This update for kernel-source-arm64 fixes the following issues:
- kABI fixes for 4.1.22
- Add some fixups (module, pci_dev, drm, fuse and thermal)
- Add kabi/severities entries to ignore sound/hda/*, x509_*,
efivar_validate, file_open_root and dax_fault
- Linux 4.1.22 (CVE-2015-8539OD CVE-2015-8812 CVE-2016-2184
CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-3138
CVE-2016-3689 bsc#958463 bsc#970911 bsc#970956 bsc#970958
bsc#971124 bsc#971628 bsc#954532 bsc#954876 bsc#975868
bsc#966437 bsc#971125).
- of: iommu: Silence misleading warning.
- USB: usbip: fix potential out-of-bounds write (bsc#975945).
- Revert "drm/radeon: call hpd_irq_event on resume" (bsc#975868).
- pipe: limit the per-user amount of pages allocated in pipes (bsc#970948 CVE-2016-2847).
- Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes.
- USB: mct_u232: add sanity checking in probe (bsc#970955, CVE-2016-3136).
- USB: iowarrior: fix oops with malicious USB descriptors (bsc#970956, CVE-2016-2188).
- USB: cdc-acm: more sanity checking (bsc#970911, CVE-2016-3138).
- USB: cypress_m8: add endpoint sanity check (bsc#970970, CVE-2016-3137).
- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bsc#974418, CVE-2016-3951).
- USB: digi_acceleport: do sanity checking for the number of ports (bsc#970892, CVE-2016-3140).
- Linux 4.1.21.
- arm64: Update config file and enable CONFIG_FB_EFI
- efi/arm*: efifb: expose efifb platform device if GOP is available (bsc#974215).
- efi/arm*: libstub: wire up GOP handling into the ARM UEFI stub (bsc#974215).
- efi: efifb: use builtin_platform_driver and drop unused includes (bsc#974215).
- efi/x86: efifb: move DMI based quirks handling out of generic code (bsc#974215).
- efi/x86: libstub: move to generic GOP code (bsc#974215).
- efi: libstub: move Graphics Output Protocol handling to generic code (bsc#974215).
- efi: make install_configuration_table() boot service usable (bsc#974215).
- efifb: Add support for 64-bit frame buffer addresses (bsc#974215).
- Input: powermate - fix oops with malicious USB descriptors (bsc#970958, CVE-2016-2186).
- USB: usb_driver_claim_interface: add sanity checking (bsc#971124, CVE-2016-2185).
- Input: ims-pcu - sanity check against missing interfaces (bsc#971628, CVE-2016-3689).
- ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).
- ALSA: timer: Call notifier in the same spinlock (bsc#973378).
- ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378).
- ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378).
- backends: guarantee one time reads of shared ring contents (bsc#957988).
- netback: don't use last request to determine minimum Tx credit (bsc#957988).
- Update Xen patches to 4.1.20.
- Update kabi files from kernel 4.1.20-11
- Backport arm64 patches from SLE12-SP1-ARM
- net: thunderx: Use napi_schedule_irqoff() (fate#319980).
- Update config files: Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module.
- ipv4: Don't do expensive useless work during inetdev destroy (CVE-2016-3156 bsc#971360).
- ext4: fix races of writeback with punch hole and zero range (bsc#972174).
- ext4: fix races between buffered IO and collapse / insert range (bsc#972174).
- ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174).
- ext4: fix races between page faults and hole punching (bsc#972174).
- net: thunderx: Use napi_schedule_irqoff() (fate#319980).
- Linux 4.1.20 (bsc#954647 bsc#954876).
- ALSA: usb-audio: Add sanity checks for endpoint accesses (CVE-2016-2184,bsc#971125).
- ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk() (CVE-2016-2184,bsc#971125).
- Backport patches from SLE12-SP1-ARM
- PCI: thunder: Add PCIe host driver for ThunderX processors
- PCI: thunder: Add driver for ThunderX-pass{1,2} on-chip devices
- arm64: Add workaround for Cavium erratum 27456.
- Update numa patches to v15
- Update config files
- arm64: Update config files.
Enable
PCI_HOST_THUNDER_ECAM
PCI_HOST_THUNDER_PEM
- PCI: thunder: Add driver for ThunderX-pass{1,2} on-chip devices (fate#319484).
- PCI: thunder: Add PCIe host driver for ThunderX processors (fate#319484).
- PCI: generic: Expose pci_host_common_probe() for use by other drivers (fate#319484).
- PCI: generic: Add pci_host_common_probe(), based on gen_pci_probe() (fate#319484).
- PCI: generic: Move structure definitions to separate header file (fate#319484).
- arm64: Update numa patch set to v15
- [v15, 1/6] efi: ARM/arm64: ignore DT memory nodes instead of removing them (fate#319973).
- [v15,2/6] Documentation, dt, numa: dt bindings for NUMA (fate#319973).
- [v15,3/6] of, numa: Add NUMA of binding implementation (fate#319973).
- [v15,4/6] arm64: Move unflatten_device_tree() call earlier (fate#319973).
- [v15,6/6] arm64, mm, numa: Add NUMA balancing support for arm64 (fate#319973).
- [v15,5/6] arm64, numa: Add NUMA support for arm64 platforms (fate#319973).
- kabi/severities: ignore ip6_route_output symbol lost
It's inlined in 4.1.19.
- hda_jack_callback kabi fix for 4.1.19.
- net kabi fixes for 4.1.19.
- cgroup kabi fix for 4.1.19.
- Linux 4.1.19 (CVE-2016-2383 CVE-2016-2384 bsc#966684 bsc#966693 bsc#968018).
- ibmvnic: Fix ibmvnic_capability struct.
- Update config files: Modularize NF_REJECT_IPV4/V6
There is no reason why these helper modules should be built-in when
the rest of netfilter is built as modules.
- Disable Skylake support in intel_idle driver again (bsc#969582)
This turned out to bring a regression on some machines, unfortunately.
It should be addressed in the upstream at first.
- intel_idle: Skylake Client Support - updated (bsc#969582).
- intel_idle: Skylake Client Support (bsc#969582).
- intel_idle: allow idle states to be freeze-mode specific (bsc#969582).
- cuse: fix memory leak (bsc#969356, CVE-2015-1339).
- series.conf: move cxgb3 patch to network drivers section
- ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).
- ALSA: timer: Fix race between stop and interrupt (bsc#968018).
- ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018).
- ALSA: seq: Fix double port list deletion (bsc#968018).
- Update config files.
Enable CAVIUM_ERRATUM_27456
- arm64: Add workaround for Cavium erratum 27456.
- arm64: alternative: Provide if/else/endif assembler macros.
- arm64: alternative: Merge alternative-asm.h into alternative.h.
- config: arm64: compile xgene-slimpro as a module
- ALSA: hda - Apply clock gate workaround to Skylake, too (bsc#966137).
- ALSA: hda - disable dynamic clock gating on Broxton before reset (bsc#966137).
- ALSA: hda - Fix playback noise with 24/32 bit sample size on BXT (bsc#966137).
- drm/i915: Pin the ifbdev for the info->system_base GGTT mmapping (bsc#962866, bsc#966179).
- drm/i915: Fix failure paths around initial fbdev allocation (bsc#962866, bsc#966179).
- drm/i915: Fix double unref in intelfb_alloc failure path (bsc#962866, bsc#966179).
- kabi/severities: Ignore drivers/mfd/tps65218 and lpddr2_jedec_*
These are from 2 useless drivers that were removed, nobody needs
these symbols.
- Update s390x/vanilla config file: disable MFD_SYSCON.
- Ignore kabi of net/ceph/*, drivers/targets/* & co
The recent ARM64 patches brought kABI brekage on ceph and targets.
Ignore these changes, as they should be either in-kernel or a full
set of KMP.
- bpf: fix branch offset adjustment on backjumps after patching
ctx expansion (bsc#966684, CVE-2016-2383).
- Backport arm64 patches from SLE12-SP1-ARM
Add: libceph: fix scatterlist last_piece calculation (bsc#963746).
- Ignore dm-snapshot kABI changes
4.1.18 changed the signature slightly, but this isn't used anywhere else.
- Ignore kABI for crypto/*
4.1.18 changed the codes in crypto a lot, and also more will come in
near future, too. We support only our own crypto modules, so let's
ignore kABI changes to make our lives easier.
- kABI fixes for 4.1.18 thermal changes.
- kABI fixes for 4.1.18 drm changes.
- kABI fix for 4.1.18 ceph changes.
- Linux 4.1.18 (CVE-2016-0723 bsc#961500 bsc#962257).
- ptrace: being capable wrt a process requires mapped uids/gids (bsc#959709 bsc#960561 CVE-2015-8709).
- iw_cxgb3: Fix incorrectly returning error on success (bsc#966437, CVE-2015-8812).
- Update x86 config files: Enable Intel RAPL
This driver is useful when power caping is needed. It was enabled in
the SLE kernel 2 years ago.
- Update config files: Disable MFD_TPS65218
The TPS65218 is a power management IC for 32-bit ARM systems. Its
driver serves no purpose on other architectures. All sub-drivers were
already disabled anyway.
- ALSA: usb-audio: avoid freeing umidi object twice (CVE-2016-2384,bsc#966693).
- e1000e: Avoid divide by zero error (bsc#965125).
- e1000e: fix division by zero on jumbo MTUs (bsc#965125).
- e1000e: Fix tight loop implementation of systime read algorithm (bsc#965125).
- e1000e: fix systim issues (bsc#965125).
- Btrfs: teach backref walking about backrefs with underflowed (bsc#966259).
- fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765, CVE-2015-8785).
- Update s390x config files: CONFIG_ENCLOSURE_SERVICES
Per bsc#884701, CONFIG_ENCLOSURE_SERVICES isn't needed on S/390. It
was already disabled in SLE, so disable it in openSUSE too.
- libceph: fix scatterlist last_piece calculation (bsc#963746).
- Update config files: Disable CONFIG_DDR
CONFIG_DDR is selected automatically by drivers which need it. This
piece of helper code is useless in the absence of any such driver.
- kabi/severities: Drop inet_twsk_schedule symbol check
It's dropped from 4.1.17, but it's rather used only internally.
- Fix kABI for addition of unix_inflight to user_struct.
- Linux 4.1.17 (CVE-2015-7799 CVE-2015-7884 CVE-2015-8104
CVE-2015-8767 CVE-2016-2069 bsc#814440 bsc#951626
bsc#963767 bsc#954876 bsc#958504 bsc#960710
bsc#949936 bsc#954404 bsc#958439 bsc#961509
http://article.gmane.org/gmane.comp.security.oss.general/17908).
- sd: Optimal I/O size is in bytes, not sectors (bsc#961263).
- sd: Reject optimal transfer length smaller than page size (bsc#961263).
- netfilter: nf_nat_redirect: add missing NULL pointer check (CVE-2015-8787 bsc#963931).
- x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (bsc#963767, CVE-2016-2069).
- n_tty: Fix unsafe reference to "other" ldisc (bsc#961500 CVE-2016-0723).
- tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (bsc#961500 CVE-2016-0723).
- ocfs2: fix dlmglue deadlock issue(bsc#962257)
- Linux 4.1.16 (CVE-2015-7550 CVE-2015-7872 CVE-2015-8543
CVE-2015-8569 CVE-2015-8575 bsc#958951 bsc#951440 bsc#958886
bsc#959190 bsc#959399).
- ALSA: hda - Flush the pending probe work at remove (bsc#960710).
- sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (CVE-2015-8767 bsc#961509).
- HID: multitouch: fix input mode switching on some Elan panels (bsc#954532).
- HID: multitouch: Fetch feature reports on demand for Win8 devices (bsc#954532).
- Enable CONFIG_PINCTRL_CHERRYVIEW (bsc#954532)
Needed for recent tablets/laptops.
CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't be built as a module.
- hwrng: core - sleep interruptible in read (bsc#962597).
- Backport arm64 patches from SLE12-SP1-ARM.
- Add LIO clustered RBD backend (fate#318836)
- keys-fix-leak (bsc#962075, CVE-2016-0728).
- rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed
- rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file
- Fix kABI breakage for max_dev_sectors addition to queue_limits (bsc#961263).
- block/sd: Fix device-imposed transfer length limits (bsc#961263).
- block: bump BLK_DEF_MAX_SECTORS to 2560 (bsc#961263).
- Revert "block: remove artifical max_hw_sectors cap" (bsc#961263).
- rpm/constraints.in: Bump disk space requirements up a bit
Require 10GB on s390x, 20GB elsewhere.
- rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir
- Add RHEL to kernel-obs-build
- group-source-files: mark module.lds as devel file
ld: cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory
- rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags}
- rpm/kernel-binary.spec.in: Use parallel make in all invocations
Also, remove the lengthy comment, since we are using a standard rpm
macro now.
- rpm/kernel-binary.spec.in: Delete one more DEBUG_SECTION_MISMATCH assignment
- rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH
CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since
2.6.39 and is enabled in our configs.
- rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump
The kernel should not be added to the bootloader nor are there any KMPs.
- Obsolete compat-wireless, rts5229 and rts_pstor KMPs
These are found in SLE11-SP3, now replaced with the upstream drivers.
- rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bsc#865259)
- rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bsc#865096)
- Submitted by Dirk Mueller (dirkmueller)