Changelog
linux (4.9.18-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.17
- net/mlx5e: Register/unregister vport representors on interface
attach/detach
- net/mlx5e: Do not reduce LRO WQE size when not using build_skb
- net/mlx5e: Fix wrong CQE decompression
- vxlan: correctly validate VXLAN ID against VXLAN_N_VID
- vti6: return GRE_KEY for vti6
- vxlan: don't allow overwrite of config src addr
- ipv4: mask tos for input route
- net sched actions: decrement module reference count after table flush.
- l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
- net: phy: Avoid deadlock during phy_error()
- vxlan: lock RCU on TX path
- geneve: lock RCU on TX path
- tcp/dccp: block BH for SYN processing
- net: bridge: allow IPv6 when multicast flood is disabled
- net: don't call strlen() on the user buffer in packet_bind_spkt()
- net: net_enable_timestamp() can be called from irq contexts
- ipv6: orphan skbs in reassembly unit
- dccp: Unlock sock before calling sk_free()
- strparser: destroy workqueue on module exit
- tcp: fix various issues for sockets morphing to listen state
- net: fix socket refcounting in skb_complete_wifi_ack()
- net: fix socket refcounting in skb_complete_tx_timestamp()
- net/sched: act_skbmod: remove unneeded rcu_read_unlock in tcf_skbmod_dump
- dccp: fix use-after-free in dccp_feat_activate_values
- vrf: Fix use-after-free in vrf_xmit
- net/tunnel: set inner protocol in network gro hooks
- act_connmark: avoid crashing on malformed nlattrs with null parms
- mpls: Send route delete notifications when router module is unloaded
- mpls: Do not decrement alive counter for unregister events
- ipv6: make ECMP route replacement less greedy
- ipv6: avoid write to a possibly cloned skb
- bridge: drop netfilter fake rtable unconditionally
- dccp/tcp: fix routing redirect race
- tun: fix premature POLLOUT notification on tun devices
- dccp: fix memory leak during tear-down of unsuccessful connection request
- bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers
- bpf: fix state equivalence
- bpf: fix regression on verifier pruning wrt map lookups
- bpf: fix mark_reg_unknown_value for spilled regs on map value marking
- dmaengine: iota: ioat_alloc_chan_resources should not perform sleeping
allocations.
- xen: do not re-use pirq number cached in pci device msi msg data
- igb: Workaround for igb i210 firmware issue
- igb: add i211 to i210 PHY workaround
- [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic
- PCI: Separate VF BAR updates from standard BAR updates
- PCI: Remove pci_resource_bar() and pci_iov_resource_bar()
- PCI: Decouple IORESOURCE_ROM_ENABLE and PCI_ROM_ADDRESS_ENABLE
- PCI: Don't update VF BARs while VF memory space is enabled
- PCI: Update BARs using property bits appropriate for type
- PCI: Ignore BAR updates on virtual functions
- PCI: Do any VF BAR updates before enabling the BARs
- [powerpc*] ibmveth: calculate gso_segs for large packets
- [x86] Drivers: hv: ring_buffer: count on wrap around mappings in
get_next_pkt_raw() (v2)
- vfio/spapr: Postpone allocation of userspace version of TCE table
- [powerpc*] iommu: Stop using @current in mm_iommu_xxx
- [powerpc*] vfio/spapr: Reference mm in tce_container
- [powerpc*] mm/iommu, vfio/spapr: Put pages on VFIO container shutdown
- [powerpc*] vfio/spapr: Add a helper to create default DMA window
- [powerpc*] vfio/spapr: Postpone default window creation
- drm/nouveau/disp/gp102: fix cursor/overlay immediate channel indices
- drm/nouveau/disp/nv50-: split chid into chid.ctrl and chid.user
- drm/nouveau/disp/nv50-: specify ctrl/user separately when constructing
classes
- block: allow WRITE_SAME commands with the SG_IO ioctl
- [s390x] zcrypt: Introduce CEX6 toleration
- uvcvideo: uvc_scan_fallback() for webcams with broken chain
- [x86] ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520
- [x86] ACPI / blacklist: Make Dell Latitude 3350 ethernet work
- serial: 8250_pci: Detach low-level driver during PCI error recovery
- [armhf] clk: bcm2835: Fix ->fixed_divider of pllh_aux
- [armhf] drm/vc4: Fix race between page flip completion event and clean-up
- [armhf] drm/vc4: Fix ->clock_select setting for the VEC encoder
- [arm64] KVM: VHE: Clear HCR_TGE when invalidating guest TLBs
- [armhf,arm64] irqchip/gicv3-its: Add workaround for QDF2400 ITS erratum
0065
- [x86] tsc: Fix ART for TSC_KNOWN_FREQ
- [x86] perf: Fix CR4.PCE propagation to use active_mm instead of mm
- futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
- futex: Add missing error handling to FUTEX_REQUEUE_PI
- locking/rwsem: Fix down_write_killable() for
CONFIG_RWSEM_GENERIC_SPINLOCK=y
- [powerpc*] crypto: Fix initialisation of crc32c context
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.18
- [armhf] drm/vc4: Fix termination of the initial scan for branch targets.
- [armhf] drm/vc4: Use runtime autosuspend to avoid thrashing V3D power
state.
- qla2xxx: Fix memory leak for abts processing
- qla2xxx: Fix request queue corruption.
- [hppa] Optimize flush_kernel_vmap_range and invalidate_kernel_vmap_range
- [hppa] Fix system shutdown halt
- perf/core: Fix use-after-free in perf_release()
- perf/core: Fix event inheritance on fork()
- NFS prevent double free in async nfs4_exchange_id
- cpufreq: Fix and clean up show_cpuinfo_cur_freq()
- [powerpc*] boot: Fix zImage TOC alignment
- md/raid1/10: fix potential deadlock
- target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
- scsi: lpfc: Add shutdown method for kexec
- scsi: libiscsi: add lock around task lists to fix list corruption
regression
- target: Fix VERIFY_16 handling in sbc_parse_cdb
- isdn/gigaset: fix NULL-deref at probe
- gfs2: Avoid alignment hole in struct lm_lockname
- percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
- cgroup/pids: remove spurious suspicious RCU usage warning
- [x86] drm/amdgpu/si: add dpm quirk for Oland
- ext4: fix fencepost in s_first_meta_bg validation (Closes: #856808)
[ Ben Hutchings ]
* [powerpc*] Ignore ABI changes in cxl (fixes FTBFS) (Closes: #858530)
and IOMMU setup
* Ignore ABI changes in bpf, dccp, libiscsi
* [x86] Ignore ABI changes in kvm
* [rt] Update to 4.9.18-rt14:
- lockdep: Fix per-cpu static objects
- futex: Cleanup variable names for futex_top_waiter()
- futex: Use smp_store_release() in mark_wake_futex()
- futex: Remove rt_mutex_deadlock_account_*()
- futex,rt_mutex: Provide futex specific rt_mutex API
- futex: Change locking rules
- futex: Cleanup refcounting
- futex: Rework inconsistent rt_mutex/futex_q state
- futex: Pull rt_mutex_futex_unlock() out from under hb->lock
- futex,rt_mutex: Introduce rt_mutex_init_waiter()
- futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
- futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()
- futex: Futex_unlock_pi() determinism
- futex: Drop hb->lock before enqueueing on the rtmutex
- futex: workaround migrate_disable/enable in different context
- Revert "kernel/futex: don't deboost too early"
* xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
(CVE-2017-7184)
* xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (CVE-2017-7184)
* scsi: sg: check length passed to SG_NEXT_CMD_LEN (CVE-2017-7187)
* [x86] vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
(CVE-2017-7261)
* [x86] drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
(CVE-2017-7294)
* net/packet: Fix integer overflow in various range checks (CVE-2017-7308)
* [arm64] rtc: tegra: Implement clock handling (Closes: #858514)
* [armhf] sound/soc: Enable SND_SUN4I_SPDIF as module (Closes: #857410)
* [arm64,x86] Enable CROS_KBD_LED_BACKLIGHT as module (Closes: #856906)
* netfilter: nft_ct: add notrack support (Closes: #845500)
* w1: Enable W1_MASTER_GPIO as module (Closes: #858975)
[ James Clarke ]
* [sparc64] udeb: Re-add ufs-modules (Closes: #858049)
-- Ben Hutchings <email address hidden> Thu, 30 Mar 2017 02:16:33 +0100