4.17.7kernel-4.17.7-250.vanilla.knurd.1.fc28

10 files changed, 219 insertions, 56 deletions

diff --git a/CVE-2018-13405.patch b/CVE-2018-13405.patch
deleted file mode 100644
index 489e11f54..000000000
--- a/CVE-2018-13405.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 Mon Sep 17 00:00:00 2001
-From: Linus Torvalds <torvalds@linux-foundation.org>
-Date: Tue, 3 Jul 2018 17:10:19 -0700
-Subject: [PATCH] Fix up non-directory creation in SGID directories
-
-sgid directories have special semantics, making newly created files in
-the directory belong to the group of the directory, and newly created
-subdirectories will also become sgid.  This is historically used for
-group-shared directories.
-
-But group directories writable by non-group members should not imply
-that such non-group members can magically join the group, so make sure
-to clear the sgid bit on non-directories for non-members (but remember
-that sgid without group execute means "mandatory locking", just to
-confuse things even more).
-
-Reported-by: Jann Horn <jannh@google.com>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Al Viro <viro@zeniv.linux.org.uk>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Jeremy Cline <jcline@redhat.com>
----
- fs/inode.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/fs/inode.c b/fs/inode.c
-index 2c300e981796..8c86c809ca17 100644
---- a/fs/inode.c
-+++ b/fs/inode.c
-@@ -1999,8 +1999,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir,
- 	inode->i_uid = current_fsuid();
- 	if (dir && dir->i_mode & S_ISGID) {
- 		inode->i_gid = dir->i_gid;
-+
-+		/* Directories are special, and always inherit S_ISGID */
- 		if (S_ISDIR(mode))
- 			mode |= S_ISGID;
-+		else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
-+			 !in_group_p(inode->i_gid) &&
-+			 !capable_wrt_inode_uidgid(dir, CAP_FSETID))
-+			mode &= ~S_ISGID;
- 	} else
- 		inode->i_gid = current_fsgid();
- 	inode->i_mode = mode;
--- 
-2.17.1
-
diff --git a/configs/fedora/generic/powerpc/CONFIG_SND_HDA_INTEL b/configs/fedora/generic/powerpc/CONFIG_SND_HDA_INTEL
deleted file mode 100644
index 6f057ecfe..000000000
--- a/configs/fedora/generic/powerpc/CONFIG_SND_HDA_INTEL
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_SND_HDA_INTEL is not set
diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config
index b73c4ed88..04658a16a 100644
--- a/kernel-ppc64-debug.config
+++ b/kernel-ppc64-debug.config
@@ -4949,7 +4949,7 @@ CONFIG_SND_HDA_HWDEP=y
 CONFIG_SND_HDA_I915=y
 CONFIG_SND_HDA_INPUT_BEEP_MODE=0
 CONFIG_SND_HDA_INPUT_BEEP=y
-# CONFIG_SND_HDA_INTEL is not set
+CONFIG_SND_HDA_INTEL=m
 CONFIG_SND_HDA_PATCH_LOADER=y
 CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0
 CONFIG_SND_HDA_POWER_SAVE=y
diff --git a/kernel-ppc64.config b/kernel-ppc64.config
index 059b21e23..95f6aa221 100644
--- a/kernel-ppc64.config
+++ b/kernel-ppc64.config
@@ -4923,7 +4923,7 @@ CONFIG_SND_HDA_HWDEP=y
 CONFIG_SND_HDA_I915=y
 CONFIG_SND_HDA_INPUT_BEEP_MODE=0
 CONFIG_SND_HDA_INPUT_BEEP=y
-# CONFIG_SND_HDA_INTEL is not set
+CONFIG_SND_HDA_INTEL=m
 CONFIG_SND_HDA_PATCH_LOADER=y
 CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0
 CONFIG_SND_HDA_POWER_SAVE=y
diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config
index 2d861e5ec..23d856590 100644
--- a/kernel-ppc64le-debug.config
+++ b/kernel-ppc64le-debug.config
@@ -4878,7 +4878,7 @@ CONFIG_SND_HDA_HWDEP=y
 CONFIG_SND_HDA_I915=y
 CONFIG_SND_HDA_INPUT_BEEP_MODE=0
 CONFIG_SND_HDA_INPUT_BEEP=y
-# CONFIG_SND_HDA_INTEL is not set
+CONFIG_SND_HDA_INTEL=m
 CONFIG_SND_HDA_PATCH_LOADER=y
 CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0
 CONFIG_SND_HDA_POWER_SAVE=y
diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config
index 5d65cb4e6..885bb97fd 100644
--- a/kernel-ppc64le.config
+++ b/kernel-ppc64le.config
@@ -4852,7 +4852,7 @@ CONFIG_SND_HDA_HWDEP=y
 CONFIG_SND_HDA_I915=y
 CONFIG_SND_HDA_INPUT_BEEP_MODE=0
 CONFIG_SND_HDA_INPUT_BEEP=y
-# CONFIG_SND_HDA_INTEL is not set
+CONFIG_SND_HDA_INTEL=m
 CONFIG_SND_HDA_PATCH_LOADER=y
 CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0
 CONFIG_SND_HDA_POWER_SAVE=y
diff --git a/kernel.spec b/kernel.spec
index 8c8825c6f..899febcc8 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -58,7 +58,7 @@ Summary: The Linux kernel
 %define stable_rc 0
 
 # Do we have a -stable update to apply?
-%define stable_update 6
+%define stable_update 7
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -685,8 +685,11 @@ Patch522: 0001-xfs-don-t-call-xfs_da_shrink_inode-with-NULL-bp.patch
 # CVE-2018-13095 rhbz 1597775 1597777
 Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch
 
-# CVE-2018-13405 rhbz 1599161 1599162
-Patch524: CVE-2018-13405.patch
+# rhbz 1597333
+# Patch526: xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch
+
+# i686 patch that will eventually be 4.17.8
+Patch527: mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1940,6 +1943,19 @@ fi
 #
 #
 %changelog
+* Tue Jul 17 2018 Justin M. Forbes <jforbes@fedoraproject.org> - 4.17.7-200
+- Linux v4.17.7
+
+* Thu Jul 12 2018 Jeremy Cline <jeremy@jcline.org>
+- Avoid an early WARN_ON in Xen (rhbz 1592976)
+- Fix perceived dead xhci host (rhbz 1597333)
+
+* Thu Jul 12 2018 Dan Horák <dan@danny.cz>
+- Enable HDA sound drivers on PPC
+
+* Wed Jul 11 2018 Jeremy Cline <jcline@redhat.com> - 4.17.6-200
+- Linux v4.17.6
+
 * Wed Jul 11 2018 Jeremy Cline <jeremy@jcline.org>
 - Add device ID for RTL8822BE in the Asus ROG GL702ZC (rhbz 1599917)
 
diff --git a/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch b/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch
new file mode 100644
index 000000000..f72e111ad
--- /dev/null
+++ b/mm-don-t-do-zero_resv_unavail-if-memmap-is-not-allocated.patch
@@ -0,0 +1,69 @@
+From d1b47a7c9efcf3c3384b70f6e3c8f1423b44d8c7 Mon Sep 17 00:00:00 2001
+From: Pavel Tatashin <pasha.tatashin@oracle.com>
+Date: Mon, 16 Jul 2018 11:16:30 -0400
+Subject: mm: don't do zero_resv_unavail if memmap is not allocated
+
+From: Pavel Tatashin <pasha.tatashin@oracle.com>
+
+commit d1b47a7c9efcf3c3384b70f6e3c8f1423b44d8c7 upstream.
+
+Moving zero_resv_unavail before memmap_init_zone(), caused a regression on
+x86-32.
+
+The cause is that we access struct pages before they are allocated when
+CONFIG_FLAT_NODE_MEM_MAP is used.
+
+free_area_init_nodes()
+  zero_resv_unavail()
+    mm_zero_struct_page(pfn_to_page(pfn)); <- struct page is not alloced
+  free_area_init_node()
+    if CONFIG_FLAT_NODE_MEM_MAP
+      alloc_node_mem_map()
+        memblock_virt_alloc_node_nopanic() <- struct page alloced here
+
+On the other hand memblock_virt_alloc_node_nopanic() zeroes all the memory
+that it returns, so we do not need to do zero_resv_unavail() here.
+
+Fixes: e181ae0c5db9 ("mm: zero unavailable pages before memmap init")
+Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
+Tested-by: Matt Hart <matt@mattface.org>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/mm.h |    2 +-
+ mm/page_alloc.c    |    4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@ -2081,7 +2081,7 @@ extern int __meminit __early_pfn_to_nid(
+ 					struct mminit_pfnnid_cache *state);
+ #endif
+ 
+-#ifdef CONFIG_HAVE_MEMBLOCK
++#if defined(CONFIG_HAVE_MEMBLOCK) && !defined(CONFIG_FLAT_NODE_MEM_MAP)
+ void zero_resv_unavail(void);
+ #else
+ static inline void zero_resv_unavail(void) {}
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -6377,7 +6377,7 @@ void __paginginit free_area_init_node(in
+ 	free_area_init_core(pgdat);
+ }
+ 
+-#ifdef CONFIG_HAVE_MEMBLOCK
++#if defined(CONFIG_HAVE_MEMBLOCK) && !defined(CONFIG_FLAT_NODE_MEM_MAP)
+ /*
+  * Only struct pages that are backed by physical memory are zeroed and
+  * initialized by going through __init_single_page(). But, there are some
+@@ -6415,7 +6415,7 @@ void __paginginit zero_resv_unavail(void
+ 	if (pgcnt)
+ 		pr_info("Reserved but unavailable: %lld pages", pgcnt);
+ }
+-#endif /* CONFIG_HAVE_MEMBLOCK */
++#endif /* CONFIG_HAVE_MEMBLOCK && !CONFIG_FLAT_NODE_MEM_MAP */
+ 
+ #ifdef CONFIG_HAVE_MEMBLOCK_NODE_MAP
+ 
diff --git a/sources b/sources
index b72509361..c3220eb6d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db
-SHA512 (patch-4.17.6.xz) = 4b791d94db704cbbe3dbf6b340735fe7999957741f116ca14060ced836aece1d4b51d0c3f376af1564e7379fbb9c9132a8e4d021fc74599f3ab037237d718651
+SHA512 (patch-4.17.7.xz) = 955342b78da2977dbd08ff0acb7e681c646b1dfceef71246a08bdd102e0b2ad41f3eb7c353755ed1da2e1a5d9138476adc7bf11fd732a3033b6f8aac457dac75
diff --git a/xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch b/xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch
new file mode 100644
index 000000000..b52d783ae
--- /dev/null
+++ b/xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch
@@ -0,0 +1,126 @@
+From 229bc19fd7aca4f37964af06e3583c1c8f36b5d6 Mon Sep 17 00:00:00 2001
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+Date: Thu, 21 Jun 2018 16:19:41 +0300
+Subject: [PATCH] xhci: Fix perceived dead host due to runtime suspend race
+ with event handler
+
+Don't rely on event interrupt (EINT) bit alone to detect pending port
+change in resume. If no change event is detected the host may be suspended
+again, oterwise roothubs are resumed.
+
+There is a lag in xHC setting EINT. If we don't notice the pending change
+in resume, and the controller is runtime suspeded again, it causes the
+event handler to assume host is dead as it will fail to read xHC registers
+once PCI puts the controller to D3 state.
+
+[  268.520969] xhci_hcd: xhci_resume: starting port polling.
+[  268.520985] xhci_hcd: xhci_hub_status_data: stopping port polling.
+[  268.521030] xhci_hcd: xhci_suspend: stopping port polling.
+[  268.521040] xhci_hcd: // Setting command ring address to 0x349bd001
+[  268.521139] xhci_hcd: Port Status Change Event for port 3
+[  268.521149] xhci_hcd: resume root hub
+[  268.521163] xhci_hcd: port resume event for port 3
+[  268.521168] xhci_hcd: xHC is not running.
+[  268.521174] xhci_hcd: handle_port_status: starting port polling.
+[  268.596322] xhci_hcd: xhci_hc_died: xHCI host controller not responding, assume dead
+
+The EINT lag is described in a additional note in xhci specs 4.19.2:
+
+"Due to internal xHC scheduling and system delays, there will be a lag
+between a change bit being set and the Port Status Change Event that it
+generated being written to the Event Ring. If SW reads the PORTSC and
+sees a change bit set, there is no guarantee that the corresponding Port
+Status Change Event has already been written into the Event Ring."
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jeremy Cline <jcline@redhat.com>
+---
+ drivers/usb/host/xhci.c | 40 +++++++++++++++++++++++++++++++++++++---
+ drivers/usb/host/xhci.h |  4 ++++
+ 2 files changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index 8c8da2d657fa..f11ec61bcc7d 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -908,6 +908,41 @@ static void xhci_disable_port_wake_on_bits(struct xhci_hcd *xhci)
+ 	spin_unlock_irqrestore(&xhci->lock, flags);
+ }
+ 
++static bool xhci_pending_portevent(struct xhci_hcd *xhci)
++{
++	struct xhci_port	**ports;
++	int			port_index;
++	u32			status;
++	u32			portsc;
++
++	status = readl(&xhci->op_regs->status);
++	if (status & STS_EINT)
++		return true;
++	/*
++	 * Checking STS_EINT is not enough as there is a lag between a change
++	 * bit being set and the Port Status Change Event that it generated
++	 * being written to the Event Ring. See note in xhci 1.1 section 4.19.2.
++	 */
++
++	port_index = xhci->usb2_rhub.num_ports;
++	ports = xhci->usb2_rhub.ports;
++	while (port_index--) {
++		portsc = readl(ports[port_index]->addr);
++		if (portsc & PORT_CHANGE_MASK ||
++		    (portsc & PORT_PLS_MASK) == XDEV_RESUME)
++			return true;
++	}
++	port_index = xhci->usb3_rhub.num_ports;
++	ports = xhci->usb3_rhub.ports;
++	while (port_index--) {
++		portsc = readl(ports[port_index]->addr);
++		if (portsc & PORT_CHANGE_MASK ||
++		    (portsc & PORT_PLS_MASK) == XDEV_RESUME)
++			return true;
++	}
++	return false;
++}
++
+ /*
+  * Stop HC (not bus-specific)
+  *
+@@ -1009,7 +1044,7 @@ EXPORT_SYMBOL_GPL(xhci_suspend);
+  */
+ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
+ {
+-	u32			command, temp = 0, status;
++	u32			command, temp = 0;
+ 	struct usb_hcd		*hcd = xhci_to_hcd(xhci);
+ 	struct usb_hcd		*secondary_hcd;
+ 	int			retval = 0;
+@@ -1134,8 +1169,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
+  done:
+ 	if (retval == 0) {
+ 		/* Resume root hubs only when have pending events. */
+-		status = readl(&xhci->op_regs->status);
+-		if (status & STS_EINT) {
++		if (xhci_pending_portevent(xhci)) {
+ 			usb_hcd_resume_root_hub(xhci->shared_hcd);
+ 			usb_hcd_resume_root_hub(hcd);
+ 		}
+diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
+index 939e2f86b595..841e89ffe2e9 100644
+--- a/drivers/usb/host/xhci.h
++++ b/drivers/usb/host/xhci.h
+@@ -382,6 +382,10 @@ struct xhci_op_regs {
+ #define PORT_PLC	(1 << 22)
+ /* port configure error change - port failed to configure its link partner */
+ #define PORT_CEC	(1 << 23)
++#define PORT_CHANGE_MASK	(PORT_CSC | PORT_PEC | PORT_WRC | PORT_OCC | \
++				 PORT_RC | PORT_PLC | PORT_CEC)
++
++
+ /* Cold Attach Status - xHC can set this bit to report device attached during
+  * Sx state. Warm port reset should be perfomed to clear this bit and move port
+  * to connected state.
+-- 
+2.17.1
+