PROFILE := n + UBSAN_SANITIZE :=n + + LDFLAGS := -m elf_$(UTS_MACHINE) ++ifeq ($(CONFIG_RELOCATABLE),y) ++# If kernel is relocatable, build compressed kernel as PIE. ++ifeq ($(CONFIG_X86_32),y) ++LDFLAGS += $(call ld-option, -pie) $(call ld-option, --no-dynamic-linker) ++else ++# To build 64-bit compressed kernel as PIE, we disable relocation ++# overflow check to avoid relocation overflow error with a new linker ++# command-line option, -z noreloc-overflow. ++LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \ ++ && echo "-z noreloc-overflow -pie --no-dynamic-linker") ++endif ++endif + LDFLAGS_vmlinux := -T + + hostprogs-y := mkpiggy +diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S +index 8ef964d..0256064 100644 +--- a/arch/x86/boot/compressed/head_32.S ++++ b/arch/x86/boot/compressed/head_32.S +@@ -31,6 +31,34 @@ + #include <asm/asm-offsets.h> + #include <asm/bootparam.h> + ++/* ++ * The 32-bit x86 assembler in binutils 2.26 will generate R_386_GOT32X ++ * relocation to get the symbol address in PIC. When the compressed x86 ++ * kernel isn't built as PIC, the linker optimizes R_386_GOT32X ++ * relocations to their fixed symbol addresses. However, when the ++ * compressed x86 kernel is loaded at a different address, it leads ++ * to the following load failure: ++ * ++ * Failed to allocate space for phdrs ++ * ++ * during the decompression stage. ++ * ++ * If the compressed x86 kernel is relocatable at run-time, it should be ++ * compiled with -fPIE, instead of -fPIC, if possible and should be built as ++ * Position Independent Executable (PIE) so that linker won't optimize ++ * R_386_GOT32X relocation to its fixed symbol address. Older ++ * linkers generate R_386_32 relocations against locally defined symbols, ++ * _bss, _ebss, _got and _egot, in PIE. It isn't wrong, just less ++ * optimal than R_386_RELATIVE. But the x86 kernel fails to properly handle ++ * R_386_32 relocations when relocating the kernel. To generate ++ * R_386_RELATIVE relocations, we mark _bss, _ebss, _got and _egot as ++ * hidden: ++ */ ++ .hidden _bss ++ .hidden _ebss ++ .hidden _got ++ .hidden _egot ++ + __HEAD + ENTRY(startup_32) + #ifdef CONFIG_EFI_STUB +diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S +index b0c0d16..86558a1 100644 +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -33,6 +33,14 @@ + #include <asm/asm-offsets.h> + #include <asm/bootparam.h> + ++/* ++ * Locally defined symbols should be marked hidden: ++ */ ++ .hidden _bss ++ .hidden _ebss ++ .hidden _got ++ .hidden _egot ++ + __HEAD + .code32 + ENTRY(startup_32) +-- +2.7.3 + diff --git a/x86-efi-bgrt-Switch-all-pr_err-to-pr_debug-for-inval.patch b/x86-efi-bgrt-Switch-all-pr_err-to-pr_debug-for-inval.patch new file mode 100644 index 000000000..d3d0aa2c3 --- /dev/null +++ b/x86-efi-bgrt-Switch-all-pr_err-to-pr_debug-for-inval.patch @@ -0,0 +1,94 @@ +From 3e4f68f273ef86e6ed8be24a86f8ef514deaecc0 Mon Sep 17 00:00:00 2001 +From: Josh Boyer <jwboyer@fedoraproject.org> +Date: Wed, 27 Apr 2016 08:37:41 -0400 +Subject: [PATCH] x86/efi-bgrt: Switch all pr_err() to pr_debug() for invalid + BGRT + +The promise of pretty boot splashes from firmware via BGRT was at +best only that; a promise. The kernel diligently checks to make +sure the BGRT data firmware gives it is valid, and dutifully warns +the user when it isn't. However, it does so via the pr_err log +level which seems unnecessary. The user cannot do anything about +this and there really isn't an error on the part of Linux to +correct. + +This lowers the log level by using pr_debug instead. Users will +no longer have their boot process uglified by the kernel reminding +us that firmware can and often is broken. Ironic, considering +BGRT is supposed to make boot pretty to begin with. + +Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> +--- + arch/x86/platform/efi/efi-bgrt.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/arch/x86/platform/efi/efi-bgrt.c b/arch/x86/platform/efi/efi-bgrt.c +index ea48449b2e63..87da4108785b 100644 +--- a/arch/x86/platform/efi/efi-bgrt.c ++++ b/arch/x86/platform/efi/efi-bgrt.c +@@ -41,17 +41,17 @@ void __init efi_bgrt_init(void) + return; + + if (bgrt_tab->header.length < sizeof(*bgrt_tab)) { +- pr_err("Ignoring BGRT: invalid length %u (expected %zu)\n", ++ pr_debug("Ignoring BGRT: invalid length %u (expected %zu)\n", + bgrt_tab->header.length, sizeof(*bgrt_tab)); + return; + } + if (bgrt_tab->version != 1) { +- pr_err("Ignoring BGRT: invalid version %u (expected 1)\n", ++ pr_debug("Ignoring BGRT: invalid version %u (expected 1)\n", + bgrt_tab->version); + return; + } + if (bgrt_tab->status & 0xfe) { +- pr_err("Ignoring BGRT: reserved status bits are non-zero %u\n", ++ pr_debug("Ignoring BGRT: reserved status bits are non-zero %u\n", + bgrt_tab->status); + return; + } +@@ -61,12 +61,12 @@ void __init efi_bgrt_init(void) + return; + } + if (bgrt_tab->image_type != 0) { +- pr_err("Ignoring BGRT: invalid image type %u (expected 0)\n", ++ pr_debug("Ignoring BGRT: invalid image type %u (expected 0)\n", + bgrt_tab->image_type); + return; + } + if (!bgrt_tab->image_address) { +- pr_err("Ignoring BGRT: null image address\n"); ++ pr_debug("Ignoring BGRT: null image address\n"); + return; + } + +@@ -76,7 +76,7 @@ void __init efi_bgrt_init(void) + sizeof(bmp_header)); + ioremapped = true; + if (!image) { +- pr_err("Ignoring BGRT: failed to map image header memory\n"); ++ pr_debug("Ignoring BGRT: failed to map image header memory\n"); + return; + } + } +@@ -88,7 +88,7 @@ void __init efi_bgrt_init(void) + + bgrt_image = kmalloc(bgrt_image_size, GFP_KERNEL | __GFP_NOWARN); + if (!bgrt_image) { +- pr_err("Ignoring BGRT: failed to allocate memory for image (wanted %zu bytes)\n", ++ pr_debug("Ignoring BGRT: failed to allocate memory for image (wanted %zu bytes)\n", + bgrt_image_size); + return; + } +@@ -97,7 +97,7 @@ void __init efi_bgrt_init(void) + image = early_ioremap(bgrt_tab->image_address, + bmp_header.size); + if (!image) { +- pr_err("Ignoring BGRT: failed to map image memory\n"); ++ pr_debug("Ignoring BGRT: failed to map image memory\n"); + kfree(bgrt_image); + bgrt_image = NULL; + return; +-- +2.5.5 + diff --git a/x86-xen-suppress-hugetlbfs-in-PV-guests.patch b/x86-xen-suppress-hugetlbfs-in-PV-guests.patch deleted file mode 100644 index 1b7c8f24a..000000000 --- a/x86-xen-suppress-hugetlbfs-in-PV-guests.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 72c339e0c6d9969e664c2cf63e162753d7d859ae Mon Sep 17 00:00:00 2001 -From: Jan Beulich <jbeulich@suse.com> -Date: Thu, 14 Apr 2016 13:03:47 +0000 -Subject: [PATCH] x86/xen: suppress hugetlbfs in PV guests - -Huge pages are not normally available to PV guests. Not suppressing -hugetlbfs use results in an endless loop of page faults when user mode -code tries to access a hugetlbfs mapped area (since the hypervisor -denies such PTEs to be created, but error indications can't be -propagated out of xen_set_pte_at(), just like for various of its -siblings), and - once killed in an oops like this: - -kernel BUG at .../fs/hugetlbfs/inode.c:428! -invalid opcode: 0000 [#1] SMP -Modules linked in: ... -Supported: Yes -CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2 -Hardware name: ... -task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000 -RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320 -RSP: e02b:ffff880803c879a8 EFLAGS: 00010202 -RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38 -RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960 -RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 -R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0 -FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000 -CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b -CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660 -Stack: - ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0 - ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000 - ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758 -Call Trace: - [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40 - [<ffffffff81167b3d>] evict+0xbd/0x1b0 - [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0 - [<ffffffff81165b0e>] dput+0x1fe/0x220 - [<ffffffff81150535>] __fput+0x155/0x200 - [<ffffffff81079fc0>] task_work_run+0x60/0xa0 - [<ffffffff81063510>] do_exit+0x160/0x400 - [<ffffffff810637eb>] do_group_exit+0x3b/0xa0 - [<ffffffff8106e8bd>] get_signal+0x1ed/0x470 - [<ffffffff8100f854>] do_signal+0x14/0x110 - [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0 - [<ffffffff814178a5>] retint_user+0x8/0x13 - -This is XSA-174. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Cc: stable@vger.kernel.org ---- - arch/x86/include/asm/hugetlb.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/arch/x86/include/asm/hugetlb.h b/arch/x86/include/asm/hugetlb.h -index f8a29d2c97b0..e6a8613fbfb0 100644 ---- a/arch/x86/include/asm/hugetlb.h -+++ b/arch/x86/include/asm/hugetlb.h -@@ -4,6 +4,7 @@ - #include <asm/page.h> - #include <asm-generic/hugetlb.h> - -+#define hugepages_supported() cpu_has_pse - - static inline int is_hugepage_only_range(struct mm_struct *mm, - unsigned long addr, --- -2.5.5 - |