diff options
Diffstat (limited to 'debian/patches')
14 files changed, 327 insertions, 169 deletions
diff --git a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch index 7f5da028c5..ef0201ec34 100644 --- a/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch +++ b/debian/patches/bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch @@ -1279,22 +1279,6 @@ upstream submission. at76_dbg(DBG_FW, "got it."); fwh = (struct at76_fw_header *)(fwe->fw->data); ---- a/drivers/net/wireless/atmel/atmel.c -+++ b/drivers/net/wireless/atmel/atmel.c -@@ -3820,12 +3820,8 @@ static int reset_atmel_card(struct net_d - strcpy(priv->firmware_id, "atmel_at76c502.bin"); - } - err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev); -- if (err != 0) { -- printk(KERN_ALERT -- "%s: firmware %s is missing, cannot continue.\n", -- dev->name, priv->firmware_id); -+ if (err != 0) - return err; -- } - } else { - int fw_index = 0; - int success = 0; --- a/drivers/net/wireless/broadcom/b43/main.c +++ b/drivers/net/wireless/broadcom/b43/main.c @@ -2245,19 +2245,8 @@ int b43_do_request_fw(struct b43_request @@ -1408,50 +1392,6 @@ upstream submission. if (cfg->ucode_api_min == cfg->ucode_api_max) { IWL_ERR(drv, "%s-%d is required\n", fw_name_pre, cfg->ucode_api_max); ---- a/drivers/net/wireless/intersil/orinoco/fw.c -+++ b/drivers/net/wireless/intersil/orinoco/fw.c -@@ -132,7 +132,6 @@ orinoco_dl_firmware(struct orinoco_priva - err = request_firmware(&fw_entry, firmware, priv->dev); - - if (err) { -- dev_err(dev, "Cannot find firmware %s\n", firmware); - err = -ENOENT; - goto free; - } -@@ -292,10 +291,8 @@ symbol_dl_firmware(struct orinoco_privat - const struct firmware *fw_entry; - - if (!orinoco_cached_fw_get(priv, true)) { -- if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) { -- dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw); -+ if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) - return -ENOENT; -- } - } else - fw_entry = orinoco_cached_fw_get(priv, true); - -@@ -311,10 +308,8 @@ symbol_dl_firmware(struct orinoco_privat - } - - if (!orinoco_cached_fw_get(priv, false)) { -- if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) { -- dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw); -+ if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) - return -ENOENT; -- } - } else - fw_entry = orinoco_cached_fw_get(priv, false); - ---- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c -@@ -1708,7 +1708,6 @@ static int ezusb_probe(struct usb_interf - if (ezusb_firmware_download(upriv, &firmware) < 0) - goto error; - } else { -- err("No firmware to download"); - goto error; - } - --- a/drivers/net/wireless/intersil/p54/p54pci.c +++ b/drivers/net/wireless/intersil/p54/p54pci.c @@ -502,7 +502,6 @@ static void p54p_firmware_step2(const st @@ -1637,17 +1577,6 @@ upstream submission. if (fw->size % 4) { wl1271_error("firmware size is not multiple of 32 bits: %zu", ---- a/drivers/net/wireless/zydas/zd1201.c -+++ b/drivers/net/wireless/zydas/zd1201.c -@@ -62,8 +62,6 @@ static int zd1201_fw_upload(struct usb_d - - err = request_firmware(&fw_entry, fwfile, &dev->dev); - if (err) { -- dev_err(&dev->dev, "Failed to load %s firmware file!\n", fwfile); -- dev_err(&dev->dev, "Make sure the hotplug firmware loader is installed.\n"); - dev_err(&dev->dev, "Goto http://linux-lc100020.sourceforge.net for more info.\n"); - return err; - } --- a/drivers/net/wireless/zydas/zd1211rw/zd_usb.c +++ b/drivers/net/wireless/zydas/zd1211rw/zd_usb.c @@ -107,16 +107,9 @@ static void int_urb_complete(struct urb diff --git a/debian/patches/bugfix/all/tipc-fix-UAF-in-error-path.patch b/debian/patches/bugfix/all/tipc-fix-UAF-in-error-path.patch new file mode 100644 index 0000000000..b21318ecce --- /dev/null +++ b/debian/patches/bugfix/all/tipc-fix-UAF-in-error-path.patch @@ -0,0 +1,141 @@ +From: Paolo Abeni <pabeni@redhat.com> +Date: Tue, 30 Apr 2024 15:53:37 +0200 +Subject: tipc: fix UAF in error path +Origin: https://git.kernel.org/linus/080cbb890286cd794f1ee788bbc5463e2deb7c2b + +Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported +a UAF in the tipc_buf_append() error path: + +BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0 +linux/net/core/skbuff.c:1183 +Read of size 8 at addr ffff88804d2a7c80 by task poc/8034 + +CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS +1.16.0-debian-1.16.0-5 04/01/2014 +Call Trace: + <IRQ> + __dump_stack linux/lib/dump_stack.c:88 + dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106 + print_address_description linux/mm/kasan/report.c:377 + print_report+0xc4/0x620 linux/mm/kasan/report.c:488 + kasan_report+0xda/0x110 linux/mm/kasan/report.c:601 + kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 + skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026 + skb_release_all linux/net/core/skbuff.c:1094 + __kfree_skb linux/net/core/skbuff.c:1108 + kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144 + kfree_skb linux/./include/linux/skbuff.h:1244 + tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186 + tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324 + tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824 + tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159 + tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390 + udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108 + udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186 + udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346 + __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422 + ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205 + ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233 + NF_HOOK linux/./include/linux/netfilter.h:314 + NF_HOOK linux/./include/linux/netfilter.h:308 + ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254 + dst_input linux/./include/net/dst.h:461 + ip_rcv_finish linux/net/ipv4/ip_input.c:449 + NF_HOOK linux/./include/linux/netfilter.h:314 + NF_HOOK linux/./include/linux/netfilter.h:308 + ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569 + __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534 + __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648 + process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976 + __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576 + napi_poll linux/net/core/dev.c:6645 + net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781 + __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553 + do_softirq linux/kernel/softirq.c:454 + do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441 + </IRQ> + <TASK> + __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381 + local_bh_enable linux/./include/linux/bottom_half.h:33 + rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851 + __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378 + dev_queue_xmit linux/./include/linux/netdevice.h:3169 + neigh_hh_output linux/./include/net/neighbour.h:526 + neigh_output linux/./include/net/neighbour.h:540 + ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235 + __ip_finish_output linux/net/ipv4/ip_output.c:313 + __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295 + ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323 + NF_HOOK_COND linux/./include/linux/netfilter.h:303 + ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433 + dst_output linux/./include/net/dst.h:451 + ip_local_out linux/net/ipv4/ip_output.c:129 + ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492 + udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963 + udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250 + inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850 + sock_sendmsg_nosec linux/net/socket.c:730 + __sock_sendmsg linux/net/socket.c:745 + __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191 + __do_sys_sendto linux/net/socket.c:2203 + __se_sys_sendto linux/net/socket.c:2199 + __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199 + do_syscall_x64 linux/arch/x86/entry/common.c:52 + do_syscall_64+0xd8/0x270 linux/arch/x86/entry/common.c:83 + entry_SYSCALL_64_after_hwframe+0x6f/0x77 linux/arch/x86/entry/entry_64.S:120 +RIP: 0033:0x7f3434974f29 +Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 +89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d +01 f0 ff ff 73 01 c3 48 8b 0d 37 8f 0d 00 f7 d8 64 89 01 48 +RSP: 002b:00007fff9154f2b8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c +RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3434974f29 +RDX: 00000000000032c8 RSI: 00007fff9154f300 RDI: 0000000000000003 +RBP: 00007fff915532e0 R08: 00007fff91553360 R09: 0000000000000010 +R10: 0000000000000000 R11: 0000000000000212 R12: 000055ed86d261d0 +R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 + </TASK> + +In the critical scenario, either the relevant skb is freed or its +ownership is transferred into a frag_lists. In both cases, the cleanup +code must not free it again: we need to clear the skb reference earlier. + +Fixes: 1149557d64c9 ("tipc: eliminate unnecessary linearization of incoming buffers") +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-23852 +Acked-by: Xin Long <lucien.xin@gmail.com> +Signed-off-by: Paolo Abeni <pabeni@redhat.com> +Reviewed-by: Eric Dumazet <edumazet@google.com> +Link: https://lore.kernel.org/r/752f1ccf762223d109845365d07f55414058e5a3.1714484273.git.pabeni@redhat.com +Signed-off-by: Jakub Kicinski <kuba@kernel.org> +--- + net/tipc/msg.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/net/tipc/msg.c b/net/tipc/msg.c +index 5c9fd4791c4b..9a6e9bcbf694 100644 +--- a/net/tipc/msg.c ++++ b/net/tipc/msg.c +@@ -156,6 +156,11 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) + if (!head) + goto err; + ++ /* Either the input skb ownership is transferred to headskb ++ * or the input skb is freed, clear the reference to avoid ++ * bad access on error path. ++ */ ++ *buf = NULL; + if (skb_try_coalesce(head, frag, &headstolen, &delta)) { + kfree_skb_partial(frag, headstolen); + } else { +@@ -179,7 +184,6 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) + *headbuf = NULL; + return 1; + } +- *buf = NULL; + return 0; + err: + kfree_skb(*buf); +-- +2.43.0 + diff --git a/debian/patches/bugfix/all/tipc-fix-a-possible-memleak-in-tipc_buf_append.patch b/debian/patches/bugfix/all/tipc-fix-a-possible-memleak-in-tipc_buf_append.patch new file mode 100644 index 0000000000..0b0ac04c6e --- /dev/null +++ b/debian/patches/bugfix/all/tipc-fix-a-possible-memleak-in-tipc_buf_append.patch @@ -0,0 +1,38 @@ +From: Xin Long <lucien.xin@gmail.com> +Date: Tue, 30 Apr 2024 10:03:38 -0400 +Subject: tipc: fix a possible memleak in tipc_buf_append +Origin: https://git.kernel.org/linus/97bf6f81b29a8efaf5d0983251a7450e5794370d + +__skb_linearize() doesn't free the skb when it fails, so move +'*buf = NULL' after __skb_linearize(), so that the skb can be +freed on the err path. + +Fixes: b7df21cf1b79 ("tipc: skb_linearize the head skb when reassembling msgs") +Reported-by: Paolo Abeni <pabeni@redhat.com> +Signed-off-by: Xin Long <lucien.xin@gmail.com> +Reviewed-by: Simon Horman <horms@kernel.org> +Reviewed-by: Tung Nguyen <tung.q.nguyen@dektech.com.au> +Link: https://lore.kernel.org/r/90710748c29a1521efac4f75ea01b3b7e61414cf.1714485818.git.lucien.xin@gmail.com +Signed-off-by: Jakub Kicinski <kuba@kernel.org> +--- + net/tipc/msg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/tipc/msg.c b/net/tipc/msg.c +index 9a6e9bcbf694..76284fc538eb 100644 +--- a/net/tipc/msg.c ++++ b/net/tipc/msg.c +@@ -142,9 +142,9 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) + if (fragid == FIRST_FRAGMENT) { + if (unlikely(head)) + goto err; +- *buf = NULL; + if (skb_has_frag_list(frag) && __skb_linearize(frag)) + goto err; ++ *buf = NULL; + frag = skb_unshare(frag, GFP_ATOMIC); + if (unlikely(!frag)) + goto err; +-- +2.43.0 + diff --git a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch index abc4cc2bd0..a9a3ce9606 100644 --- a/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch +++ b/debian/patches/debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch @@ -3,6 +3,7 @@ Date: Tue, 28 Mar 2017 16:55:05 +0200 Subject: btrfs: warn about RAID5/6 being experimental at mount time Bug-Debian: https://bugs.debian.org/863290 Origin: https://bugs.debian.org/863290#5 +Forwarded: https://lore.kernel.org/linux-btrfs/4105665.mVaztBssJx@bagend/ Too many people come complaining about losing their data -- and indeed, there's no warning outside a wiki and the mailing list tribal knowledge. @@ -13,16 +14,23 @@ Signed-off-by: Adam Borowski <kilobyte@angband.pl> [bwh: Also add_taint() so this is flagged in bug reports] [2023-01-10: still accurate according to btrfs-progs own manpage: https://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git/commit/?id=922797e15590b836e377d6dc47b828356cafc2a9] +[2024-03-17: still accurate; manpage is now in Documentation/btrfs-man5.rst +implementation went from disk-io.c to super.c; forwarded the issue] --- - fs/btrfs/disk-io.c | 8 ++++++++ - 1 file changed, 8 insertions(+) + fs/btrfs/super.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) ---- a/fs/btrfs/disk-io.c -+++ b/fs/btrfs/disk-io.c -@@ -3832,6 +3832,15 @@ int __cold open_ctree(struct super_block *sb, - btrfs_set_and_info(fs_info, SSD, "enabling ssd optimizations"); - } +diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c +index 101f786963d4..2c409bce1bf5 100644 +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -731,6 +731,18 @@ static void set_device_specific_options(struct btrfs_fs_info *fs_info) + !fs_info->fs_devices->rotating) + btrfs_set_opt(fs_info->mount_opt, SSD); ++ /* ++ * Warn about RAID5/6 being experimental at mount time ++ */ + if ((fs_info->avail_data_alloc_bits | + fs_info->avail_metadata_alloc_bits | + fs_info->avail_system_alloc_bits) & diff --git a/debian/patches/debian/documentation-drop-sphinx-version-check.patch b/debian/patches/debian/documentation-drop-sphinx-version-check.patch index 7e1260c93c..cb74a8115b 100644 --- a/debian/patches/debian/documentation-drop-sphinx-version-check.patch +++ b/debian/patches/debian/documentation-drop-sphinx-version-check.patch @@ -10,15 +10,15 @@ Forwarded: not-needed --- a/Documentation/Makefile +++ b/Documentation/Makefile -@@ -98,7 +98,6 @@ quiet_cmd_sphinx = SPHINX $@ --> file://$(abspath $(BUILDDIR)/$3/$4) - fi +@@ -112,7 +112,6 @@ $(YNL_RST_DIR)/%.rst: $(YNL_YAML_DIR)/%.yaml $(YNL_TOOL) + htmldocs texinfodocs latexdocs epubdocs xmldocs: $(YNL_INDEX) htmldocs: - @$(srctree)/scripts/sphinx-pre-install --version-check @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,html,$(var),,$(var))) # If Rust support is available and .config exists, add rustdoc generated contents. -@@ -112,7 +111,6 @@ endif +@@ -128,7 +127,6 @@ endif endif texinfodocs: @@ -26,7 +26,7 @@ Forwarded: not-needed @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,texinfo,$(var),texinfo,$(var))) # Note: the 'info' Make target is generated by sphinx itself when -@@ -124,7 +122,6 @@ linkcheckdocs: +@@ -140,7 +138,6 @@ linkcheckdocs: @$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,linkcheck,$(var),,$(var))) latexdocs: @@ -34,7 +34,7 @@ Forwarded: not-needed @+$(foreach var,$(SPHINXDIRS),$(call loop_cmd,sphinx,latex,$(var),latex,$(var))) ifeq ($(HAVE_PDFLATEX),0) -@@ -136,7 +133,6 @@ pdfdocs: +@@ -152,7 +149,6 @@ pdfdocs: else # HAVE_PDFLATEX pdfdocs: latexdocs @@ -42,7 +42,7 @@ Forwarded: not-needed $(foreach var,$(SPHINXDIRS), \ $(MAKE) PDFLATEX="$(PDFLATEX)" LATEXOPTS="$(LATEXOPTS)" -C $(BUILDDIR)/$(var)/latex || exit; \ mkdir -p $(BUILDDIR)/$(var)/pdf; \ -@@ -146,11 +142,9 @@ pdfdocs: latexdocs +@@ -160,11 +156,9 @@ pdfdocs: latexdocs endif # HAVE_PDFLATEX epubdocs: diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch index 4e4238c314..eeb02a66de 100644 --- a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch +++ b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch @@ -22,11 +22,11 @@ Export the currently un-exported symbols they depend on. --- a/fs/file.c +++ b/fs/file.c -@@ -816,6 +816,7 @@ struct file *close_fd_get_file(unsigned +@@ -816,6 +816,7 @@ struct file *file_close_fd(unsigned return file; } -+EXPORT_SYMBOL_GPL(close_fd_get_file); ++EXPORT_SYMBOL_GPL(file_close_fd); void do_close_on_exec(struct files_struct *files) { diff --git a/debian/patches/debian/gitignore.patch b/debian/patches/debian/gitignore.patch index 3f7334b812..b9642ba35a 100644 --- a/debian/patches/debian/gitignore.patch +++ b/debian/patches/debian/gitignore.patch @@ -21,7 +21,7 @@ Index: linux/.gitignore # # Snap directory (make snap-pkg) # -@@ -91,18 +86,6 @@ modules.order +@@ -91,19 +86,6 @@ modules.order # /tar-install/ @@ -30,6 +30,7 @@ Index: linux/.gitignore -# -!.clang-format -!.cocciconfig +-!.editorconfig -!.get_maintainer.ignore -!.gitattributes -!.gitignore diff --git a/debian/patches/debian/mips-disable-werror.patch b/debian/patches/debian/mips-disable-werror.patch deleted file mode 100644 index 52231cc447..0000000000 --- a/debian/patches/debian/mips-disable-werror.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Ben Hutchings <ben@decadent.org.uk> -Date: Mon, 13 Sep 2010 02:16:18 +0100 -Subject: [PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild" -Forwarded: not-needed - -This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and -5373633cc9253ba82547473e899cab141c54133e. - -We really don't want to add -Werror anywhere. ---- ---- a/arch/mips/Kbuild -+++ b/arch/mips/Kbuild -@@ -1,10 +1,4 @@ - # SPDX-License-Identifier: GPL-2.0 --# Fail on warnings - also for files referenced in subdirs --# -Werror can be disabled for specific files using: --# CFLAGS_<file.o> := -Wno-error --ifeq ($(W),) --subdir-ccflags-y := -Werror --endif - - # platform specific definitions - include $(srctree)/arch/mips/Kbuild.platforms diff --git a/debian/patches/debian/yama-disable-by-default.patch b/debian/patches/debian/yama-disable-by-default.patch index c33ac0c9d6..3458714a24 100644 --- a/debian/patches/debian/yama-disable-by-default.patch +++ b/debian/patches/debian/yama-disable-by-default.patch @@ -12,7 +12,7 @@ diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index efac68556b45..95ff3e778a17 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c -@@ -28,7 +28,7 @@ +@@ -25,7 +25,7 @@ #define YAMA_SCOPE_CAPABILITY 2 #define YAMA_SCOPE_NO_ATTACH 3 @@ -21,12 +21,12 @@ index efac68556b45..95ff3e778a17 100644 /* describe a ptrace relationship for potential exception */ struct ptrace_relation { -@@ -481,7 +481,7 @@ static inline void yama_init_sysctl(void) { } +@@ -476,7 +476,7 @@ static inline void yama_init_sysctl(void) { } static int __init yama_init(void) { - pr_info("Yama: becoming mindful.\n"); + pr_info("Yama: disabled by default; enable with sysctl kernel.yama.*\n"); - security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), "yama"); + security_add_hooks(yama_hooks, ARRAY_SIZE(yama_hooks), &yama_lsmid); yama_init_sysctl(); return 0; diff --git a/debian/patches/features/all/driver-core-Emit-reason-for-pending-deferred-probe.patch b/debian/patches/features/all/driver-core-Emit-reason-for-pending-deferred-probe.patch deleted file mode 100644 index 4c4be6b22a..0000000000 --- a/debian/patches/features/all/driver-core-Emit-reason-for-pending-deferred-probe.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> -Date: Wed, 22 Nov 2023 10:33:33 +0100 -Subject: driver core: Emit reason for pending deferred probe -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=7c41da586e9f45bf8842b4dca08681df8d586ebb - -Ending a boot log with - - platform 3f202000.mmc: deferred probe pending - -is already a nice hint about the problem. Sometimes there is a more -detailed error indicator available, add that to the output. - -Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> -Link: https://lore.kernel.org/r/20231122093332.274145-2-u.kleine-koenig@pengutronix.de -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/base/dd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/base/dd.c b/drivers/base/dd.c -index 0c3725c3eefa..85152537dbf1 100644 ---- a/drivers/base/dd.c -+++ b/drivers/base/dd.c -@@ -313,7 +313,7 @@ static void deferred_probe_timeout_work_func(struct work_struct *work) - - mutex_lock(&deferred_probe_mutex); - list_for_each_entry(p, &deferred_probe_pending_list, deferred_probe) -- dev_info(p->device, "deferred probe pending\n"); -+ dev_info(p->device, "deferred probe pending: %s", p->deferred_probe_reason ?: "(reason unknown)\n"); - mutex_unlock(&deferred_probe_mutex); - - fw_devlink_probing_done(); --- -2.43.0 - diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch index 3a10822b3b..d224208d4e 100644 --- a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -26,7 +26,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -902,6 +902,8 @@ void __init setup_arch(char **cmdline_p) +@@ -900,6 +900,8 @@ void __init setup_arch(char **cmdline_p) if (efi_enabled(EFI_BOOT)) efi_init(); @@ -67,17 +67,17 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> default: --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -486,6 +486,7 @@ int security_inode_notifysecctx(struct i - int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); - int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +@@ -496,6 +496,7 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); + int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len, + void *val, size_t val_len, u64 id, u64 flags); +int lock_kernel_down(const char *where, enum lockdown_reason level); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1404,6 +1405,11 @@ static inline int security_locked_down(e +@@ -1439,6 +1440,11 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, { - return 0; + return -EOPNOTSUPP; } +static inline int +lock_kernel_down(const char *where, enum lockdown_reason level) @@ -110,7 +110,7 @@ Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> + triggered in integrity mode if EFI Secure Boot is set. --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c -@@ -23,7 +23,7 @@ static const enum lockdown_reason lockdo +@@ -24,7 +24,7 @@ static const enum lockdown_reason lockdo /* * Put the kernel into lock-down mode. */ diff --git a/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch b/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch new file mode 100644 index 0000000000..dd7c02e005 --- /dev/null +++ b/debian/patches/features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch @@ -0,0 +1,98 @@ +From: "Christoph Lameter (Ampere)" <cl@gentwo.org> +Date: Wed, 6 Mar 2024 17:45:04 -0800 +Subject: ARM64: Dynamically allocate cpumasks and increase supported CPUs to + 512 +Forwarded: https://lore.kernel.org/lkml/37099a57-b655-3b3a-56d0-5f7fbd49d7db@gentwo.org/ +Applied-Upstream: 3fbd56f0e7c14e7c7a7597fd4a368753fe70d76f + + [ a.k.a. Revert "Revert "ARM64: Dynamically allocate cpumasks and + increase supported CPUs to 512""; originally reverted because of a + bug in the cpufreq-dt code not using zalloc_cpumask_var() ] + +Currently defconfig selects NR_CPUS=256, but some vendors (e.g. Ampere +Computing) are planning to ship systems with 512 CPUs. So that all CPUs on +these systems can be used with defconfig, we'd like to bump NR_CPUS to 512. +Therefore this patch increases the default NR_CPUS from 256 to 512. + +As increasing NR_CPUS will increase the size of cpumasks, there's a fear that +this might have a significant impact on stack usage due to code which places +cpumasks on the stack. To mitigate that concern, we can select +CPUMASK_OFFSTACK. As that doesn't seem to be a problem today with +NR_CPUS=256, we only select this when NR_CPUS > 256. + +CPUMASK_OFFSTACK configures the cpumasks in the kernel to be +dynamically allocated. This was used in the X86 architecture in the +past to enable support for larger CPU configurations up to 8k cpus. + +With that is becomes possible to dynamically size the allocation of +the cpu bitmaps depending on the quantity of processors detected on +bootup. Memory used for cpumasks will increase if the kernel is +run on a machine with more cores. + +Further increases may be needed if ARM processor vendors start +supporting more processors. Given the current inflationary trends +in core counts from multiple processor manufacturers this may occur. + +There are minor regressions for hackbench. The kernel data size +for 512 cpus is smaller with offstack than with onstack. + +Benchmark results using hackbench average over 10 runs of + + hackbench -s 512 -l 2000 -g 15 -f 25 -P + +on Altra 80 Core + +Support for 256 CPUs on stack. Baseline + + 7.8564 sec + +Support for 512 CUs on stack. + + 7.8713 sec + 0.18% + +512 CPUS offstack + + 7.8916 sec + 0.44% + +Kernel size comparison: + + text data filename Difference to onstack256 baseline +25755648 9589248 vmlinuz-6.8.0-rc4-onstack256 +25755648 9607680 vmlinuz-6.8.0-rc4-onstack512 +0.19% +25755648 9603584 vmlinuz-6.8.0-rc4-offstack512 +0.14% + +Tested-by: Eric Mackay <eric.mackay@oracle.com> +Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> +Signed-off-by: Christoph Lameter (Ampere) <cl@linux.com> +Acked-by: Mark Rutland <mark.rutland@arm.com> +Link: https://lore.kernel.org/r/37099a57-b655-3b3a-56d0-5f7fbd49d7db@gentwo.org +Link: https://lore.kernel.org/r/20240314125457.186678-1-m.szyprowski@samsung.com +[catalin.marinas@arm.com: use 'select' instead of duplicating 'config CPUMASK_OFFSTACK'] +Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> +--- + arch/arm64/Kconfig | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 4869265ace2ddd..a03de40bd4cd7c 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -120,6 +120,7 @@ config ARM64 + select CLONE_BACKWARDS + select COMMON_CLK + select CPU_PM if (SUSPEND || CPU_IDLE) ++ select CPUMASK_OFFSTACK if NR_CPUS > 256 + select CRC32 + select DCACHE_WORD_ACCESS + select DYNAMIC_FTRACE if FUNCTION_TRACER +@@ -1430,7 +1431,7 @@ config SCHED_SMT + config NR_CPUS + int "Maximum number of CPUs (2-4096)" + range 2 4096 +- default "256" ++ default "512" + + config HOTPLUG_CPU + bool "Support for hot-pluggable CPUs" +-- +cgit 1.2.3-korg diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch index c77b75f36d..55f43dcd32 100644 --- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch +++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch @@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -6410,6 +6410,10 @@ +@@ -6468,6 +6468,10 @@ later by a loaded module cannot be set this way. Example: sysctl.vm.swappiness=40 @@ -42,7 +42,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Ignore sysrq setting - this boot parameter will --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -3024,6 +3024,14 @@ config COMPAT_32 +@@ -3052,6 +3052,14 @@ config COMPAT_32 select HAVE_UID16 select OLD_SIGSUSPEND3 @@ -59,14 +59,14 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> depends on IA32_EMULATION || X86_X32_ABI --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c -@@ -63,7 +63,7 @@ static __always_inline bool do_syscall_x +@@ -64,7 +64,7 @@ static __always_inline bool do_syscall_x */ unsigned int xnr = nr - __X32_SYSCALL_BIT; - if (IS_ENABLED(CONFIG_X86_X32_ABI) && likely(xnr < X32_NR_syscalls)) { + if (IS_ENABLED(CONFIG_X86_X32_ABI) && unlikely(x32_enabled) && likely(xnr < X32_NR_syscalls)) { xnr = array_index_nospec(xnr, X32_NR_syscalls); - regs->ax = x32_sys_call_table[xnr](regs); + regs->ax = x32_sys_call(regs, xnr); return true; --- a/arch/x86/entry/syscall_x32.c +++ b/arch/x86/entry/syscall_x32.c @@ -80,9 +80,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> #include <linux/syscalls.h> #include <asm/syscall.h> -@@ -16,3 +19,46 @@ - asmlinkage const sys_call_ptr_t x32_sys_call_table[] = { - #include <asm/syscalls_x32.h> +@@ -20,3 +23,46 @@ + default: return __x64_sys_ni_syscall(regs); + } }; + +/* Maybe enable x32 syscalls */ @@ -139,10 +139,10 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> typedef unsigned long elf_greg_t; -@@ -150,7 +153,8 @@ do { \ +@@ -151,7 +154,8 @@ do { \ #define compat_elf_check_arch(x) \ - ((elf_check_arch_ia32(x) && ia32_enabled()) || \ + ((elf_check_arch_ia32(x) && ia32_enabled_verbose()) || \ - (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) + (IS_ENABLED(CONFIG_X86_X32_ABI) && x32_enabled && \ + (x)->e_machine == EM_X86_64)) @@ -159,9 +159,9 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk> #include <asm/thread_info.h> /* for TS_COMPAT */ #include <asm/unistd.h> -@@ -30,6 +31,18 @@ extern const sys_call_ptr_t ia32_sys_cal - extern const sys_call_ptr_t x32_sys_call_table[]; - #endif +@@ -28,6 +29,18 @@ extern const sys_call_ptr_t ia32_sys_cal + extern long x32_sys_call(const struct pt_regs *, unsigned int nr); + extern long x64_sys_call(const struct pt_regs *, unsigned int nr); +#if defined(CONFIG_X86_X32_ABI) +#if defined(CONFIG_X86_X32_DISABLED) diff --git a/debian/patches/series b/debian/patches/series index 8c1ff52363..ea40c9ec6a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,7 +10,6 @@ debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch debian/version.patch debian/uname-version-timestamp.patch debian/kernelvariables.patch -debian/mips-disable-werror.patch debian/mips-boston-disable-its.patch debian/mips-ieee754-relaxed.patch debian/arch-sh4-fix-uimage-build.patch @@ -72,13 +71,13 @@ bugfix/alpha/alpha-fix-missing-symbol-versions-for-str-n-cat-cpy.patch # Arch features features/x86/x86-memtest-WARN-if-bad-RAM-found.patch features/x86/x86-make-x32-syscall-support-conditional.patch +features/arm64/arm64-dynamically-allocate-cpumasks-and-increase-supported-cpus-to-512.patch # Miscellaneous bug fixes bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch # Miscellaneous features -features/all/driver-core-Emit-reason-for-pending-deferred-probe.patch # Lockdown missing pieces features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch @@ -94,6 +93,8 @@ features/all/db-mok-keyring/trust-machine-keyring-by-default.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch +bugfix/all/tipc-fix-UAF-in-error-path.patch +bugfix/all/tipc-fix-a-possible-memleak-in-tipc_buf_append.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch |