...
 
Commits (485)
!/patches
!*.patch
!*.diff
*.debhelper*
*.local
*.pyc
*.substvars
*-di
/build/
/config.defines.dump
/control
/control.md5sum
/files
/linux-*
/po/
/rules.gen
/stamps/
/xen-linux-system-*
......@@ -6,7 +6,7 @@ Patches
Debian applies small changes to the kernel source. These are split up into
separated patches addressing individual problems. Each of the patch files
contains a description and mentions the author. The patches can be found
at http://svn.debian.org/wsvn/kernel/dists/trunk/linux/debian/patches/.
at https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches.
Config Files
------------
......
......@@ -15,7 +15,7 @@ Updating the upstream source
installed)
3) Unpack linux_<version>.orig.tar.gz, cd into the new directory,
and do a 'svn export' to get the debian/ subdirectory.
and do a 'git archive' to get the debian/ subdirectory.
Alternatively unpack using "make -f debian/rules orig".
(the orig target of the Makefiles requires rsync)
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -21,6 +21,7 @@ from debian_linux.debian import *
default_url_base = "http://ftp.de.debian.org/debian/"
default_url_base_incoming = "http://incoming.debian.org/"
default_url_base_ports = "http://ftp.debian-ports.org/debian/"
default_url_base_security = "http://security.debian.org/"
class url_debian_flat(object):
......@@ -46,6 +47,11 @@ class url_debian_ports_pool(url_debian_pool):
return self.base + "pool-" + arch + "/main/" + source[0] + "/" + source + "/" + filename
class url_debian_security_pool(url_debian_pool):
def __call__(self, source, filename, arch):
return self.base + "pool/updates/main/" + source[0] + "/" + source + "/" + filename
class Main(object):
dir = None
......@@ -113,13 +119,10 @@ class Main(object):
return version_abi, s
def get_config(self):
filename = "linux-support-%s_%s_all.deb" % (self.version_abi, self.version_source)
f = self.retrieve_package(self.url_config, filename, 'all')
d = self.extract_package(f, "linux-support")
c = d + "/usr/src/linux-support-" + self.version_abi + "/config.defines.dump"
config = ConfigCoreDump(fp=open(c, "rb"))
shutil.rmtree(d)
return config
# XXX We used to fetch the previous version of linux-support here,
# but until we authenticate downloads we should not do that as
# pickle.load allows running arbitrary code.
return self.config
def retrieve_package(self, url, filename, arch):
u = url(self.source, filename, arch)
......@@ -190,9 +193,11 @@ if __name__ == '__main__':
options.add_option("-i", "--incoming", action="store_true", dest="incoming")
options.add_option("--incoming-config", action="store_true", dest="incoming_config")
options.add_option("--ports", action="store_true", dest="ports")
options.add_option("--security", action="store_true", dest="security")
options.add_option("-u", "--url-base", dest="url_base", default=default_url_base)
options.add_option("--url-base-incoming", dest="url_base_incoming", default=default_url_base_incoming)
options.add_option("--url-base-ports", dest="url_base_ports", default=default_url_base_ports)
options.add_option("--url-base-security", dest="url_base_security", default=default_url_base_security)
opts, args = options.parse_args()
......@@ -207,11 +212,14 @@ if __name__ == '__main__':
url_base = url_debian_pool(opts.url_base)
url_base_incoming = url_debian_flat(opts.url_base_incoming)
url_base_ports = url_debian_ports_pool(opts.url_base_ports)
url_base_security = url_debian_security_pool(opts.url_base_security)
if opts.incoming_config:
url = url_config = url_base_incoming
else:
url_config = url_base
if opts.incoming:
if opts.security:
url = url_base_security
elif opts.incoming:
url = url_base_incoming
elif opts.ports:
url = url_base_ports
......
#!/bin/bash -eu
if [ $# -ne 2 ]; then
echo >&2 "Usage: $0 REPO VERSION"
echo >&2 "REPO is the git repository to generate a changelog from"
echo >&2 "VERSION is the stable version (without leading v)"
exit 2
fi
# Get base version, i.e. the stable release that a branch started from
base_version() {
local ver
ver="${1%-rc*}"
case "$ver" in
*-ckt*)
ver="${ver%-*}"
;;
esac
echo "$ver"
}
add_update() {
local base update
base="$(base_version "$1")"
update="${1#$base-ckt}"
if [ "$update" = "$1" ]; then
update=0
fi
update="$((update + $2))"
if [ $update = 0 ]; then
echo "$base"
else
echo "$base-ckt$update"
fi
}
# Get next stable update version
next_update() {
add_update "$1" 1
}
export GIT_DIR="$1/.git"
new_ver="$2"
cur_pkg_ver="$(dpkg-parsechangelog | sed -n 's/^Version: //p')"
cur_ver="${cur_pkg_ver%-*}"
if [ "$(base_version "$new_ver")" != "$(base_version "$cur_ver")" ]; then
echo >&2 "$new_ver is not on the same stable series as $cur_ver"
exit 2
fi
case "$cur_pkg_ver" in
*~exp*)
new_pkg_ver="$new_ver-1~exp1"
;;
*)
new_pkg_ver="$new_ver-1"
;;
esac
# dch insists on word-wrapping everything, so just add the first line initially
dch -v "$new_pkg_ver" --preserve --multimaint-merge -D UNRELEASED \
--release-heuristic=changelog 'New upstream stable update:'
# Then append the shortlogs with sed
sed -i '1,/^ --/ { /New upstream stable update:/ { a\
'"$(
while [ "v$cur_ver" != "v$new_ver" ]; do
next_ver="$(next_update "$cur_ver")"
echo " http://kernel.ubuntu.com/stable/ChangeLog-$next_ver\\"
git log --reverse --pretty=' - %s\' "v$cur_ver..v$next_ver^"
cur_ver="$next_ver"
done)"'
} }' debian/changelog
......@@ -490,6 +490,9 @@ class Gencontrol(Base):
if distribution in ('experimental', ):
if not version.linux_revision_experimental:
raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version))
if distribution.endswith('-security') or distribution.endswith('-lts'):
if version.linux_revision_backports or version.linux_revision_other:
raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version))
if distribution.endswith('-backports'):
if not version.linux_revision_backports:
raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version))
......
#!/usr/bin/python
from __future__ import print_function
import sys
sys.path.append(sys.path[0] + "/../lib/python")
import os, re, subprocess
from debian_linux.debian import Changelog, VersionLinux
def base_version(ver):
# Assume base version is at least 3.0, thus only 2 components wanted
match = re.match(r'^(\d+\.\d+)', ver)
assert match
return match.group(1)
def add_update(ver, inc):
base = base_version(ver)
if base == ver:
update = 0
else:
update = int(ver[len(base)+1:])
update += inc
if update == 0:
return base
else:
return '{}.{}'.format(base, update)
def next_update(ver):
return add_update(ver, 1)
def print_stable_log(log, cur_ver, new_ver):
major_ver = re.sub(r'^(\d+)\..*', r'\1', cur_ver)
while cur_ver != new_ver:
next_ver = next_update(cur_ver)
print(' https://www.kernel.org/pub/linux/kernel/v{}.x/ChangeLog-{}'
.format(major_ver, next_ver),
file=log)
log.flush() # serialise our output with git's
subprocess.check_call(['git', 'log', '--reverse',
'--pretty= - %s',
'v{}..v{}^'.format(cur_ver, next_ver)],
stdout=log)
cur_ver = next_ver
def main(repo, new_ver):
os.environ['GIT_DIR'] = repo + '/.git'
changelog = Changelog(version=VersionLinux)
cur_pkg_ver = changelog[0].version
cur_ver = cur_pkg_ver.linux_upstream_full
if base_version(new_ver) != base_version(cur_ver):
print('{} is not on the same stable series as {}'
.format(new_ver, cur_ver),
file=sys.stderr)
sys.exit(2)
new_pkg_ver = new_ver + '-1'
if cur_pkg_ver.linux_revision_experimental:
new_pkg_ver += '~exp1'
# Three possible cases:
# 1. The current version has been released so we need to add a new
# version to the changelog.
# 2. The current version has not been released so we're changing its
# version string.
# (a) There are no stable updates included in the current version,
# so we need to insert an introductory line, the URL(s) and
# git log(s) and a blank line at the top.
# (b) One or more stable updates are already included in the current
# version, so we need to insert the URL(s) and git log(s) after
# them.
changelog_intro = 'New upstream stable update:'
# Case 1
if changelog[0].distribution != 'UNRELEASED':
subprocess.check_call(['dch', '-v', new_pkg_ver, '-D', 'UNRELEASED',
changelog_intro])
with open('debian/changelog', 'r') as old_log:
with open('debian/changelog.new', 'w') as new_log:
line_no = 0
inserted = False
intro_line = ' * {}\n'.format(changelog_intro)
for line in old_log:
line_no += 1
# Case 2
if changelog[0].distribution == 'UNRELEASED' and line_no == 1:
print('{} ({}) UNRELEASED; urgency={}'
.format(changelog[0].source, new_pkg_ver,
changelog[0].urgency),
file=new_log)
continue
if not inserted:
# Case 2(a)
if line_no == 3 and line != intro_line:
new_log.write(intro_line)
print_stable_log(new_log, cur_ver, new_ver)
new_log.write('\n')
inserted = True
# Case 1 or 2(b)
elif line_no > 3 and line == '\n':
print_stable_log(new_log, cur_ver, new_ver)
inserted = True
# Check that we inserted before hitting the end of the
# first version entry
assert not (line.startswith(' -- ') and not inserted)
new_log.write(line)
os.rename('debian/changelog.new', 'debian/changelog')
if __name__ == '__main__':
if len(sys.argv) != 3:
print('''\
Usage: {} REPO VERSION"
REPO is the git repository to generate a changelog from
VERSION is the stable version (without leading v)'''.format(sys.argv[0]),
file=sys.stderr)
sys.exit(2)
main(*sys.argv[1:])
#!/bin/bash -eu
if [ $# -ne 2 ]; then
echo >&2 "Usage: $0 REPO VERSION"
echo >&2 "REPO is the git repository to generate a changelog from"
echo >&2 "VERSION is the stable version (without leading v)"
exit 2
fi
# Get base version, i.e. the Linus stable release that a version is based on
base_version() {
local ver
ver="${1%-rc*}"
case "$ver" in
2.6.*.* | [3-9].*.* | ??.*.*)
ver="${ver%.*}"
;;
esac
echo "$ver"
}
add_update() {
local base update
base="$(base_version "$1")"
update="${1#$base.}"
if [ "$update" = "$1" ]; then
update=0
fi
update="$((update + $2))"
if [ $update = 0 ]; then
echo "$base"
else
echo "$base.$update"
fi
}
# Get next stable update version
next_update() {
add_update "$1" 1
}
export GIT_DIR="$1/.git"
new_ver="$2"
cur_pkg_ver="$(dpkg-parsechangelog | sed -n 's/^Version: //p')"
cur_ver="${cur_pkg_ver%-*}"
if [ "$(base_version "$new_ver")" != "$(base_version "$cur_ver")" ]; then
echo >&2 "$new_ver is not on the same stable series as $cur_ver"
exit 2
fi
case "$cur_pkg_ver" in
*~exp*)
new_pkg_ver="$new_ver-1~exp1"
;;
*)
new_pkg_ver="$new_ver-1"
;;
esac
# dch insists on word-wrapping everything, so just add the URLs initially
dch -v "$new_pkg_ver" --preserve --multimaint-merge -D UNRELEASED \
--release-heuristic=changelog "$(
echo "New upstream stable update: "
while [ "v$cur_ver" != "v$new_ver" ]; do
cur_ver="$(next_update "$cur_ver")"
echo "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-$cur_ver"
done)"
# Then insert the shortlogs with sed
while [ "v$cur_ver" != "v$new_ver" ]; do
next_ver="$(next_update "$cur_ver")"
sed -i '/ChangeLog-'"${next_ver//./\\.}"'/a\
'"$(git log --reverse --pretty=' - %s\' "v$cur_ver..v$next_ver^")"'
' debian/changelog
cur_ver="$next_ver"
done
#!/bin/sh -e
exec "$(dirname "$0")/stable-update" "$@"
This diff is collapsed.
[base]
compiler: gcc-4.9
featuresets:
none
rt
......@@ -14,7 +15,7 @@ configs:
install-stem: vmlinuz
[relations]
headers%gcc-4.8: linux-compiler-gcc-4.8-x86
headers%gcc-4.9: linux-compiler-gcc-4.9-x86 (>= 3.16.51-3+deb8u2~), linux-kbuild-3.16 (>= 3.16.56-1)
[amd64_description]
hardware: 64-bit PCs
......
......@@ -3,6 +3,8 @@
##
CONFIG_ARCH_VEXPRESS=y
CONFIG_ARCH_XGENE=y
#. Until we decide how/whether to handle this in userland as well
# CONFIG_ARM64_ERRATUM_843419 is not set
CONFIG_SMP=y
CONFIG_XEN=y
CONFIG_COMPAT=y
......@@ -82,6 +84,7 @@ CONFIG_PHY_XGENE=m
##
## file: drivers/power/reset/Kconfig
##
CONFIG_POWER_RESET_SYSCON=y
CONFIG_POWER_RESET_VEXPRESS=y
CONFIG_POWER_RESET_XGENE=y
......@@ -116,6 +119,8 @@ CONFIG_SERIAL_8250_DW=y
##
## file: drivers/usb/host/Kconfig
##
CONFIG_USB_XHCI_HCD=m
CONFIG_USB_XHCI_PLATFORM=y
CONFIG_USB_EHCI_HCD=m
CONFIG_USB_EHCI_HCD_PLATFORM=m
CONFIG_USB_OHCI_HCD=m
......
......@@ -95,7 +95,7 @@ hardware: Marvell Kirkwood
hardware-long: Marvell Kirkwood based systems (SheevaPlug, QNAP TS-119/TS-219, etc)
[kirkwood_image]
recommends: uboot-mkimage
recommends: u-boot-tools
# SheevaPlug: 4194304 - 8 - 64 = 4194232
# QNAP TS-119/TS-219: 2097152 - 8 - 64 = 2097080
check-size: 2097080
......@@ -145,7 +145,7 @@ hardware: Marvell Orion
hardware-long: Marvell Orion 5181, 5182 and 5281 based systems (QNAP TS-109/TS-209, etc)
[orion5x_image]
recommends: uboot-mkimage
recommends: u-boot-tools
# D-Link DNS-323: 1572864 - 8 - 64 = 1572792
# HP Media Vault mv2120: ca 2 MB
# QNAP TS-109/TS-209 & TS-409: 2097152 - 8 - 64 = 2097080
......
......@@ -612,6 +612,7 @@ CONFIG_CHARGER_ISP1704=m
CONFIG_POWER_RESET=y
CONFIG_POWER_RESET_GPIO=y
CONFIG_POWER_RESET_RESTART=y
CONFIG_POWER_RESET_SYSCON=y
##
## file: drivers/pwm/Kconfig
......@@ -660,6 +661,7 @@ CONFIG_RTC_DRV_MC13XXX=y
CONFIG_RTC_DRV_MXC=y
CONFIG_RTC_DRV_SNVS=y
CONFIG_RTC_DRV_PALMAS=y
CONFIG_RTC_DRV_PCF8523=y
##
## file: drivers/scsi/Kconfig
......
......@@ -4107,6 +4107,7 @@ CONFIG_USB_EHSET_TEST_FIXTURE=m
CONFIG_USB_ISIGHTFW=m
CONFIG_USB_YUREX=m
# CONFIG_USB_HSIC_USB3503 is not set
CONFIG_USB_CHAOSKEY=m
##
## file: drivers/usb/misc/sisusbvga/Kconfig
......
[abi]
abiname: 4
abiname: 6
ignore-changes:
# Should not be used from OOT
module:arch/x86/kvm/kvm
module:arch/powerpc/kvm/kvm
module:drivers/md/dm-snapshot
module:drivers/misc/mei/*
module:drivers/mtd/spi-nor/spi-nor
module:drivers/net/wireless/iwlwifi/iwlwifi
module:drivers/net/can/can-dev
module:drivers/net/ethernet/**
module:drivers/net/wireless/**
module:drivers/s390/net/qeth
module:drivers/s390/net/qeth*
module:drivers/scsi/cxgbi/*
module:drivers/scsi/libiscs*
module:drivers/scsi/qla2xxx/qla2xxx
module:drivers/staging/usbip/*
module:drivers/target/iscsi/iscsi_target_mod
module:drivers/target/target_core_mod
module:drivers/usb/musb/*
module:net/ceph/libceph
module:net/l2tp/*
module:net/rds/rds
module:sound/firewire/snd-firewire-lib
module:sound/i2c/other/snd-ak4113
module:sound/i2c/other/snd-ak4114
module:sound/pci/emu10k1/*
azx_alloc_cmd_io
azx_free_cmd_io
azx_get_response
azx_init_cmd_io
azx_send_cmd
can_rx_register
cpuidle_*
inet_add_protocol
inet_del_protocol
inet_frag_*
inet_frags_*
kvm_async_pf_task_wait
kvmppc_*
musb_*
perf_trace_*
tcp_make_synack
tcp_parse_options
tcp_try_fastopen
# Apparently not used OOT
__add_pages
__remove_pages
nf_register_queue_handler
of_device_is_stdout_path
module:sound/soc/*
# Not needed by modules at all
blk_rq_check_limits
clk_divider_ro_ops
tick_nohz_idle_enter
tick_nohz_idle_exit
# Apparently not used from OOT
skb_copy_and_csum_datagram_iovec
module:net/dccp/dccp
fl6_*
inet_sk_diag_fill
ip6_append_data
ip6_datagram_send_ctl
ip6_xmit
ipv6_dup_options
ipv6_fixup_options
ipv6_push_nfrag_opts
tcp_cong_avoid_ai
tcp_slow_start
# Not used by OOT modules
__scm_destroy
__scm_send
scm_detach_fds
scm_fp_dup
af_alg_*
xt_compat_match_from_user
efivar_validate
zpci_disable_device
zpci_enable_device
zpci_stop_device
# Private to *notify
fsnotify_*_group
fsnotify_*_mark
# Assume IB drivers are added/updated through OFED, which also updates IB core
module:drivers/infiniband/**
[base]
arches:
......@@ -72,6 +135,8 @@ gcc-4.4: gcc-4.4
gcc-4.6: gcc-4.6
gcc-4.7: gcc-4.7
gcc-4.8: gcc-4.8
# gcc 4.9 with retpoline support
gcc-4.9: gcc-4.9 (>= 4.9.2-10+deb7u1), gcc-4.9 (<< 4.9.2-11)
# initramfs-generators
initramfs-fallback: linux-initramfs-tool
......
[base]
compiler: gcc-4.9
featuresets:
none
rt
......@@ -19,7 +20,7 @@ configs:
install-stem: vmlinuz
[relations]
headers%gcc-4.8: linux-compiler-gcc-4.8-x86
headers%gcc-4.9: linux-compiler-gcc-4.9-x86 (>= 3.16.51-3+deb8u2~), linux-kbuild-3.16 (>= 3.16.56-1)
[586_description]
hardware: older PCs
......
......@@ -18,6 +18,7 @@ CONFIG_MIPS32_N32=y
##
## file: arch/mips/cavium-octeon/Kconfig
##
CONFIG_CAVIUM_CN63XXP1=y
CONFIG_CAVIUM_OCTEON_CVMSEG_SIZE=1
# CONFIG_CAVIUM_OCTEON_2ND_KERNEL is not set
CONFIG_CAVIUM_OCTEON_LOCK_L2=y
......
......@@ -93,6 +93,7 @@ CONFIG_HOTPLUG_PCI_RPA_DLPAR=m
##
CONFIG_SCSI_IBMVSCSI=m
CONFIG_SCSI_IBMVSCSIS=m
CONFIG_SCSI_IBMVFC=m
CONFIG_SCSI_QLOGIC_1280=m
##
......
......@@ -63,9 +63,11 @@ CONFIG_HOTPLUG_CPU=y
CONFIG_PCI=y
# CONFIG_PCI_CNB20LE_QUIRK is not set
# CONFIG_RAPIDIO is not set
CONFIG_X86_SYSFB=y
#. Doesn't support handover; see #822575
# CONFIG_X86_SYSFB is not set
CONFIG_IA32_EMULATION=y
CONFIG_IA32_AOUT=y
CONFIG_IOSF_MBI=m
##
## file: arch/x86/Kconfig.cpu
......@@ -399,6 +401,7 @@ CONFIG_EDAC_I82875P=m
CONFIG_EDAC_I82975X=m
CONFIG_EDAC_I3000=m
CONFIG_EDAC_I3200=m
CONFIG_EDAC_IE31200=m
CONFIG_EDAC_X38=m
CONFIG_EDAC_I5400=m
CONFIG_EDAC_I7CORE=m
......@@ -497,6 +500,7 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
## file: drivers/gpu/drm/vmwgfx/Kconfig
##
CONFIG_DRM_VMWGFX=m
CONFIG_DRM_VMWGFX_FBCON=y
##
## file: drivers/gpu/vga/Kconfig
......@@ -1156,6 +1160,11 @@ CONFIG_I82092=m
CONFIG_TCIC=m
# CONFIG_PCMCIA_DEBUG is not set
##
## file: drivers/pinctrl/Kconfig
##
CONFIG_PINCTRL_BAYTRAIL=y
##
## file: drivers/platform/chrome/Kconfig
##
......@@ -1693,7 +1702,8 @@ CONFIG_FB_VOODOO1=m
CONFIG_FB_TRIDENT=m
CONFIG_FB_VIRTUAL=m
CONFIG_FB_HYPERV=m
CONFIG_FB_SIMPLE=y
#. Doesn't support handover; see #822575
# CONFIG_FB_SIMPLE is not set
##
## file: drivers/video/fbdev/geode/Kconfig
......
......@@ -20,7 +20,7 @@ hardware: sh7785lcr
hardware-long: Renesas SH7785 reference board
[sh7785lcr_image]
recommends: uboot-mkimage
recommends: u-boot-tools
# Kernel partition size: 4MB
check-size: 4194304
......@@ -6,6 +6,7 @@ ohci-exynos
ohci-omap3
ehci-exynos
ehci-omap
ehci-orion
phy-exynos-usb2
phy-omap-usb2
ci_hdrc_imx
......
dm-multipath
dm-round-robin
dm-service-time
......@@ -23,15 +23,19 @@ class Changelog(list):
(?P<distribution>
[-+0-9a-zA-Z.]+
)
\;
\;\s+urgency=
(?P<urgency>
\w+
)
"""
_re = re.compile(_rules, re.X)
class Entry(object):
__slot__ = 'distribution', 'source', 'version'
__slot__ = 'distribution', 'source', 'version', 'urgency'
def __init__(self, distribution, source, version):
self.distribution, self.source, self.version = distribution, source, version
def __init__(self, distribution, source, version, urgency):
self.distribution, self.source, self.version, self.urgency = \
distribution, source, version, urgency
def __init__(self, dir='', version=None):
if version is None:
......@@ -53,7 +57,9 @@ class Changelog(list):
if not len(self):
raise
v = Version(match.group('version'))
self.append(self.Entry(match.group('distribution'), match.group('source'), v))
self.append(self.Entry(match.group('distribution'),
match.group('source'), v,
match.group('urgency')))
class Version(object):
......@@ -139,14 +145,17 @@ class VersionLinux(Version):
~exp\d+
)
|
(?P<revision_security>
[~+]deb\d+u\d+
)?
(?P<revision_backports>
~bpo\d\d\+\d+
)
~bpo\d+\+\d+
)?
|
(?P<revision_other>
[^-]+
)
)?
)
$
"""
_version_linux_re = re.compile(_version_linux_rules, re.X)
......@@ -167,6 +176,7 @@ $
self.linux_upstream_full = self.linux_upstream + d['update']
self.linux_dfsg = d['dfsg']
self.linux_revision_experimental = match.group('revision_experimental') and True
self.linux_revision_security = match.group('revision_security') and True
self.linux_revision_backports = match.group('revision_backports') and True
self.linux_revision_other = match.group('revision_other') and True
......
From: Roger Pau Monne <roger.pau@citrix.com>
Date: Mon, 2 Feb 2015 11:28:21 +0000
Subject: xen-blkfront: fix accounting of reqs when migrating
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Origin: https://git.kernel.org/linus/3bb8c98e5612f069010ad04e5f463389e2eb6563
Bug-Debian: https://bugs.debian.org/843715
Current migration code uses blk_put_request in order to finish a request
before requeuing it. This function doesn't update the statistics of the
queue, which completely screws accounting. Use blk_end_request_all instead
which properly updates the statistics of the queue.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reported-and-Tested-by: Ouyang Zhaowei (Charles) <ouyangzhaowei@huawei.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: xen-devel@lists.xenproject.org
---
drivers/block/xen-blkfront.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/block/xen-blkfront.c
+++ b/drivers/block/xen-blkfront.c
@@ -1489,7 +1489,7 @@ static int blkif_recover(struct blkfront
merge_bio.tail = copy[i].request->biotail;
bio_list_merge(&bio_list, &merge_bio);
copy[i].request->bio = NULL;
- blk_put_request(copy[i].request);
+ blk_end_request_all(copy[i].request, 0);
}
kfree(copy);
@@ -1512,7 +1512,7 @@ static int blkif_recover(struct blkfront
req->bio = NULL;
if (req->cmd_flags & (REQ_FLUSH | REQ_FUA))
pr_alert("diskcache flush request found!\n");
- __blk_put_request(info->rq, req);
+ __blk_end_request_all(req, 0);
}
spin_unlock_irq(&info->io_lock);
From: Pavel Shilovsky <pshilov@microsoft.com>
Date: Mon, 7 Nov 2016 18:20:50 -0800
Subject: CIFS: Enable encryption during session setup phase
Origin: https://git.kernel.org/linus/cabfb3680f78981d26c078a26e5c748531257ebb
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1066
In order to allow encryption on SMB connection we need to exchange
a session key and generate encryption and decryption keys.
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
[bwh: Backported to 3.16:
- SMB2_sess_establish_session() has not been split out from SMB2_sess_setup()
and there is additional cleanup to do on error, so keep the
'goto keygen_exit'
- Adjust context]
---
fs/cifs/sess.c | 22 ++++++++++------------
fs/cifs/smb2pdu.c | 12 ++----------
2 files changed, 12 insertions(+), 22 deletions(-)
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -343,13 +343,12 @@ void build_ntlmssp_negotiate_blob(unsign
/* BB is NTLMV2 session security format easier to use here? */
flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET |
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
- if (ses->server->sign) {
+ NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
+ NTLMSSP_NEGOTIATE_SEAL;
+ if (ses->server->sign)
flags |= NTLMSSP_NEGOTIATE_SIGN;
- if (!ses->server->session_estab ||
- ses->ntlmssp->sesskey_per_smbsess)
- flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
- }
+ if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
+ flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
sec_blob->NegotiateFlags = cpu_to_le32(flags);
@@ -406,13 +405,12 @@ int build_ntlmssp_auth_blob(unsigned cha
flags = NTLMSSP_NEGOTIATE_56 |
NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO |
NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
- if (ses->server->sign) {
+ NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC |
+ NTLMSSP_NEGOTIATE_SEAL;
+ if (ses->server->sign)
flags |= NTLMSSP_NEGOTIATE_SIGN;
- if (!ses->server->session_estab ||
- ses->ntlmssp->sesskey_per_smbsess)
- flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
- }
+ if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess)
+ flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE);
sec_blob->NegotiateFlags = cpu_to_le32(flags);
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -752,10 +752,8 @@ ssetup_exit:
if (!rc) {
mutex_lock(&server->srv_mutex);
- if (server->sign && server->ops->generate_signingkey) {
+ if (server->ops->generate_signingkey) {
rc = server->ops->generate_signingkey(ses);
- kfree(ses->auth_key.response);
- ses->auth_key.response = NULL;
if (rc) {
cifs_dbg(FYI,
"SMB3 session key generation failed\n");
@@ -777,10 +775,6 @@ ssetup_exit:
}
keygen_exit:
- if (!server->sign) {
- kfree(ses->auth_key.response);
- ses->auth_key.response = NULL;
- }
kfree(ses->ntlmssp);
return rc;
From: David Howells <dhowells@redhat.com>
Date: Mon, 1 Dec 2014 22:52:50 +0000
Subject: KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags
Origin: https://git.kernel.org/linus/054f6180d8b5602b431b5924976c956e760488b1
Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags to be two variations of the
same flag. They are effectively mutually exclusive and one or the other
should be provided, but not both.
Keyring cycle detection and key possession determination are the only things
that set NO_STATE_CHECK, except that neither flag really does anything there
because neither purpose makes use of the keyring_search_iterator() function,
but rather provides their own.
For cycle detection we definitely want to check inside of expired keyrings,
just so that we don't create a cycle we can't get rid of. Revoked keyrings
are cleared at revocation time and can't then be reused, so shouldn't be a
problem either way.
For possession determination, we *might* want to validate each keyring before
searching it: do you possess a key that's hidden behind an expired or just
plain inaccessible keyring? Currently, the answer is yes. Note that you
cannot, however, possess a key behind a revoked keyring because they are
cleared on revocation.
keyring_search() sets DO_STATE_CHECK, which is correct.
request_key_and_link() currently doesn't specify whether to check the key
state or not - but it should set DO_STATE_CHECK.
key_get_instantiation_authkey() also currently doesn't specify whether to
check the key state or not - but it probably should also set DO_STATE_CHECK.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Chuck Lever <chuck.lever@oracle.com>
[carnil: Backported to 3.16: Adjust context]
---
security/keys/keyring.c | 7 ++++---
security/keys/request_key.c | 1 +
security/keys/request_key_auth.c | 1 +
3 files changed, 6 insertions(+), 3 deletions(-)
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -609,6 +609,10 @@ static bool search_nested_keyrings(struc
ctx->index_key.type->name,
ctx->index_key.description);
+#define STATE_CHECKS (KEYRING_SEARCH_NO_STATE_CHECK | KEYRING_SEARCH_DO_STATE_CHECK)
+ BUG_ON((ctx->flags & STATE_CHECKS) == 0 ||
+ (ctx->flags & STATE_CHECKS) == STATE_CHECKS);
+
if (ctx->index_key.description)
ctx->index_key.desc_len = strlen(ctx->index_key.description);
@@ -618,7 +622,6 @@ static bool search_nested_keyrings(struc
if (ctx->flags & KEYRING_SEARCH_LOOKUP_ITERATE ||
keyring_compare_object(keyring, &ctx->index_key)) {
ctx->skipped_ret = 2;
- ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK;
switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {
case 1:
goto found;
@@ -630,8 +633,6 @@ static bool search_nested_keyrings(struc
}
ctx->skipped_ret = 0;
- if (ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK)
- ctx->flags &= ~KEYRING_SEARCH_DO_STATE_CHECK;
/* Start processing a new keyring */
descend_to_keyring:
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -536,7 +536,8 @@ struct key *request_key_and_link(struct
.cred = current_cred(),
.match = type->match,
.match_data = description,
- .flags = KEYRING_SEARCH_LOOKUP_DIRECT,
+ .flags = (KEYRING_SEARCH_LOOKUP_DIRECT |
+ KEYRING_SEARCH_DO_STATE_CHECK),
};
struct key *key;
key_ref_t key_ref;
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -235,7 +235,8 @@ struct key *key_get_instantiation_authke
.cred = current_cred(),
.match = user_match,
.match_data = description,
- .flags = KEYRING_SEARCH_LOOKUP_DIRECT,
+ .flags = (KEYRING_SEARCH_LOOKUP_DIRECT |
+ KEYRING_SEARCH_DO_STATE_CHECK),
};
struct key *authkey;
key_ref_t authkey_ref;
From: NeilBrown <neilb@suse.com>
Date: Mon, 5 Dec 2016 15:10:11 +1100
Subject: SUNRPC: fix refcounting problems with auth_gss messages.
Origin: https://git.kernel.org/linus/1cded9d2974fe4fe339fc0ccd6638b80d465ab2c
Bug-Debian: https://bugs.debian.org/852708
There are two problems with refcounting of auth_gss messages.
First, the reference on the pipe->pipe list (taken by a call
to rpc_queue_upcall()) is not counted. It seems to be
assumed that a message in pipe->pipe will always also be in
pipe->in_downcall, where it is correctly reference counted.
However there is no guaranty of this. I have a report of a
NULL dereferences in rpc_pipe_read() which suggests a msg
that has been freed is still on the pipe->pipe list.
One way I imagine this might happen is:
- message is queued for uid=U and auth->service=S1
- rpc.gssd reads this message and starts processing.
This removes the message from pipe->pipe
- message is queued for uid=U and auth->service=S2
- rpc.gssd replies to the first message. gss_pipe_downcall()
calls __gss_find_upcall(pipe, U, NULL) and it finds the
*second* message, as new messages are placed at the head
of ->in_downcall, and the service type is not checked.
- This second message is removed from ->in_downcall and freed
by gss_release_msg() (even though it is still on pipe->pipe)
- rpc.gssd tries to read another message, and dereferences a pointer
to this message that has just been freed.
I fix this by incrementing the reference count before calling
rpc_queue_upcall(), and decrementing it if that fails, or normally in
gss_pipe_destroy_msg().
It seems strange that the reply doesn't target the message more
precisely, but I don't know all the details. In any case, I think the
reference counting irregularity became a measureable bug when the
extra arg was added to __gss_find_upcall(), hence the Fixes: line
below.
The second problem is that if rpc_queue_upcall() fails, the new
message is not freed. gss_alloc_msg() set the ->count to 1,
gss_add_msg() increments this to 2, gss_unhash_msg() decrements to 1,
then the pointer is discarded so the memory never gets freed.
Fixes: 9130b8dbc6ac ("SUNRPC: allow for upcalls for same uid but different gss service")
Cc: stable@vger.kernel.org
Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1011250
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
---
net/sunrpc/auth_gss/auth_gss.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 3dfd769dc5b5..16cea00c959b 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -541,9 +541,13 @@ gss_setup_upcall(struct gss_auth *gss_auth, struct rpc_cred *cred)
return gss_new;
gss_msg = gss_add_msg(gss_new);
if (gss_msg == gss_new) {
- int res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
+ int res;
+ atomic_inc(&gss_msg->count);
+ res = rpc_queue_upcall(gss_new->pipe, &gss_new->msg);
if (res) {
gss_unhash_msg(gss_new);
+ atomic_dec(&gss_msg->count);
+ gss_release_msg(gss_new);
gss_msg = ERR_PTR(res);
}
} else
@@ -836,6 +840,7 @@ gss_pipe_destroy_msg(struct rpc_pipe_msg *msg)
warn_gssd();
gss_release_msg(gss_msg);
}
+ gss_release_msg(gss_msg);
}
static void gss_pipe_dentry_destroy(struct dentry *dir,
--
2.11.0
From: Christian Borntraeger <borntraeger@de.ibm.com>
Date: Tue, 25 Nov 2014 10:01:16 +0100
Subject: kernel: Provide READ_ONCE and ASSIGN_ONCE
Origin: https://git.kernel.org/linus/230fa253df6352af12ad0a16128760b5cb3f92df
ACCESS_ONCE does not work reliably on non-scalar types. For
example gcc 4.6 and 4.7 might remove the volatile tag for such