Linux v4.6-6148-g03b979d

- Docs, i2c, md, iommu, sound, pci, pinctrl, dmaengine, kvm, security merges

13 files changed, 37 insertions, 177 deletions

diff --git a/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS.patch b/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS.patch
deleted file mode 100644
index 3eb8bf183..000000000
--- a/ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 527a5767c165abd2b4dba99da992c51ca7547562 Mon Sep 17 00:00:00 2001
-From: Kangjie Lu <kangjielu@gmail.com>
-Date: Tue, 3 May 2016 16:44:07 -0400
-Subject: [PATCH 1/3] ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The stack object “tread” has a total size of 32 bytes. Its field
-“event” and “val” both contain 4 bytes padding. These 8 bytes
-padding bytes are sent to user without being initialized.
-
-Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
----
- sound/core/timer.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/sound/core/timer.c b/sound/core/timer.c
-index 6469bedda2f3..964f5ebf495e 100644
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -1739,6 +1739,7 @@ static int snd_timer_user_params(struct file *file,
- 	if (tu->timeri->flags & SNDRV_TIMER_IFLG_EARLY_EVENT) {
- 		if (tu->tread) {
- 			struct snd_timer_tread tread;
-+			memset(&tread, 0, sizeof(tread));
- 			tread.event = SNDRV_TIMER_EVENT_EARLY;
- 			tread.tstamp.tv_sec = 0;
- 			tread.tstamp.tv_nsec = 0;
--- 
-2.5.5
-
diff --git a/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca.patch b/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca.patch
deleted file mode 100644
index e6f46f8a8..000000000
--- a/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From addd6e9f0e25efb00d813d54528607c75b77c416 Mon Sep 17 00:00:00 2001
-From: Kangjie Lu <kangjielu@gmail.com>
-Date: Tue, 3 May 2016 16:44:20 -0400
-Subject: [PATCH 2/3] ALSA: timer: Fix leak in events via
- snd_timer_user_ccallback
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The stack object “r1” has a total size of 32 bytes. Its field
-“event” and “val” both contain 4 bytes padding. These 8 bytes
-padding bytes are sent to user without being initialized.
-
-Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
----
- sound/core/timer.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/sound/core/timer.c b/sound/core/timer.c
-index 964f5ebf495e..e98fa5feb731 100644
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -1225,6 +1225,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri,
- 		tu->tstamp = *tstamp;
- 	if ((tu->filter & (1 << event)) == 0 || !tu->tread)
- 		return;
-+	memset(&r1, 0, sizeof(r1));
- 	r1.event = event;
- 	r1.tstamp = *tstamp;
- 	r1.val = resolution;
--- 
-2.5.5
-
diff --git a/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch b/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch
deleted file mode 100644
index 7851c55a2..000000000
--- a/ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From b06a443b5679e9a0298e2f206ddb60845569f62f Mon Sep 17 00:00:00 2001
-From: Kangjie Lu <kangjielu@gmail.com>
-Date: Tue, 3 May 2016 16:44:32 -0400
-Subject: [PATCH 3/3] ALSA: timer: Fix leak in events via
- snd_timer_user_tinterrupt
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The stack object “r1” has a total size of 32 bytes. Its field
-“event” and “val” both contain 4 bytes padding. These 8 bytes
-padding bytes are sent to user without being initialized.
-
-Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
----
- sound/core/timer.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/sound/core/timer.c b/sound/core/timer.c
-index e98fa5feb731..c69a27155433 100644
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -1268,6 +1268,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri,
- 	}
- 	if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) &&
- 	    tu->last_resolution != resolution) {
-+		memset(&r1, 0, sizeof(r1));
- 		r1.event = SNDRV_TIMER_EVENT_RESOLUTION;
- 		r1.tstamp = tstamp;
- 		r1.val = resolution;
--- 
-2.5.5
-
diff --git a/Add-an-EFI-signature-blob-parser-and-key-loader.patch b/Add-an-EFI-signature-blob-parser-and-key-loader.patch
index 86a285581..78f482b39 100644
--- a/Add-an-EFI-signature-blob-parser-and-key-loader.patch
+++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch
@@ -1,4 +1,4 @@
-From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
+From 8cd53548ce7b88b08cc6345c8fca7d28d1f3a7f2 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:36:28 -0400
 Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
@@ -6,20 +6,21 @@ Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
 X.509 certificates are loaded into the specified keyring as asymmetric type
 keys.
 
+[labbott@fedoraproject.org: Drop KEY_ALLOC_TRUSTED]
 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
  crypto/asymmetric_keys/Kconfig      |   8 +++
  crypto/asymmetric_keys/Makefile     |   1 +
- crypto/asymmetric_keys/efi_parser.c | 109 ++++++++++++++++++++++++++++++++++++
+ crypto/asymmetric_keys/efi_parser.c | 108 ++++++++++++++++++++++++++++++++++++
  include/linux/efi.h                 |   4 ++
- 4 files changed, 122 insertions(+)
+ 4 files changed, 121 insertions(+)
  create mode 100644 crypto/asymmetric_keys/efi_parser.c
 
 diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
-index 4870f28403f5..4a1b50d73b80 100644
+index e28e912..94024e8 100644
 --- a/crypto/asymmetric_keys/Kconfig
 +++ b/crypto/asymmetric_keys/Kconfig
-@@ -67,4 +67,12 @@ config SIGNED_PE_FILE_VERIFICATION
+@@ -60,4 +60,12 @@ config SIGNED_PE_FILE_VERIFICATION
  	  This option provides support for verifying the signature(s) on a
  	  signed PE binary.
  
@@ -33,10 +34,11 @@ index 4870f28403f5..4a1b50d73b80 100644
 +
  endif # ASYMMETRIC_KEY_TYPE
 diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
-index cd1406f9b14a..d9db380bbe53 100644
+index 6516855..c099fe1 100644
 --- a/crypto/asymmetric_keys/Makefile
 +++ b/crypto/asymmetric_keys/Makefile
-@@ -7,5 +7,6 @@ asymmetric_keys-y := asymmetric_type.o signature.o
+@@ -10,6 +10,7 @@ asymmetric_keys-y := \
+ 	signature.o
  
  obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
 +obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
@@ -45,10 +47,10 @@ index cd1406f9b14a..d9db380bbe53 100644
  # X.509 Certificate handling
 diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
 new file mode 100644
-index 000000000000..424896a0b169
+index 0000000..636feb1
 --- /dev/null
 +++ b/crypto/asymmetric_keys/efi_parser.c
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,108 @@
 +/* EFI signature/key/certificate list parser
 + *
 + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
@@ -139,8 +141,7 @@ index 000000000000..424896a0b169
 +				esize - sizeof(*elem),
 +				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
 +				KEY_USR_VIEW,
-+				KEY_ALLOC_NOT_IN_QUOTA |
-+				KEY_ALLOC_TRUSTED);
++				KEY_ALLOC_NOT_IN_QUOTA);
 +
 +			if (IS_ERR(key))
 +				pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
@@ -159,10 +160,10 @@ index 000000000000..424896a0b169
 +	return 0;
 +}
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index fac43c611614..414c3c3d988d 100644
+index b80227a..18443e3 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -941,6 +941,10 @@ extern bool efi_poweroff_required(void);
+@@ -1050,6 +1050,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
  char * __init efi_md_typeattr_format(char *buf, size_t size,
  				     const efi_memory_desc_t *md);
  
@@ -174,5 +175,5 @@ index fac43c611614..414c3c3d988d 100644
   * efi_range_is_wc - check the WC bit on an address range
   * @start: starting kvirt address
 -- 
-2.4.3
+2.5.5
 
diff --git a/KVM-MTRR-remove-MSR-0x2f8.patch b/KVM-MTRR-remove-MSR-0x2f8.patch
deleted file mode 100644
index 8066b2e8f..000000000
--- a/KVM-MTRR-remove-MSR-0x2f8.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From bb0f06280beb6507226627a85076ae349a23fe22 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
-Date: Mon, 16 May 2016 09:45:35 -0400
-Subject: [PATCH] KVM: MTRR: remove MSR 0x2f8
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-MSR 0x2f8 accessed the 124th Variable Range MTRR ever since MTRR support
-was introduced by 9ba075a664df ("KVM: MTRR support").
-
-0x2f8 became harmful when 910a6aae4e2e ("KVM: MTRR: exactly define the
-size of variable MTRRs") shrinked the array of VR MTRRs from 256 to 8,
-which made access to index 124 out of bounds.  The surrounding code only
-WARNs in this situation, thus the guest gained a limited read/write
-access to struct kvm_arch_vcpu.
-
-0x2f8 is not a valid VR MTRR MSR, because KVM has/advertises only 16 VR
-MTRR MSRs, 0x200-0x20f.  Every VR MTRR is set up using two MSRs, 0x2f8
-was treated as a PHYSBASE and 0x2f9 would be its PHYSMASK, but 0x2f9 was
-not implemented in KVM, therefore 0x2f8 could never do anything useful
-and getting rid of it is safe.
-
-This fixes CVE-2016-TBD.
-
-Fixes: 910a6aae4e2e ("KVM: MTRR: exactly define the size of variable MTRRs")
-Cc: stable@vger.kernel.org
-Reported-by: David Matlack <dmatlack@google.com>
-Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
----
- arch/x86/kvm/mtrr.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
-index 3f8c732117ec..c146f3c262c3 100644
---- a/arch/x86/kvm/mtrr.c
-+++ b/arch/x86/kvm/mtrr.c
-@@ -44,8 +44,6 @@ static bool msr_mtrr_valid(unsigned msr)
- 	case MSR_MTRRdefType:
- 	case MSR_IA32_CR_PAT:
- 		return true;
--	case 0x2f8:
--		return true;
- 	}
- 	return false;
- }
--- 
-2.5.5
-
diff --git a/config-arm-generic b/config-arm-generic
index 1963d5ee3..2b71fa092 100644
--- a/config-arm-generic
+++ b/config-arm-generic
@@ -547,3 +547,6 @@ CONFIG_CHECKPOINT_RESTORE=y
 
 # CONFIG_HW_RANDOM_HISI is not set
 # CONFIG_QRTR is not set
+
+# This Xilinx option is now built for arm64 as well as ARM
+CONFIG_XILINX_VDMA=m
diff --git a/config-armv7 b/config-armv7
index 755cefa99..d2191cee9 100644
--- a/config-armv7
+++ b/config-armv7
@@ -587,7 +587,6 @@ CONFIG_SPI_CADENCE=m
 CONFIG_I2C_CADENCE=m
 CONFIG_XILINX_WATCHDOG=m
 CONFIG_XILINX_XADC=m
-CONFIG_XILINX_VDMA=m
 CONFIG_SND_SOC_ADI=m
 CONFIG_SND_SOC_ADI_AXI_I2S=m
 CONFIG_SND_SOC_ADI_AXI_SPDIF=m
diff --git a/config-armv7-generic b/config-armv7-generic
index ea045c1c3..0b99be151 100644
--- a/config-armv7-generic
+++ b/config-armv7-generic
@@ -461,6 +461,7 @@ CONFIG_RTC_DRV_ARMADA38X=m
 CONFIG_LEDS_NS2=m
 CONFIG_SERIAL_MVEBU_UART=y
 # CONFIG_SERIAL_MVEBU_CONSOLE is not set
+# CONFIG_PCIE_ARMADA_8K is not set
 
 # DRM panels
 CONFIG_DRM_PANEL=y
diff --git a/config-generic b/config-generic
index 8030ba4f4..9601b58d2 100644
--- a/config-generic
+++ b/config-generic
@@ -111,6 +111,7 @@ CONFIG_HOTPLUG_PCI=y
 # CONFIG_HOTPLUG_PCI_SHPC is not set
 CONFIG_HOTPLUG_PCI_PCIE=y
 # CONFIG_PCIE_DW_PLAT is not set
+CONFIG_PCIE_DPC=m
 
 # CONFIG_SGI_IOC4 is not set
 
@@ -4935,6 +4936,7 @@ CONFIG_SECURITY_SELINUX_AVC_STATS=y
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
+# CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
 CONFIG_AUDIT=y
 CONFIG_AUDITSYSCALL=y
@@ -5071,6 +5073,7 @@ CONFIG_PERSISTENT_KEYRINGS=y
 CONFIG_BIG_KEYS=y
 CONFIG_TRUSTED_KEYS=m
 CONFIG_ENCRYPTED_KEYS=m
+CONFIG_KEY_DH_OPERATIONS=y
 CONFIG_CDROM_PKTCDVD=m
 CONFIG_CDROM_PKTCDVD_BUFFERS=8
 # CONFIG_CDROM_PKTCDVD_WCACHE is not set
@@ -5920,6 +5923,7 @@ CONFIG_MODULE_SIG_SHA256=y
 CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 CONFIG_SYSTEM_TRUSTED_KEYS=""
 # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+CONFIG_SECONDARY_TRUSTED_KEYRING=y
 CONFIG_PKCS7_MESSAGE_PARSER=y
 # CONFIG_PKCS7_TEST_KEY is not set
 CONFIG_SIGNED_PE_FILE_VERIFICATION=y
@@ -5955,3 +5959,5 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y
 # The kernel code has a nice comment
 # WARNING: Do not even assume this interface is staying stable!
 # CONFIG_MCE_AMD_INJ is not set
+
+# CONFIG_EZNPS_GIC is not set
diff --git a/config-x86-generic b/config-x86-generic
index 328f40020..5418ee7ab 100644
--- a/config-x86-generic
+++ b/config-x86-generic
@@ -575,6 +575,7 @@ CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
+CONFIG_SND_SOC_INTEL_BXT_RT298_MACH=m
 CONFIG_SND_SOC_AC97_CODEC=m
 # CONFIG_SND_SOC_TAS571X is not set
 # CONFIG_SND_SUN4I_CODEC is not set
diff --git a/gitrev b/gitrev
index 3b79c3867..3ddae4b99 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-2600a46ee0ed57c0e0a382c2a37ebac64d374d20
+03b979dd0323ace8e29a0561cd5232f73a060c09
diff --git a/kernel.spec b/kernel.spec
index 0e0988151..2fcb59930 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -69,7 +69,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 0
 # The git snapshot level
-%define gitrev 4
+%define gitrev 5
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -562,7 +562,10 @@ Patch487: Add-EFI-signature-data-types.patch
 
 Patch488: Add-an-EFI-signature-blob-parser-and-key-loader.patch
 
-Patch489: KEYS-Add-a-system-blacklist-keyring.patch
+# This doesn't apply. It seems like it could be replaced by
+# https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ac7eace2d00eab5ae0e9fdee63e38aee6001f7c
+# which has an explicit line about blacklisting
+# Patch489: KEYS-Add-a-system-blacklist-keyring.patch
 
 Patch490: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
 
@@ -606,14 +609,6 @@ Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
 #CVE-2016-4482 rhbz 1332931 1332932
 Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch
 
-#CVE-2016-4569 rhbz 1334643 1334645
-Patch714: ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS.patch
-Patch715: ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca.patch
-Patch716: ALSA-timer-Fix-leak-in-events-via-snd_timer_user_tin.patch
-
-#CVE-2016-3713 rhbz 1332139 1336410
-Patch717: KVM-MTRR-remove-MSR-0x2f8.patch
-
 #CVE-2016-4440 rhbz 1337806 1337807
 Patch719: kvm-vmx-more-complete-state-update-on-APICv-on-off.patch
 
@@ -2142,6 +2137,10 @@ fi
 #
 # 
 %changelog
+* Fri May 20 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git5.1
+- Linux v4.6-6148-g03b979d
+- Docs, i2c, md, iommu, sound, pci, pinctrl, dmaengine, kvm, security merges
+
 * Fri May 20 2016 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2016-4440 kvm: incorrect state leading to APIC register access (rhbz 1337806 1337807)
 
diff --git a/sources b/sources
index ab2baebf7..89eacce1f 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 d2927020e24a76da4ab482a8bc3e9ef3  linux-4.6.tar.xz
 fd23b14b9d474c3dfacb6e8ee82d3a51  perf-man-4.6.tar.gz
-be912d5f22aba6286ac2e205e2ce1202  patch-4.6-git4.xz
+9bcfe711504d6e532084a2c2cc610b73  patch-4.6-git5.xz