9 files changed, 74 insertions, 155 deletions

diff --git a/config-arm64 b/config-arm64
index 60aa6cbbe..a9a02f81f 100644
--- a/config-arm64
+++ b/config-arm64
@@ -164,6 +164,7 @@ CONFIG_ARCH_TEGRA_210_SOC=y
 CONFIG_TEGRA210_ADMA=y
 CONFIG_MFD_MAX77620=y
 CONFIG_REGULATOR_MAX77620=m
+# CONFIG_GPIO_TEGRA is not set
 
 # AllWinner
 CONFIG_MACH_SUN50I=y
diff --git a/config-armv7-generic b/config-armv7-generic
index 10c489b19..dbbcbc81e 100644
--- a/config-armv7-generic
+++ b/config-armv7-generic
@@ -379,6 +379,7 @@ CONFIG_SND_SOC_TEGRA_RT5677=m
 CONFIG_AD525X_DPOT=m
 CONFIG_AD525X_DPOT_I2C=m
 CONFIG_AD525X_DPOT_SPI=m
+# CONFIG_GPIO_TEGRA is not set
 
 # Jetson TK1
 CONFIG_PINCTRL_AS3722=y
diff --git a/config-generic b/config-generic
index 32832687f..82db0f623 100644
--- a/config-generic
+++ b/config-generic
@@ -1837,13 +1837,13 @@ CONFIG_B43=m
 CONFIG_B43_SDIO=y
 CONFIG_B43_BCMA=y
 CONFIG_B43_BCMA_PIO=y
-CONFIG_B43_DEBUG=y
+# CONFIG_B43_DEBUG is not set
 CONFIG_B43_PHY_LP=y
 CONFIG_B43_PHY_N=y
 CONFIG_B43_PHY_HT=y
 CONFIG_B43_PHY_G=y
 CONFIG_B43LEGACY=m
-CONFIG_B43LEGACY_DEBUG=y
+# CONFIG_B43LEGACY_DEBUG is not set
 CONFIG_B43LEGACY_DMA=y
 CONFIG_B43LEGACY_PIO=y
 CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@@ -5218,7 +5218,7 @@ CONFIG_PM_DEBUG=y
 # CONFIG_DPM_WATCHDOG is not set # revisit this in debug
 CONFIG_PM_TRACE=y
 CONFIG_PM_TRACE_RTC=y
-CONFIG_PM_TEST_SUSPEND=y
+# CONFIG_PM_TEST_SUSPEND is not set
 # CONFIG_PM_OPP is not set
 # CONFIG_PM_AUTOSLEEP is not set
 # CONFIG_PM_WAKELOCKS is not set
diff --git a/config-nodebug b/config-nodebug
index 0dc864752..4bd461d8f 100644
--- a/config-nodebug
+++ b/config-nodebug
@@ -2,102 +2,102 @@ CONFIG_SND_VERBOSE_PRINTK=y
 CONFIG_SND_DEBUG=y
 CONFIG_SND_PCM_XRUN_DEBUG=y
 
-CONFIG_DEBUG_ATOMIC_SLEEP=y
-
-CONFIG_DEBUG_MUTEXES=y
-CONFIG_DEBUG_RT_MUTEXES=y
-CONFIG_DEBUG_LOCK_ALLOC=y
-CONFIG_LOCK_TORTURE_TEST=m
-CONFIG_PROVE_LOCKING=y
-CONFIG_DEBUG_SPINLOCK=y
-CONFIG_PROVE_RCU=y
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_PROVE_RCU is not set
 # CONFIG_PROVE_RCU_REPEATEDLY is not set
-CONFIG_DEBUG_PER_CPU_MAPS=y
+# CONFIG_DEBUG_PER_CPU_MAPS is not set
 CONFIG_CPUMASK_OFFSTACK=y
 
-CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
+# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set
 
-CONFIG_FAULT_INJECTION=y
-CONFIG_FAILSLAB=y
-CONFIG_FAIL_PAGE_ALLOC=y
-CONFIG_FAIL_MAKE_REQUEST=y
-CONFIG_FAULT_INJECTION_DEBUG_FS=y
-CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
-CONFIG_FAIL_IO_TIMEOUT=y
-CONFIG_FAIL_MMC_REQUEST=y
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_FAILSLAB is not set
+# CONFIG_FAIL_PAGE_ALLOC is not set
+# CONFIG_FAIL_MAKE_REQUEST is not set
+# CONFIG_FAULT_INJECTION_DEBUG_FS is not set
+# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set
+# CONFIG_FAIL_IO_TIMEOUT is not set
+# CONFIG_FAIL_MMC_REQUEST is not set
 # CONFIG_F2FS_FAULT_INJECTION is not set
 
-CONFIG_LOCK_STAT=y
+# CONFIG_LOCK_STAT is not set
 
-CONFIG_DEBUG_STACK_USAGE=y
+# CONFIG_DEBUG_STACK_USAGE is not set
 
-CONFIG_ACPI_DEBUG=y
+# CONFIG_ACPI_DEBUG is not set
 # CONFIG_ACPI_DEBUGGER is not set
 
-CONFIG_DEBUG_SG=y
-CONFIG_DEBUG_PI_LIST=y
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_PI_LIST is not set
 
 # CONFIG_PAGE_EXTENSION is not set
 # CONFIG_PAGE_OWNER is not set
 # CONFIG_DEBUG_PAGEALLOC is not set
 
-CONFIG_DEBUG_OBJECTS=y
+# CONFIG_DEBUG_OBJECTS is not set
 # CONFIG_DEBUG_OBJECTS_SELFTEST is not set
-CONFIG_DEBUG_OBJECTS_FREE=y
-CONFIG_DEBUG_OBJECTS_TIMERS=y
-CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
+# CONFIG_DEBUG_OBJECTS_FREE is not set
+# CONFIG_DEBUG_OBJECTS_TIMERS is not set
+# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
 CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
 
 CONFIG_X86_PTDUMP=y
-CONFIG_ARM64_PTDUMP=y
-CONFIG_EFI_PGT_DUMP=y
+# CONFIG_ARM64_PTDUMP is not set
+# CONFIG_EFI_PGT_DUMP is not set
 
-CONFIG_CAN_DEBUG_DEVICES=y
+# CONFIG_CAN_DEBUG_DEVICES is not set
 
-CONFIG_MODULE_FORCE_UNLOAD=y
+# CONFIG_MODULE_FORCE_UNLOAD is not set
 
 
-CONFIG_DEBUG_NOTIFIERS=y
+# CONFIG_DEBUG_NOTIFIERS is not set
 
-CONFIG_DMA_API_DEBUG=y
+# CONFIG_DMA_API_DEBUG is not set
 
-CONFIG_MMIOTRACE=y
+# CONFIG_MMIOTRACE is not set
 
-CONFIG_DEBUG_CREDENTIALS=y
+# CONFIG_DEBUG_CREDENTIALS is not set
 
 # off in both production debug and nodebug builds,
 #  on in rawhide nodebug builds
-CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
 
-CONFIG_EXT4_DEBUG=y
+# CONFIG_EXT4_DEBUG is not set
 
 # CONFIG_XFS_WARN is not set
 
-CONFIG_DEBUG_PERF_USE_VMALLOC=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
 
-CONFIG_JBD2_DEBUG=y
+# CONFIG_JBD2_DEBUG is not set
 
-CONFIG_NFSD_FAULT_INJECTION=y
+# CONFIG_NFSD_FAULT_INJECTION is not set
 
-CONFIG_DEBUG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
 
-CONFIG_DRBD_FAULT_INJECTION=y
+# CONFIG_DRBD_FAULT_INJECTION is not set
 
-CONFIG_ATH_DEBUG=y
-CONFIG_CARL9170_DEBUGFS=y
-CONFIG_IWLWIFI_DEVICE_TRACING=y
+# CONFIG_ATH_DEBUG is not set
+# CONFIG_CARL9170_DEBUGFS is not set
+# CONFIG_IWLWIFI_DEVICE_TRACING is not set
 
 # CONFIG_RTLWIFI_DEBUG is not set
 
-CONFIG_DEBUG_OBJECTS_WORK=y
+# CONFIG_DEBUG_OBJECTS_WORK is not set
 
-CONFIG_DMADEVICES_DEBUG=y
+# CONFIG_DMADEVICES_DEBUG is not set
 # CONFIG_DMADEVICES_VDEBUG is not set
 
 CONFIG_PM_ADVANCED_DEBUG=y
 
-CONFIG_CEPH_LIB_PRETTYDEBUG=y
-CONFIG_QUOTA_DEBUG=y
+# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
+# CONFIG_QUOTA_DEBUG is not set
 
 
 CONFIG_KGDB_KDB=y
@@ -105,19 +105,19 @@ CONFIG_KDB_DEFAULT_ENABLE=0x0
 CONFIG_KDB_KEYBOARD=y
 CONFIG_KDB_CONTINUE_CATASTROPHIC=0
 
-CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
+# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
 # CONFIG_PERCPU_TEST is not set
-CONFIG_TEST_LIST_SORT=y
+# CONFIG_TEST_LIST_SORT is not set
 # CONFIG_TEST_STRING_HELPERS is not set
 
-CONFIG_DETECT_HUNG_TASK=y
+# CONFIG_DETECT_HUNG_TASK is not set
 CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
-CONFIG_WQ_WATCHDOG=y
+# CONFIG_WQ_WATCHDOG is not set
 
-CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
+# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set
 
-CONFIG_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
 CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
 # CONFIG_DEBUG_KMEMLEAK_TEST is not set
 CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
@@ -128,4 +128,4 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
 
 # CONFIG_SPI_DEBUG is not set
 
-CONFIG_DEBUG_VM_PGFLAGS=y
+# CONFIG_DEBUG_VM_PGFLAGS is not set
diff --git a/config-x86-generic b/config-x86-generic
index ae80650a4..8ae20bab7 100644
--- a/config-x86-generic
+++ b/config-x86-generic
@@ -381,7 +381,7 @@ CONFIG_SP5100_TCO=m
 
 # CONFIG_MEMTEST is not set
 # CONFIG_DEBUG_TLBFLUSH is not set
-CONFIG_MAXSMP=y
+# CONFIG_MAXSMP is not set
 
 
 CONFIG_HP_ILO=m
diff --git a/gitrev b/gitrev
index c5a3e280a..2fd16175c 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-47ef4ad2684d380dd6d596140fb79395115c3950
+dd9506954539dcedd0294a065ff0976e61386fc6
diff --git a/kernel.spec b/kernel.spec
index dfd06654e..5aa957e84 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -6,7 +6,7 @@ Summary: The Linux kernel
 # For a stable, released kernel, released_kernel should be 1. For rawhide
 # and/or a kernel built from an rc or git snapshot, released_kernel should
 # be 0.
-%global released_kernel 0
+%global released_kernel 1
 
 # Sign modules on x86.  Make sure the config files match this setting if more
 # architectures are added.
@@ -48,7 +48,7 @@ Summary: The Linux kernel
 # base_sublevel is the kernel version we're starting with and patching
 # on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
 # which yields a base_sublevel of 0.
-%define base_sublevel 6
+%define base_sublevel 7
 
 ## If this is a released kernel ##
 %if 0%{?released_kernel}
@@ -67,9 +67,9 @@ Summary: The Linux kernel
 # The next upstream release sublevel (base_sublevel+1)
 %define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
 # The rc snapshot level
-%define rcrev 7
+%define rcrev 0
 # The git snapshot level
-%define gitrev 4
+%define gitrev 2
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -125,7 +125,7 @@ Summary: The Linux kernel
 # Set debugbuildsenabled to 1 for production (build separate debug kernels)
 #  and 0 for rawhide (all kernels are debug kernels).
 # See also 'make debug' and 'make release'.
-%define debugbuildsenabled 0
+%define debugbuildsenabled 1
 
 # Want to build a vanilla kernel build without any non-upstream patches?
 %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@@ -629,9 +629,6 @@ Patch817: 0017-drm-i915-Remove-wm_config-from-dev_priv-intel_atomic.patch
 #Workaround for glibc update
 Patch835: 0001-Work-around-for-addition-of-metag-def-but-not-reloca.patch
 
-#CVE-2016-5389 CVE-2016-5969 rhbz 1354708 1355615
-Patch836: tcp-make-challenge-acks-less-predictable.patch
-
 # https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org/message/A4YCP7OGMX6JLFT5V44H57GOMAQLC3M4/
 Patch837: drm-amdgpu-Disable-RPM-helpers-while-reprobing.patch
 Patch838: drm-i915-skl-Add-support-for-the-SAGV-fix-underrun-hangs.patch
@@ -2162,6 +2159,9 @@ fi
 #
 # 
 %changelog
+* Mon Jul 25 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-1
+- Linux v4.7
+
 * Tue Jul 19 2016 Peter Robinson <pbrobinson@fedoraproject.org>
 - Add aarch64 ACPI pci-e patches headed for 4.8
 
diff --git a/sources b/sources
index df07af41e..cc6fb3891 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,2 @@
-d2927020e24a76da4ab482a8bc3e9ef3  linux-4.6.tar.xz
-fd23b14b9d474c3dfacb6e8ee82d3a51  perf-man-4.6.tar.gz
-1ec96a040683561e53e983cfdb09bab8  patch-4.7-rc7.xz
-a47b41aa2daa8aeb9a81283eb1c2df13  patch-4.7-rc7-git4.xz
+5276563eb1f39a048e4a8a887408c031  linux-4.7.tar.xz
+fe259c02c75eec61d1aa4b1211f3c853  perf-man-4.7.tar.gz
diff --git a/tcp-make-challenge-acks-less-predictable.patch b/tcp-make-challenge-acks-less-predictable.patch
deleted file mode 100644
index 6837cff0b..000000000
--- a/tcp-make-challenge-acks-less-predictable.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 0af29b4f03b40fe0980c31d18e352f2ef19ec703 Mon Sep 17 00:00:00 2001
-From: Eric Dumazet <edumazet@google.com>
-Date: Sun, 10 Jul 2016 10:04:02 +0200
-Subject: [PATCH] tcp: make challenge acks less predictable
-
-Yue Cao claims that current host rate limiting of challenge ACKS
-(RFC 5961) could leak enough information to allow a patient attacker
-to hijack TCP sessions. He will soon provide details in an academic
-paper.
-
-This patch increases the default limit from 100 to 1000, and adds
-some randomization so that the attacker can no longer hijack
-sessions without spending a considerable amount of probes.
-
-Based on initial analysis and patch from Linus.
-
-Note that we also have per socket rate limiting, so it is tempting
-to remove the host limit in the future.
-
-v2: randomize the count of challenge acks per second, not the period.
-
-Fixes: 282f23c6ee34 ("tcp: implement RFC 5961 3.2")
-Reported-by: Yue Cao <ycao009@ucr.edu>
-Signed-off-by: Eric Dumazet <edumazet@google.com>
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Yuchung Cheng <ycheng@google.com>
-Cc: Neal Cardwell <ncardwell@google.com>
-Acked-by: Neal Cardwell <ncardwell@google.com>
-Acked-by: Yuchung Cheng <ycheng@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/ipv4/tcp_input.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index d6c8f4cd0800..91868bb17818 100644
---- a/net/ipv4/tcp_input.c
-+++ b/net/ipv4/tcp_input.c
-@@ -87,7 +87,7 @@ int sysctl_tcp_adv_win_scale __read_mostly = 1;
- EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
- 
- /* rfc5961 challenge ack rate limiting */
--int sysctl_tcp_challenge_ack_limit = 100;
-+int sysctl_tcp_challenge_ack_limit = 1000;
- 
- int sysctl_tcp_stdurg __read_mostly;
- int sysctl_tcp_rfc1337 __read_mostly;
-@@ -3458,7 +3458,7 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb)
- 	static u32 challenge_timestamp;
- 	static unsigned int challenge_count;
- 	struct tcp_sock *tp = tcp_sk(sk);
--	u32 now;
-+	u32 count, now;
- 
- 	/* First check our per-socket dupack rate limit. */
- 	if (tcp_oow_rate_limited(sock_net(sk), skb,
-@@ -3466,13 +3466,18 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb)
- 				 &tp->last_oow_ack_time))
- 		return;
- 
--	/* Then check the check host-wide RFC 5961 rate limit. */
-+	/* Then check host-wide RFC 5961 rate limit. */
- 	now = jiffies / HZ;
- 	if (now != challenge_timestamp) {
-+		u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
-+
- 		challenge_timestamp = now;
--		challenge_count = 0;
-+		WRITE_ONCE(challenge_count, half +
-+			   prandom_u32_max(sysctl_tcp_challenge_ack_limit));
- 	}
--	if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {
-+	count = READ_ONCE(challenge_count);
-+	if (count > 0) {
-+		WRITE_ONCE(challenge_count, count - 1);
- 		NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
- 		tcp_send_ack(sk);
- 	}
--- 
-2.5.5
-