From d78c498a976cd21d4279f3899b69e4908b6d812e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 8 May 2016 20:45:02 +0200 Subject: [PATCH] version 4.4.8-9 As usual - dropped patched already applied there, other updated. --- config | 213 +++++++++++++----- ..._redirect-add-missing-NULL-pointer-c.patch | 84 ------- patches.rpmify/makefile-after_link.patch | 2 +- ...sa155-0001-xen-Add-RING_COPY_REQUEST.patch | 57 ----- ...t-use-last-request-to-determine-mini.patch | 40 ---- ...ack-use-RING_COPY_REQUEST-throughout.patch | 131 ----------- ...-read-request-operation-from-shared-.patch | 54 ----- ...06-xen-scsiback-safely-copy-requests.patch | 37 --- ...pare-request-locally-only-then-put-i.patch | 165 -------------- ...-from-indirect-descriptors-only-once.patch | 65 ------ ...-response-out-of-shared-buffer-befo.patch} | 4 +- ...ot-use-data-already-exposed-to-back.patch} | 43 ++-- ...pare-request-locally-only-then-put-i.patch | 161 +++++++++++++ ...rn-error-on-XEN_PCI_OP_enable_msi-wh.patch | 61 ----- ...ot-install-an-IRQ-handler-for-MSI-in.patch | 81 ------- ...XEN_PCI_OP_disable_msi-x-only-disabl.patch | 105 --------- series.conf | 18 +- version | 2 +- 18 files changed, 340 insertions(+), 983 deletions(-) delete mode 100644 patches.backports/0001-netfilter-nf_nat_redirect-add-missing-NULL-pointer-c.patch delete mode 100644 patches.xen/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch delete mode 100644 patches.xen/xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch delete mode 100644 patches.xen/xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch delete mode 100644 patches.xen/xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch delete mode 100644 patches.xen/xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch delete mode 100644 patches.xen/xsa155-linux319-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch delete mode 100644 patches.xen/xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch rename patches.xen/{xsa155-linux318-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch => xsa155-linux44-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch} (98%) rename patches.xen/{xsa155-linux41-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch => xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch} (65%) create mode 100644 patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch delete mode 100644 patches.xen/xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch delete mode 100644 patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch delete mode 100644 patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch diff --git a/config b/config index c558b68..5e2a88a 100644 --- a/config +++ b/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.3.3 Kernel Configuration +# Linux/x86 4.4.8 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -51,7 +51,7 @@ CONFIG_BUILDTIME_EXTABLE_SORT=y CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_CROSS_COMPILE="" # CONFIG_COMPILE_TEST is not set -CONFIG_LOCALVERSION="-7.pvops.qubes.x86_64" +CONFIG_LOCALVERSION="-9.pvops.qubes.x86_64" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y @@ -323,7 +323,6 @@ CONFIG_MODULE_UNLOAD=y # CONFIG_MODULE_SIG is not set # CONFIG_MODULE_COMPRESS is not set CONFIG_MODULES_TREE_LOOKUP=y -CONFIG_STOP_MACHINE=y CONFIG_BLOCK=y CONFIG_BLK_DEV_BSG=y CONFIG_BLK_DEV_BSGLIB=y @@ -468,9 +467,6 @@ CONFIG_MICROCODE=y CONFIG_MICROCODE_INTEL=y CONFIG_MICROCODE_AMD=y CONFIG_MICROCODE_OLD_INTERFACE=y -CONFIG_MICROCODE_INTEL_EARLY=y -CONFIG_MICROCODE_AMD_EARLY=y -CONFIG_MICROCODE_EARLY=y CONFIG_X86_MSR=y CONFIG_X86_CPUID=y CONFIG_ARCH_PHYS_ADDR_T_64BIT=y @@ -506,7 +502,6 @@ CONFIG_MEMORY_ISOLATION=y CONFIG_MEMORY_HOTPLUG=y CONFIG_MEMORY_HOTPLUG_SPARSE=y # CONFIG_MEMORY_HOTREMOVE is not set -CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_MEMORY_BALLOON=y @@ -578,6 +573,9 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set # CONFIG_COMPAT_VDSO is not set +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +# CONFIG_LEGACY_VSYSCALL_EMULATE is not set +CONFIG_LEGACY_VSYSCALL_NONE=y # CONFIG_CMDLINE_BOOL is not set CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH=y @@ -611,6 +609,7 @@ CONFIG_ACPI=y CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set CONFIG_ACPI_SLEEP=y # CONFIG_ACPI_PROCFS_POWER is not set CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y @@ -933,7 +932,7 @@ CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NF_CT_NETLINK=m CONFIG_NF_CT_NETLINK_TIMEOUT=m CONFIG_NF_CT_NETLINK_HELPER=m -CONFIG_NETFILTER_NETLINK_QUEUE_CT=y +CONFIG_NETFILTER_NETLINK_GLUE_CT=y CONFIG_NF_NAT=m CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_DCCP=m @@ -1301,6 +1300,7 @@ CONFIG_6LOWPAN_NHC_MOBILITY=m CONFIG_6LOWPAN_NHC_ROUTING=m CONFIG_6LOWPAN_NHC_UDP=m CONFIG_IEEE802154=m +# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set CONFIG_IEEE802154_SOCKET=m CONFIG_IEEE802154_6LOWPAN=m CONFIG_MAC802154=m @@ -1399,6 +1399,7 @@ CONFIG_MPLS_ROUTING=m CONFIG_MPLS_IPTUNNEL=m # CONFIG_HSR is not set CONFIG_NET_SWITCHDEV=y +# CONFIG_NET_L3_MASTER_DEV is not set CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y @@ -1595,6 +1596,7 @@ CONFIG_CFG80211=m CONFIG_CFG80211_DEFAULT_PS=y CONFIG_CFG80211_DEBUGFS=y # CONFIG_CFG80211_INTERNAL_REGDB is not set +CONFIG_CFG80211_CRDA_SUPPORT=y CONFIG_CFG80211_WEXT=y CONFIG_CFG80211_WEXT_EXPORT=y CONFIG_LIB80211=m @@ -1643,6 +1645,8 @@ CONFIG_NFC_PN533=m CONFIG_NFC_MEI_PHY=m CONFIG_NFC_SIM=m CONFIG_NFC_PORT100=m +CONFIG_NFC_FDP=m +CONFIG_NFC_FDP_I2C=m CONFIG_NFC_PN544=m CONFIG_NFC_PN544_I2C=m CONFIG_NFC_PN544_MEI=m @@ -1652,6 +1656,7 @@ CONFIG_NFC_MICROREAD_MEI=m CONFIG_NFC_MRVL=m CONFIG_NFC_MRVL_USB=m CONFIG_NFC_MRVL_UART=m +CONFIG_NFC_MRVL_I2C=m CONFIG_NFC_ST21NFCA=m CONFIG_NFC_ST21NFCA_I2C=m CONFIG_NFC_ST_NCI=m @@ -1690,6 +1695,7 @@ CONFIG_SYS_HYPERVISOR=y CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m +CONFIG_REGMAP_MMIO=m CONFIG_REGMAP_IRQ=y CONFIG_DMA_SHARED_BUFFER=y # CONFIG_FENCE_TRACE is not set @@ -1811,7 +1817,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=0 CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_BLK_DEV_NBD=m -CONFIG_BLK_DEV_NVME=m CONFIG_BLK_DEV_SKD=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m @@ -1828,6 +1833,7 @@ CONFIG_VIRTIO_BLK=m # CONFIG_BLK_DEV_HD is not set CONFIG_BLK_DEV_RBD=m # CONFIG_BLK_DEV_RSXX is not set +CONFIG_BLK_DEV_NVME=m # # Misc devices @@ -1909,6 +1915,10 @@ CONFIG_INTEL_MIC_BUS=m # # SCIF Driver # + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# # CONFIG_GENWQE is not set CONFIG_ECHO=m # CONFIG_CXL_BASE is not set @@ -1994,12 +2004,10 @@ CONFIG_MEGARAID_MM=m CONFIG_MEGARAID_MAILBOX=m CONFIG_MEGARAID_LEGACY=m CONFIG_MEGARAID_SAS=m -CONFIG_SCSI_MPT2SAS=m -CONFIG_SCSI_MPT2SAS_MAX_SGE=128 -CONFIG_SCSI_MPT2SAS_LOGGING=y CONFIG_SCSI_MPT3SAS=m +CONFIG_SCSI_MPT2SAS_MAX_SGE=128 CONFIG_SCSI_MPT3SAS_MAX_SGE=128 -CONFIG_SCSI_MPT3SAS_LOGGING=y +CONFIG_SCSI_MPT2SAS=m CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_UFSHCD_PCI=m # CONFIG_SCSI_UFSHCD_PLATFORM is not set @@ -2251,7 +2259,6 @@ CONFIG_TUN=m CONFIG_VETH=m CONFIG_VIRTIO_NET=m CONFIG_NLMON=m -CONFIG_NET_VRF=m CONFIG_SUNGEM_PHY=m # CONFIG_ARCNET is not set CONFIG_ATM_DRIVERS=y @@ -2321,6 +2328,8 @@ CONFIG_ATL1=m CONFIG_ATL1E=m CONFIG_ATL1C=m CONFIG_ALX=m +CONFIG_NET_VENDOR_AURORA=y +CONFIG_AURORA_NB8800=m CONFIG_NET_CADENCE=y CONFIG_MACB=m CONFIG_NET_VENDOR_BROADCOM=y @@ -2335,6 +2344,8 @@ CONFIG_TIGON3=m CONFIG_BNX2X=m CONFIG_BNX2X_SRIOV=y CONFIG_BNX2X_VXLAN=y +CONFIG_BNXT=m +CONFIG_BNXT_SRIOV=y CONFIG_NET_VENDOR_BROCADE=y CONFIG_BNA=m CONFIG_NET_VENDOR_CAVIUM=y @@ -2404,7 +2415,6 @@ CONFIG_I40EVF=m CONFIG_FM10K=m # CONFIG_FM10K_VXLAN is not set # CONFIG_NET_VENDOR_I825XX is not set -CONFIG_IP1000=m CONFIG_JME=m CONFIG_NET_VENDOR_MARVELL=y CONFIG_MVMDIO=m @@ -2424,6 +2434,7 @@ CONFIG_MLX5_CORE_EN=y CONFIG_MLXSW_CORE=m CONFIG_MLXSW_PCI=m CONFIG_MLXSW_SWITCHX2=m +CONFIG_MLXSW_SPECTRUM=m CONFIG_NET_VENDOR_MICREL=y # CONFIG_KS8842 is not set # CONFIG_KS8851_MLL is not set @@ -2455,6 +2466,8 @@ CONFIG_QLCNIC_VXLAN=y CONFIG_QLCNIC_HWMON=y CONFIG_QLGE=m CONFIG_NETXEN_NIC=m +CONFIG_QED=m +CONFIG_QEDE=m # CONFIG_NET_VENDOR_QUALCOMM is not set CONFIG_NET_VENDOR_REALTEK=y CONFIG_ATP=m @@ -2535,6 +2548,7 @@ CONFIG_CICADA_PHY=m CONFIG_VITESSE_PHY=m CONFIG_TERANETICS_PHY=m CONFIG_SMSC_PHY=m +CONFIG_BCM_NET_PHYLIB=m CONFIG_BROADCOM_PHY=m CONFIG_BCM7XXX_PHY=m CONFIG_BCM87XX_PHY=m @@ -2627,10 +2641,10 @@ CONFIG_PCMCIA_WL3501=m CONFIG_PRISM54=m CONFIG_USB_ZD1201=m CONFIG_USB_NET_RNDIS_WLAN=m +CONFIG_ADM8211=m CONFIG_RTL8180=m CONFIG_RTL8187=m CONFIG_RTL8187_LEDS=y -CONFIG_ADM8211=m CONFIG_MAC80211_HWSIM=m CONFIG_MWL8K=m CONFIG_ATH_COMMON=m @@ -2684,7 +2698,6 @@ CONFIG_B43_BUSES_BCMA_AND_SSB=y # CONFIG_B43_BUSES_SSB is not set CONFIG_B43_PCI_AUTOSELECT=y CONFIG_B43_PCICORE_AUTOSELECT=y -CONFIG_B43_PCMCIA=y CONFIG_B43_SDIO=y CONFIG_B43_BCMA_PIO=y CONFIG_B43_PIO=y @@ -2825,6 +2838,8 @@ CONFIG_RTLWIFI_USB=m CONFIG_RTL8192C_COMMON=m CONFIG_RTL8723_COMMON=m CONFIG_RTLBTCOEXIST=m +CONFIG_RTL8XXXU=m +# CONFIG_RTL8XXXU_UNTESTED is not set CONFIG_WL_TI=y CONFIG_WL1251=m CONFIG_WL1251_SDIO=m @@ -2988,6 +3003,10 @@ CONFIG_MISDN_NETJET=m CONFIG_MISDN_IPAC=m CONFIG_MISDN_ISAR=m CONFIG_ISDN_HDLC=m +CONFIG_NVM=y +# CONFIG_NVM_DEBUG is not set +CONFIG_NVM_GENNVM=m +CONFIG_NVM_RRPC=m # # Input device support @@ -3112,6 +3131,7 @@ CONFIG_TOUCHSCREEN_CYTTSP4_I2C=m CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_HAMPSHIRE=m CONFIG_TOUCHSCREEN_EETI=m +CONFIG_TOUCHSCREEN_FT6236=m CONFIG_TOUCHSCREEN_FUJITSU=m CONFIG_TOUCHSCREEN_GOODIX=m CONFIG_TOUCHSCREEN_ILI210X=m @@ -3157,12 +3177,15 @@ CONFIG_TOUCHSCREEN_USB_NEXIO=y CONFIG_TOUCHSCREEN_USB_EASYTOUCH=y CONFIG_TOUCHSCREEN_TOUCHIT213=m CONFIG_TOUCHSCREEN_TSC_SERIO=m +CONFIG_TOUCHSCREEN_TSC200X_CORE=m +CONFIG_TOUCHSCREEN_TSC2004=m CONFIG_TOUCHSCREEN_TSC2007=m CONFIG_TOUCHSCREEN_ST1232=m CONFIG_TOUCHSCREEN_SUR40=m CONFIG_TOUCHSCREEN_SX8654=m CONFIG_TOUCHSCREEN_TPS6507X=m CONFIG_TOUCHSCREEN_ZFORCE=m +CONFIG_TOUCHSCREEN_ROHM_BU21023=m CONFIG_INPUT_MISC=y CONFIG_INPUT_AD714X=m CONFIG_INPUT_AD714X_I2C=m @@ -3214,6 +3237,7 @@ CONFIG_SERIO_ALTERA_PS2=m # CONFIG_SERIO_PS2MULT is not set CONFIG_SERIO_ARC_PS2=m CONFIG_HYPERV_KEYBOARD=m +# CONFIG_USERIO is not set CONFIG_GAMEPORT=m CONFIG_GAMEPORT_NS558=m CONFIG_GAMEPORT_L4=m @@ -3268,8 +3292,11 @@ CONFIG_SERIAL_8250_MANY_PORTS=y CONFIG_SERIAL_8250_SHARE_IRQ=y # CONFIG_SERIAL_8250_DETECT_IRQ is not set CONFIG_SERIAL_8250_RSA=y +# CONFIG_SERIAL_8250_FSL is not set # CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set # CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_MID=m # # Non-8250 serial port support @@ -3475,6 +3502,7 @@ CONFIG_GENERIC_PINCONF=y CONFIG_PINCTRL_BAYTRAIL=y CONFIG_PINCTRL_CHERRYVIEW=m CONFIG_PINCTRL_INTEL=m +CONFIG_PINCTRL_BROXTON=m CONFIG_PINCTRL_SUNRISEPOINT=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y CONFIG_GPIOLIB=y @@ -3487,15 +3515,22 @@ CONFIG_GPIO_SYSFS=y # # Memory mapped GPIO drivers # +CONFIG_GPIO_AMDPT=m # CONFIG_GPIO_DWAPB is not set -# CONFIG_GPIO_F7188X is not set # CONFIG_GPIO_GENERIC_PLATFORM is not set CONFIG_GPIO_ICH=m -# CONFIG_GPIO_IT8761E is not set # CONFIG_GPIO_LYNXPOINT is not set +# CONFIG_GPIO_VX855 is not set +# CONFIG_GPIO_ZX is not set + +# +# Port-mapped I/O GPIO drivers +# +CONFIG_GPIO_104_IDIO_16=m +# CONFIG_GPIO_F7188X is not set +CONFIG_GPIO_IT87=m # CONFIG_GPIO_SCH is not set # CONFIG_GPIO_SCH311X is not set -# CONFIG_GPIO_VX855 is not set # # I2C GPIO expanders @@ -3520,6 +3555,11 @@ CONFIG_GPIO_DLN2=m # CONFIG_GPIO_ML_IOH is not set # CONFIG_GPIO_RDC321X is not set +# +# SPI or I2C GPIO expanders +# +CONFIG_GPIO_MCP23S08=m + # # USB GPIO expanders # @@ -3564,8 +3604,9 @@ CONFIG_POWER_SUPPLY=y # CONFIG_BATTERY_DS2781 is not set # CONFIG_BATTERY_DS2782 is not set # CONFIG_BATTERY_SBS is not set -# CONFIG_BATTERY_BQ27x00 is not set -CONFIG_CHARGER_DA9150=m +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_CHARGER_DA9150 is not set +# CONFIG_BATTERY_DA9150 is not set # CONFIG_BATTERY_MAX17040 is not set # CONFIG_BATTERY_MAX17042 is not set # CONFIG_CHARGER_ISP1704 is not set @@ -3577,10 +3618,10 @@ CONFIG_CHARGER_DA9150=m # CONFIG_CHARGER_BQ24257 is not set # CONFIG_CHARGER_BQ24735 is not set # CONFIG_CHARGER_BQ25890 is not set -CONFIG_CHARGER_SMB347=m -CONFIG_BATTERY_GAUGE_LTC2941=m -CONFIG_BATTERY_RT5033=m -CONFIG_CHARGER_RT9455=m +# CONFIG_CHARGER_SMB347 is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_RT5033 is not set +# CONFIG_CHARGER_RT9455 is not set CONFIG_POWER_RESET=y # CONFIG_POWER_RESET_RESTART is not set # CONFIG_POWER_AVS is not set @@ -3652,6 +3693,7 @@ CONFIG_SENSORS_MAX6639=m CONFIG_SENSORS_MAX6642=m CONFIG_SENSORS_MAX6650=m CONFIG_SENSORS_MAX6697=m +CONFIG_SENSORS_MAX31790=m CONFIG_SENSORS_HTU21=m CONFIG_SENSORS_MCP3021=m CONFIG_SENSORS_LM63=m @@ -3801,6 +3843,7 @@ CONFIG_W83877F_WDT=m CONFIG_W83977F_WDT=m CONFIG_MACHZ_WDT=m CONFIG_SBC_EPX_C3_WATCHDOG=m +CONFIG_BCM7038_WDT=m CONFIG_MEN_A21_WDT=m CONFIG_XEN_WDT=m @@ -3826,13 +3869,14 @@ CONFIG_SSB_PCIHOST_POSSIBLE=y CONFIG_SSB_PCIHOST=y CONFIG_SSB_B43_PCI_BRIDGE=y CONFIG_SSB_PCMCIAHOST_POSSIBLE=y -CONFIG_SSB_PCMCIAHOST=y +# CONFIG_SSB_PCMCIAHOST is not set CONFIG_SSB_SDIOHOST_POSSIBLE=y CONFIG_SSB_SDIOHOST=y +# CONFIG_SSB_HOST_SOC is not set # CONFIG_SSB_DEBUG is not set CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y CONFIG_SSB_DRIVER_PCICORE=y -CONFIG_SSB_DRIVER_GPIO=y +# CONFIG_SSB_DRIVER_GPIO is not set CONFIG_BCMA_POSSIBLE=y # @@ -4679,6 +4723,7 @@ CONFIG_FB_EFI=y # CONFIG_FB_SM501 is not set # CONFIG_FB_SMSCUFX is not set # CONFIG_FB_UDL is not set +CONFIG_FB_IBM_GXT4500=m CONFIG_FB_VIRTUAL=m CONFIG_XEN_FBDEV_FRONTEND=y # CONFIG_FB_METRONOME is not set @@ -4739,6 +4784,7 @@ CONFIG_SND_OSSEMUL=y CONFIG_SND_MIXER_OSS=m CONFIG_SND_PCM_OSS=m CONFIG_SND_PCM_OSS_PLUGINS=y +CONFIG_SND_PCM_TIMER=y CONFIG_SND_SEQUENCER_OSS=y CONFIG_SND_HRTIMER=m CONFIG_SND_SEQ_HRTIMER_DEFAULT=y @@ -4875,6 +4921,7 @@ CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDA_CORE=m CONFIG_SND_HDA_DSP_LOADER=y CONFIG_SND_HDA_I915=y +CONFIG_SND_HDA_EXT_CORE=m CONFIG_SND_HDA_PREALLOC_SIZE=4096 CONFIG_SND_USB=y CONFIG_SND_USB_AUDIO=m @@ -4899,10 +4946,14 @@ CONFIG_SND_ISIGHT=m CONFIG_SND_SCS1X=m CONFIG_SND_FIREWORKS=m CONFIG_SND_BEBOB=m +CONFIG_SND_FIREWIRE_DIGI00X=m +CONFIG_SND_FIREWIRE_TASCAM=m # CONFIG_SND_PCMCIA is not set CONFIG_SND_SOC=m CONFIG_SND_SOC_AC97_BUS=y CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y +CONFIG_SND_SOC_COMPRESS=y +CONFIG_SND_SOC_TOPOLOGY=y # CONFIG_SND_ATMEL_SOC is not set CONFIG_SND_DESIGNWARE_I2S=m @@ -4934,6 +4985,13 @@ CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH=m +CONFIG_SND_SOC_INTEL_SKYLAKE=m +CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m + +# +# Allwinner SoC Audio support +# +CONFIG_SND_SUN4I_CODEC=m # CONFIG_SND_SOC_XTFPGA_I2S is not set CONFIG_SND_SOC_I2C_AND_SPI=m @@ -4943,6 +5001,7 @@ CONFIG_SND_SOC_I2C_AND_SPI=m CONFIG_SND_SOC_AC97_CODEC=m # CONFIG_SND_SOC_ADAU1701 is not set # CONFIG_SND_SOC_AK4554 is not set +CONFIG_SND_SOC_AK4613=m # CONFIG_SND_SOC_AK4642 is not set # CONFIG_SND_SOC_AK5386 is not set # CONFIG_SND_SOC_ALC5623 is not set @@ -4956,7 +5015,7 @@ CONFIG_SND_SOC_AC97_CODEC=m # CONFIG_SND_SOC_CS4271_I2C is not set # CONFIG_SND_SOC_CS42XX8_I2C is not set CONFIG_SND_SOC_CS4349=m -CONFIG_SND_SOC_HDMI_CODEC=m +CONFIG_SND_SOC_DMIC=m # CONFIG_SND_SOC_ES8328 is not set CONFIG_SND_SOC_GTM601=m CONFIG_SND_SOC_MAX98090=m @@ -5028,6 +5087,7 @@ CONFIG_HID_BELKIN=m CONFIG_HID_BETOP_FF=m CONFIG_HID_CHERRY=m CONFIG_HID_CHICONY=m +CONFIG_HID_CORSAIR=m CONFIG_HID_PRODIKEYS=m # CONFIG_HID_CP2112 is not set CONFIG_HID_CYPRESS=m @@ -5038,6 +5098,7 @@ CONFIG_HID_ELECOM=m CONFIG_HID_ELO=m CONFIG_HID_EZKEY=m CONFIG_HID_GEMBIRD=m +CONFIG_HID_GFRM=m CONFIG_HID_HOLTEK=m CONFIG_HOLTEK_FF=y CONFIG_HID_GT683R=m @@ -5129,7 +5190,6 @@ CONFIG_USB_DEFAULT_PERSIST=y # CONFIG_USB_DYNAMIC_MINORS is not set # CONFIG_USB_OTG is not set # CONFIG_USB_OTG_WHITELIST is not set -# CONFIG_USB_OTG_FSM is not set CONFIG_USB_ULPI_BUS=m CONFIG_USB_MON=y CONFIG_USB_WUSB=m @@ -5151,7 +5211,6 @@ CONFIG_USB_EHCI_HCD_PLATFORM=m # CONFIG_USB_OXU210HP_HCD is not set # CONFIG_USB_ISP116X_HCD is not set CONFIG_USB_ISP1362_HCD=m -CONFIG_USB_FUSBH200_HCD=m # CONFIG_USB_FOTG210_HCD is not set CONFIG_USB_OHCI_HCD=m CONFIG_USB_OHCI_HCD_PCI=m @@ -5425,7 +5484,6 @@ CONFIG_UWB_WHCI=m CONFIG_UWB_I1480U=m CONFIG_MMC=m # CONFIG_MMC_DEBUG is not set -# CONFIG_MMC_CLKGATE is not set # # MMC/SD/SDIO Card Drivers @@ -5621,6 +5679,7 @@ CONFIG_RTC_DRV_RX8581=m CONFIG_RTC_DRV_RX8025=m CONFIG_RTC_DRV_EM3027=m CONFIG_RTC_DRV_RV3029C2=m +CONFIG_RTC_DRV_RV8803=m # # SPI RTC drivers @@ -5670,14 +5729,13 @@ CONFIG_DMADEVICES=y CONFIG_DMA_ENGINE=y CONFIG_DMA_VIRTUAL_CHANNELS=y CONFIG_DMA_ACPI=y -CONFIG_IDMA64=y +CONFIG_INTEL_IDMA64=y CONFIG_INTEL_IOATDMA=m CONFIG_INTEL_MIC_X100_DMA=m CONFIG_DW_DMAC_CORE=m CONFIG_DW_DMAC=m CONFIG_DW_DMAC_PCI=m CONFIG_HSU_DMA=m -CONFIG_HSU_DMA_PCI=m # # DMA Clients @@ -5709,6 +5767,7 @@ CONFIG_VFIO_PCI=m CONFIG_VFIO_PCI_VGA=y CONFIG_VFIO_PCI_MMAP=y CONFIG_VFIO_PCI_INTX=y +CONFIG_IRQ_BYPASS_MANAGER=m CONFIG_VIRT_DRIVERS=y CONFIG_VIRTIO=m @@ -5844,7 +5903,6 @@ CONFIG_R8723AU=m # CONFIG_IIO_SIMPLE_DUMMY is not set # CONFIG_FB_SM750 is not set # CONFIG_FB_XGI is not set -# CONFIG_FT1000 is not set # # Speakup console speech @@ -5879,6 +5937,7 @@ CONFIG_LIRC_ZILOG=m # CONFIG_GS_FPGABOOT is not set # CONFIG_CRYPTO_SKEIN is not set # CONFIG_UNISYSSPAR is not set +# CONFIG_WILC1000_DRIVER is not set # CONFIG_MOST is not set CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m @@ -5922,6 +5981,7 @@ CONFIG_TOPSTAR_LAPTOP=m CONFIG_ACPI_TOSHIBA=m CONFIG_TOSHIBA_BT_RFKILL=m CONFIG_TOSHIBA_HAPS=m +CONFIG_TOSHIBA_WMI=m CONFIG_ACPI_CMPC=m CONFIG_INTEL_IPS=m # CONFIG_IBM_RTL is not set @@ -5977,6 +6037,7 @@ CONFIG_AMD_IOMMU_STATS=y CONFIG_AMD_IOMMU_V2=m CONFIG_DMAR_TABLE=y CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_IOMMU_SVM=y # CONFIG_INTEL_IOMMU_DEFAULT_ON is not set CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_IRQ_REMAP=y @@ -6013,7 +6074,7 @@ CONFIG_DEVFREQ_GOV_SIMPLE_ONDEMAND=m # CONFIG_MEMORY is not set CONFIG_IIO=m CONFIG_IIO_BUFFER=y -CONFIG_IIO_BUFFER_CB=y +CONFIG_IIO_BUFFER_CB=m CONFIG_IIO_KFIFO_BUF=m CONFIG_IIO_TRIGGERED_BUFFER=m CONFIG_IIO_TRIGGER=y @@ -6032,6 +6093,7 @@ CONFIG_KXCJK1013=m CONFIG_MMA9551_CORE=m CONFIG_MMA9551=m CONFIG_MMA9553=m +CONFIG_MXC4005=m CONFIG_STK8312=m CONFIG_STK8BA50=m @@ -6051,11 +6113,17 @@ CONFIG_DA9150_GPADC=m # Amplifiers # +# +# Chemical Sensors +# +# CONFIG_VZ89X is not set + # # Hid Sensor IIO Common # CONFIG_HID_SENSOR_IIO_COMMON=m CONFIG_HID_SENSOR_IIO_TRIGGER=m +CONFIG_IIO_MS_SENSORS_I2C=m # # SSP Sensor Common @@ -6098,6 +6166,8 @@ CONFIG_IIO_ST_GYRO_I2C_3AXIS=m # Humidity sensors # # CONFIG_DHT11 is not set +CONFIG_HDC100X=m +CONFIG_HTU21=m # CONFIG_SI7005 is not set CONFIG_SI7020=m @@ -6110,29 +6180,31 @@ CONFIG_KMX61=m # # Light sensors # -CONFIG_ACPI_ALS=m +# CONFIG_ACPI_ALS is not set # CONFIG_ADJD_S311 is not set # CONFIG_AL3320A is not set # CONFIG_APDS9300 is not set -CONFIG_BH1750=m -CONFIG_CM32181=m +# CONFIG_APDS9960 is not set +# CONFIG_BH1750 is not set +# CONFIG_CM32181 is not set # CONFIG_CM3232 is not set # CONFIG_CM3323 is not set # CONFIG_CM36651 is not set # CONFIG_GP2AP020A00F is not set # CONFIG_ISL29125 is not set -CONFIG_HID_SENSOR_ALS=m +# CONFIG_HID_SENSOR_ALS is not set # CONFIG_HID_SENSOR_PROX is not set -CONFIG_JSA1212=m -CONFIG_RPR0521=m +# CONFIG_JSA1212 is not set +# CONFIG_RPR0521 is not set # CONFIG_LTR501 is not set -CONFIG_OPT3001=m -CONFIG_PA12203001=m -CONFIG_STK3310=m +# CONFIG_OPT3001 is not set +# CONFIG_PA12203001 is not set +# CONFIG_STK3310 is not set # CONFIG_TCS3414 is not set # CONFIG_TCS3472 is not set # CONFIG_SENSORS_TSL2563 is not set # CONFIG_TSL4531 is not set +# CONFIG_US5182D is not set # CONFIG_VCNL4000 is not set # @@ -6140,18 +6212,17 @@ CONFIG_STK3310=m # # CONFIG_AK8975 is not set # CONFIG_AK09911 is not set +# CONFIG_BMC150_MAGN is not set # CONFIG_MAG3110 is not set -CONFIG_HID_SENSOR_MAGNETOMETER_3D=m -CONFIG_MMC35240=m -CONFIG_IIO_ST_MAGN_3AXIS=m -CONFIG_IIO_ST_MAGN_I2C_3AXIS=m -CONFIG_BMC150_MAGN=m +# CONFIG_HID_SENSOR_MAGNETOMETER_3D is not set +# CONFIG_MMC35240 is not set +# CONFIG_IIO_ST_MAGN_3AXIS is not set # # Inclinometer sensors # -CONFIG_HID_SENSOR_INCLINOMETER_3D=m -CONFIG_HID_SENSOR_DEVICE_ROTATION=m +# CONFIG_HID_SENSOR_INCLINOMETER_3D is not set +# CONFIG_HID_SENSOR_DEVICE_ROTATION is not set # # Triggers - standalone @@ -6159,15 +6230,20 @@ CONFIG_HID_SENSOR_DEVICE_ROTATION=m CONFIG_IIO_INTERRUPT_TRIGGER=m # CONFIG_IIO_SYSFS_TRIGGER is not set +# +# Digital potentiometers +# +# CONFIG_MCP4531 is not set + # # Pressure sensors # -CONFIG_BMP280=m +# CONFIG_BMP280 is not set # CONFIG_HID_SENSOR_PRESS is not set # CONFIG_MPL115 is not set # CONFIG_MPL3115 is not set -CONFIG_MS5611=m -CONFIG_MS5611_I2C=m +# CONFIG_MS5611 is not set +# CONFIG_MS5637 is not set # CONFIG_IIO_ST_PRESS is not set # CONFIG_T5403 is not set @@ -6178,13 +6254,16 @@ CONFIG_MS5611_I2C=m # # Proximity sensors # -CONFIG_SX9500=m +# CONFIG_LIDAR_LITE_V2 is not set +# CONFIG_SX9500 is not set # # Temperature sensors # # CONFIG_MLX90614 is not set # CONFIG_TMP006 is not set +# CONFIG_TSYS01 is not set +# CONFIG_TSYS02D is not set CONFIG_NTB=m # CONFIG_NTB_INTEL is not set # CONFIG_NTB_PINGPONG is not set @@ -6229,7 +6308,16 @@ CONFIG_ND_BLK=y CONFIG_ND_CLAIM=y CONFIG_ND_BTT=y CONFIG_BTT=y -# CONFIG_NVMEM is not set +CONFIG_NVMEM=m +CONFIG_STM=m +# CONFIG_STM_DUMMY is not set +CONFIG_STM_SOURCE_CONSOLE=y +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set # # Firmware Drivers @@ -6254,6 +6342,7 @@ CONFIG_EFI_ESRT=y CONFIG_EFI_VARS_PSTORE=y CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y CONFIG_EFI_RUNTIME_MAP=y +# CONFIG_EFI_FAKE_MEMMAP is not set CONFIG_EFI_RUNTIME_WRAPPERS=y CONFIG_UEFI_CPER=y @@ -6401,6 +6490,7 @@ CONFIG_UBIFS_FS=m # CONFIG_UBIFS_FS_ADVANCED_COMPR is not set CONFIG_UBIFS_FS_LZO=y CONFIG_UBIFS_FS_ZLIB=y +# CONFIG_UBIFS_ATIME_SUPPORT is not set # CONFIG_LOGFS is not set CONFIG_CRAMFS=m CONFIG_SQUASHFS=m @@ -6592,6 +6682,7 @@ CONFIG_UNUSED_SYMBOLS=y CONFIG_DEBUG_FS=y CONFIG_HEADERS_CHECK=y # CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y CONFIG_ARCH_WANT_FRAME_POINTERS=y CONFIG_FRAME_POINTER=y # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set @@ -6731,6 +6822,7 @@ CONFIG_FTRACE_MCOUNT_RECORD=y CONFIG_RING_BUFFER_BENCHMARK=m # CONFIG_RING_BUFFER_STARTUP_TEST is not set # CONFIG_TRACE_ENUM_MAP_FILE is not set +# CONFIG_TRACING_EVENTS_GPIO is not set # # Runtime Testing @@ -6746,7 +6838,8 @@ CONFIG_ATOMIC64_SELFTEST=y CONFIG_ASYNC_RAID6_TEST=m # CONFIG_TEST_HEXDUMP is not set # CONFIG_TEST_STRING_HELPERS is not set -CONFIG_TEST_KSTRTOX=y +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set # CONFIG_TEST_RHASHTABLE is not set CONFIG_PROVIDE_OHCI1394_DMA_INIT=y CONFIG_BUILD_DOCSRC=y @@ -6774,10 +6867,12 @@ CONFIG_STRICT_DEVMEM=y CONFIG_EARLY_PRINTK=y CONFIG_EARLY_PRINTK_DBGP=y CONFIG_EARLY_PRINTK_EFI=y +CONFIG_X86_PTDUMP_CORE=y CONFIG_X86_PTDUMP=y # CONFIG_EFI_PGT_DUMP is not set CONFIG_DEBUG_RODATA=y CONFIG_DEBUG_RODATA_TEST=y +CONFIG_DEBUG_WX=y CONFIG_DEBUG_SET_MODULE_RONX=y CONFIG_DEBUG_NX_TEST=m CONFIG_DOUBLEFAULT=y @@ -6900,6 +6995,7 @@ CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_LRW=y CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_XTS=y +CONFIG_CRYPTO_KEYWRAP=y # # Hash modes @@ -7041,6 +7137,7 @@ CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y CONFIG_KVM_VFIO=y CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y CONFIG_KVM_COMPAT=y +CONFIG_HAVE_KVM_IRQ_BYPASS=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m diff --git a/patches.backports/0001-netfilter-nf_nat_redirect-add-missing-NULL-pointer-c.patch b/patches.backports/0001-netfilter-nf_nat_redirect-add-missing-NULL-pointer-c.patch deleted file mode 100644 index 2253ff4..0000000 --- a/patches.backports/0001-netfilter-nf_nat_redirect-add-missing-NULL-pointer-c.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 94f9cd81436c85d8c3a318ba92e236ede73752fc Mon Sep 17 00:00:00 2001 -From: Munehisa Kamata -Date: Mon, 26 Oct 2015 19:10:52 -0700 -Subject: [PATCH] netfilter: nf_nat_redirect: add missing NULL pointer check -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit 8b13eddfdf04cbfa561725cfc42d6868fe896f56 ("netfilter: refactor NAT -redirect IPv4 to use it from nf_tables") has introduced a trivial logic -change which can result in the following crash. - -BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 -IP: [] nf_nat_redirect_ipv4+0x2d/0xa0 [nf_nat_redirect] -PGD 3ba662067 PUD 3ba661067 PMD 0 -Oops: 0000 [#1] SMP -Modules linked in: ipv6(E) xt_REDIRECT(E) nf_nat_redirect(E) xt_tcpudp(E) iptable_nat(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) nf_nat_ipv4(E) nf_nat(E) nf_conntrack(E) ip_tables(E) x_tables(E) binfmt_misc(E) xfs(E) libcrc32c(E) evbug(E) evdev(E) psmouse(E) i2c_piix4(E) i2c_core(E) acpi_cpufreq(E) button(E) ext4(E) crc16(E) jbd2(E) mbcache(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) -CPU: 0 PID: 2536 Comm: ip Tainted: G E 4.1.7-15.23.amzn1.x86_64 #1 -Hardware name: Xen HVM domU, BIOS 4.2.amazon 05/06/2015 -task: ffff8800eb438000 ti: ffff8803ba664000 task.ti: ffff8803ba664000 -[...] -Call Trace: - - [] redirect_tg4+0x15/0x20 [xt_REDIRECT] - [] ipt_do_table+0x2b9/0x5e1 [ip_tables] - [] iptable_nat_do_chain+0x25/0x30 [iptable_nat] - [] nf_nat_ipv4_fn+0x13d/0x1f0 [nf_nat_ipv4] - [] ? iptable_nat_ipv4_fn+0x20/0x20 [iptable_nat] - [] nf_nat_ipv4_in+0x2e/0x90 [nf_nat_ipv4] - [] iptable_nat_ipv4_in+0x15/0x20 [iptable_nat] - [] nf_iterate+0x57/0x80 - [] nf_hook_slow+0x97/0x100 - [] ip_rcv+0x314/0x400 - -unsigned int -nf_nat_redirect_ipv4(struct sk_buff *skb, -... -{ -... - rcu_read_lock(); - indev = __in_dev_get_rcu(skb->dev); - if (indev != NULL) { - ifa = indev->ifa_list; - newdst = ifa->ifa_local; <--- - } - rcu_read_unlock(); -... -} - -Before the commit, 'ifa' had been always checked before access. After the -commit, however, it could be accessed even if it's NULL. Interestingly, -this was once fixed in 2003. - -http://marc.info/?l=netfilter-devel&m=106668497403047&w=2 - -In addition to the original one, we have seen the crash when packets that -need to be redirected somehow arrive on an interface which hasn't been -yet fully configured. - -This change just reverts the logic to the old behavior to avoid the crash. - -Fixes: 8b13eddfdf04 ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") -Signed-off-by: Munehisa Kamata -Signed-off-by: Pablo Neira Ayuso ---- - net/netfilter/nf_nat_redirect.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/net/netfilter/nf_nat_redirect.c b/net/netfilter/nf_nat_redirect.c -index 97b75f9..d438698 100644 ---- a/net/netfilter/nf_nat_redirect.c -+++ b/net/netfilter/nf_nat_redirect.c -@@ -55,7 +55,7 @@ nf_nat_redirect_ipv4(struct sk_buff *skb, - - rcu_read_lock(); - indev = __in_dev_get_rcu(skb->dev); -- if (indev != NULL) { -+ if (indev && indev->ifa_list) { - ifa = indev->ifa_list; - newdst = ifa->ifa_local; - } --- -2.1.0 - diff --git a/patches.rpmify/makefile-after_link.patch b/patches.rpmify/makefile-after_link.patch index 13a30b1..bfe55a6 100644 --- a/patches.rpmify/makefile-after_link.patch +++ b/patches.rpmify/makefile-after_link.patch @@ -101,7 +101,7 @@ index cd9c6c6..3edf048 100644 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -65,6 +65,10 @@ vmlinux_link() - -lutil ${1} + -lutil -lrt -lpthread ${1} rm -f linux fi + if [ -n "${AFTER_LINK}" ]; then diff --git a/patches.xen/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch b/patches.xen/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch deleted file mode 100644 index 5496a09..0000000 --- a/patches.xen/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 4e2bc423e0cef0a42f93d989c0980301df1bd462 Mon Sep 17 00:00:00 2001 -From: David Vrabel -Date: Fri, 30 Oct 2015 14:58:08 +0000 -Subject: [PATCH 1/7] xen: Add RING_COPY_REQUEST() - -Using RING_GET_REQUEST() on a shared ring is easy to use incorrectly -(i.e., by not considering that the other end may alter the data in the -shared ring while it is being inspected). Safe usage of a request -generally requires taking a local copy. - -Provide a RING_COPY_REQUEST() macro to use instead of -RING_GET_REQUEST() and an open-coded memcpy(). This takes care of -ensuring that the copy is done correctly regardless of any possible -compiler optimizations. - -Use a volatile source to prevent the compiler from reordering or -omitting the copy. - -This is part of XSA155. - -CC: stable@vger.kernel.org -Signed-off-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ---- -v2: Update about GCC and bitfields. ---- - include/xen/interface/io/ring.h | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/include/xen/interface/io/ring.h b/include/xen/interface/io/ring.h -index 7d28aff..7dc685b 100644 ---- a/include/xen/interface/io/ring.h -+++ b/include/xen/interface/io/ring.h -@@ -181,6 +181,20 @@ struct __name##_back_ring { \ - #define RING_GET_REQUEST(_r, _idx) \ - (&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].req)) - -+/* -+ * Get a local copy of a request. -+ * -+ * Use this in preference to RING_GET_REQUEST() so all processing is -+ * done on a local copy that cannot be modified by the other end. -+ * -+ * Note that https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58145 may cause this -+ * to be ineffective where _req is a struct which consists of only bitfields. -+ */ -+#define RING_COPY_REQUEST(_r, _idx, _req) do { \ -+ /* Use volatile to force the copy into _req. */ \ -+ *(_req) = *(volatile typeof(_req))RING_GET_REQUEST(_r, _idx); \ -+} while (0) -+ - #define RING_GET_RESPONSE(_r, _idx) \ - (&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].rsp)) - --- -2.1.0 - diff --git a/patches.xen/xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch b/patches.xen/xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch deleted file mode 100644 index d60f4d0..0000000 --- a/patches.xen/xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 100ac372a0e07ccc8c508c3884fa9020cfe08094 Mon Sep 17 00:00:00 2001 -From: David Vrabel -Date: Fri, 30 Oct 2015 15:16:01 +0000 -Subject: [PATCH 2/7] xen-netback: don't use last request to determine minimum - Tx credit - -The last from guest transmitted request gives no indication about the -minimum amount of credit that the guest might need to send a packet -since the last packet might have been a small one. - -Instead allow for the worst case 128 KiB packet. - -This is part of XSA155. - -CC: stable@vger.kernel.org -Reviewed-by: Wei Liu -Signed-off-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ---- - drivers/net/xen-netback/netback.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c -index e481f37..b683581 100644 ---- a/drivers/net/xen-netback/netback.c -+++ b/drivers/net/xen-netback/netback.c -@@ -679,9 +679,7 @@ static void tx_add_credit(struct xenvif_queue *queue) - * Allow a burst big enough to transmit a jumbo packet of up to 128kB. - * Otherwise the interface can seize up due to insufficient credit. - */ -- max_burst = RING_GET_REQUEST(&queue->tx, queue->tx.req_cons)->size; -- max_burst = min(max_burst, 131072UL); -- max_burst = max(max_burst, queue->credit_bytes); -+ max_burst = max(131072UL, queue->credit_bytes); - - /* Take care that adding a new chunk of credit doesn't wrap to zero. */ - max_credit = queue->remaining_credit + queue->credit_bytes; --- -2.1.0 - diff --git a/patches.xen/xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch b/patches.xen/xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch deleted file mode 100644 index a6bb037..0000000 --- a/patches.xen/xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 4127e9ccae0eda622421d21132846abdf74f66ed Mon Sep 17 00:00:00 2001 -From: David Vrabel -Date: Fri, 30 Oct 2015 15:17:06 +0000 -Subject: [PATCH 3/7] xen-netback: use RING_COPY_REQUEST() throughout - -Instead of open-coding memcpy()s and directly accessing Tx and Rx -requests, use the new RING_COPY_REQUEST() that ensures the local copy -is correct. - -This is more than is strictly necessary for guest Rx requests since -only the id and gref fields are used and it is harmless if the -frontend modifies these. - -This is part of XSA155. - -CC: stable@vger.kernel.org -Reviewed-by: Wei Liu -Signed-off-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ---- - drivers/net/xen-netback/netback.c | 30 ++++++++++++++---------------- - 1 file changed, 14 insertions(+), 16 deletions(-) - -diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c -index b683581..1049c34 100644 ---- a/drivers/net/xen-netback/netback.c -+++ b/drivers/net/xen-netback/netback.c -@@ -258,18 +258,18 @@ static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif_queue *queue, - struct netrx_pending_operations *npo) - { - struct xenvif_rx_meta *meta; -- struct xen_netif_rx_request *req; -+ struct xen_netif_rx_request req; - -- req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); -+ RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req); - - meta = npo->meta + npo->meta_prod++; - meta->gso_type = XEN_NETIF_GSO_TYPE_NONE; - meta->gso_size = 0; - meta->size = 0; -- meta->id = req->id; -+ meta->id = req.id; - - npo->copy_off = 0; -- npo->copy_gref = req->gref; -+ npo->copy_gref = req.gref; - - return meta; - } -@@ -424,7 +424,7 @@ static int xenvif_gop_skb(struct sk_buff *skb, - struct xenvif *vif = netdev_priv(skb->dev); - int nr_frags = skb_shinfo(skb)->nr_frags; - int i; -- struct xen_netif_rx_request *req; -+ struct xen_netif_rx_request req; - struct xenvif_rx_meta *meta; - unsigned char *data; - int head = 1; -@@ -443,15 +443,15 @@ static int xenvif_gop_skb(struct sk_buff *skb, - - /* Set up a GSO prefix descriptor, if necessary */ - if ((1 << gso_type) & vif->gso_prefix_mask) { -- req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); -+ RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req); - meta = npo->meta + npo->meta_prod++; - meta->gso_type = gso_type; - meta->gso_size = skb_shinfo(skb)->gso_size; - meta->size = 0; -- meta->id = req->id; -+ meta->id = req.id; - } - -- req = RING_GET_REQUEST(&queue->rx, queue->rx.req_cons++); -+ RING_COPY_REQUEST(&queue->rx, queue->rx.req_cons++, &req); - meta = npo->meta + npo->meta_prod++; - - if ((1 << gso_type) & vif->gso_mask) { -@@ -463,9 +463,9 @@ static int xenvif_gop_skb(struct sk_buff *skb, - } - - meta->size = 0; -- meta->id = req->id; -+ meta->id = req.id; - npo->copy_off = 0; -- npo->copy_gref = req->gref; -+ npo->copy_gref = req.gref; - - data = skb->data; - while (data < skb_tail_pointer(skb)) { -@@ -709,7 +709,7 @@ static void xenvif_tx_err(struct xenvif_queue *queue, - spin_unlock_irqrestore(&queue->response_lock, flags); - if (cons == end) - break; -- txp = RING_GET_REQUEST(&queue->tx, cons++); -+ RING_COPY_REQUEST(&queue->tx, cons++, txp); - } while (1); - queue->tx.req_cons = cons; - } -@@ -776,8 +776,7 @@ static int xenvif_count_requests(struct xenvif_queue *queue, - if (drop_err) - txp = &dropped_tx; - -- memcpy(txp, RING_GET_REQUEST(&queue->tx, cons + slots), -- sizeof(*txp)); -+ RING_COPY_REQUEST(&queue->tx, cons + slots, txp); - - /* If the guest submitted a frame >= 64 KiB then - * first->size overflowed and following slots will -@@ -1110,8 +1109,7 @@ static int xenvif_get_extras(struct xenvif_queue *queue, - return -EBADR; - } - -- memcpy(&extra, RING_GET_REQUEST(&queue->tx, cons), -- sizeof(extra)); -+ RING_COPY_REQUEST(&queue->tx, cons, &extra); - if (unlikely(!extra.type || - extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { - queue->tx.req_cons = ++cons; -@@ -1320,7 +1318,7 @@ static void xenvif_tx_build_gops(struct xenvif_queue *queue, - - idx = queue->tx.req_cons; - rmb(); /* Ensure that we see the request before we copy it. */ -- memcpy(&txreq, RING_GET_REQUEST(&queue->tx, idx), sizeof(txreq)); -+ RING_COPY_REQUEST(&queue->tx, idx, &txreq); - - /* Credit-based scheduling. */ - if (txreq.size > queue->remaining_credit && --- -2.1.0 - diff --git a/patches.xen/xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch b/patches.xen/xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch deleted file mode 100644 index e0e9577..0000000 --- a/patches.xen/xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 084b8c2e77f1ac07e4a3a121ff957c49a9379385 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Tue, 3 Nov 2015 16:34:09 +0000 -Subject: [PATCH 4/7] xen-blkback: only read request operation from shared ring - once -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -A compiler may load a switch statement value multiple times, which could -be bad when the value is in memory shared with the frontend. - -When converting a non-native request to a native one, ensure that -src->operation is only loaded once by using READ_ONCE(). - -This is part of XSA155. - -CC: stable@vger.kernel.org -Signed-off-by: Roger Pau Monné -Signed-off-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ---- - drivers/block/xen-blkback/common.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h -index 68e87a0..c929ae2 100644 ---- a/drivers/block/xen-blkback/common.h -+++ b/drivers/block/xen-blkback/common.h -@@ -408,8 +408,8 @@ static inline void blkif_get_x86_32_req(struct blkif_request *dst, - struct blkif_x86_32_request *src) - { - int i, n = BLKIF_MAX_SEGMENTS_PER_REQUEST, j; -- dst->operation = src->operation; -- switch (src->operation) { -+ dst->operation = READ_ONCE(src->operation); -+ switch (dst->operation) { - case BLKIF_OP_READ: - case BLKIF_OP_WRITE: - case BLKIF_OP_WRITE_BARRIER: -@@ -456,8 +456,8 @@ static inline void blkif_get_x86_64_req(struct blkif_request *dst, - struct blkif_x86_64_request *src) - { - int i, n = BLKIF_MAX_SEGMENTS_PER_REQUEST, j; -- dst->operation = src->operation; -- switch (src->operation) { -+ dst->operation = READ_ONCE(src->operation); -+ switch (dst->operation) { - case BLKIF_OP_READ: - case BLKIF_OP_WRITE: - case BLKIF_OP_WRITE_BARRIER: --- -2.1.0 - diff --git a/patches.xen/xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch b/patches.xen/xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch deleted file mode 100644 index 28c6d58..0000000 --- a/patches.xen/xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 89739c14c72e5c1626a5cd5e09cbb2efeaadb6d8 Mon Sep 17 00:00:00 2001 -From: David Vrabel -Date: Mon, 16 Nov 2015 18:02:32 +0000 -Subject: [PATCH 6/7] xen-scsiback: safely copy requests - -The copy of the ring request was lacking a following barrier(), -potentially allowing the compiler to optimize the copy away. - -Use RING_COPY_REQUEST() to ensure the request is copied to local -memory. - -This is part of XSA155. - -CC: stable@vger.kernel.org -Reviewed-by: Juergen Gross -Signed-off-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ---- - drivers/xen/xen-scsiback.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c -index 43bcae8..ad4eb10 100644 ---- a/drivers/xen/xen-scsiback.c -+++ b/drivers/xen/xen-scsiback.c -@@ -726,7 +726,7 @@ static int scsiback_do_cmd_fn(struct vscsibk_info *info) - if (!pending_req) - return 1; - -- ring_req = *RING_GET_REQUEST(ring, rc); -+ RING_COPY_REQUEST(ring, rc, &ring_req); - ring->req_cons = ++rc; - - err = prepare_pending_reqs(info, &ring_req, pending_req); --- -2.1.0 - diff --git a/patches.xen/xsa155-linux319-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch b/patches.xen/xsa155-linux319-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch deleted file mode 100644 index 14c85df..0000000 --- a/patches.xen/xsa155-linux319-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 74aaa42e1f25309a163acd00083ecbbc186fbb47 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= - -Date: Wed, 16 Dec 2015 06:07:14 +0100 -Subject: [PATCH 13/13] xen-blkfront: prepare request locally, only then put it - on the shared ring -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Organization: Invisible Things Lab -Cc: Marek Marczykowski-Górecki - -Do not reuse data which theoretically might be already modified by the -backend. This is mostly about private copy of the request -(info->shadow[id].req) - make sure the request saved there is really the -one just filled. - -This is part of XSA155. - -CC: stable@vger.kernel.org -Signed-off-by: Marek Marczykowski-Górecki ---- - drivers/block/xen-blkfront.c | 56 ++++++++++++++++++++++++-------------------- - 1 file changed, 30 insertions(+), 26 deletions(-) - -diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c -index 5d7eb04..514cf18 100644 ---- a/drivers/block/xen-blkfront.c -+++ b/drivers/block/xen-blkfront.c -@@ -389,7 +389,7 @@ static int blkif_ioctl(struct block_devi - static int blkif_queue_request(struct request *req) - { - struct blkfront_info *info = req->rq_disk->private_data; -- struct blkif_request *ring_req; -+ struct blkif_request ring_req; - unsigned long id; - unsigned int fsect, lsect; - int i, ref, n; -@@ -435,7 +435,7 @@ - new_persistent_gnts = 0; - - /* Fill out a communications ring structure. */ -- ring_req = RING_GET_REQUEST(&info->ring, info->ring.req_prod_pvt); -+ RING_COPY_REQUEST(&info->ring, info->ring.req_prod_pvt, &ring_req); - id = get_id_from_freelist(info); - info->shadow[id].request = req; - -@@ -435,37 +435,37 @@ static int blkif_queue_request(struct re - info->shadow[id].request = req; - - if (unlikely(req->cmd_flags & (REQ_DISCARD | REQ_SECURE))) { -- ring_req->operation = BLKIF_OP_DISCARD; -- ring_req->u.discard.nr_sectors = blk_rq_sectors(req); -- ring_req->u.discard.id = id; -- ring_req->u.discard.sector_number = (blkif_sector_t)blk_rq_pos(req); -+ ring_req.operation = BLKIF_OP_DISCARD; -+ ring_req.u.discard.nr_sectors = blk_rq_sectors(req); -+ ring_req.u.discard.id = id; -+ ring_req.u.discard.sector_number = (blkif_sector_t)blk_rq_pos(req); - if ((req->cmd_flags & REQ_SECURE) && info->feature_secdiscard) -- ring_req->u.discard.flag = BLKIF_DISCARD_SECURE; -+ ring_req.u.discard.flag = BLKIF_DISCARD_SECURE; - else -- ring_req->u.discard.flag = 0; -+ ring_req.u.discard.flag = 0; - } else { - BUG_ON(info->max_indirect_segments == 0 && - req->nr_phys_segments > BLKIF_MAX_SEGMENTS_PER_REQUEST); - BUG_ON(info->max_indirect_segments && - req->nr_phys_segments > info->max_indirect_segments); - nseg = blk_rq_map_sg(req->q, req, info->shadow[id].sg); -- ring_req->u.rw.id = id; -+ ring_req.u.rw.id = id; - if (nseg > BLKIF_MAX_SEGMENTS_PER_REQUEST) { - /* - * The indirect operation can only be a BLKIF_OP_READ or - * BLKIF_OP_WRITE - */ - BUG_ON(req->cmd_flags & (REQ_FLUSH | REQ_FUA)); -- ring_req->operation = BLKIF_OP_INDIRECT; -- ring_req->u.indirect.indirect_op = rq_data_dir(req) ? -+ ring_req.operation = BLKIF_OP_INDIRECT; -+ ring_req.u.indirect.indirect_op = rq_data_dir(req) ? - BLKIF_OP_WRITE : BLKIF_OP_READ; -- ring_req->u.indirect.sector_number = (blkif_sector_t)blk_rq_pos(req); -- ring_req->u.indirect.handle = info->handle; -- ring_req->u.indirect.nr_segments = nseg; -+ ring_req.u.indirect.sector_number = (blkif_sector_t)blk_rq_pos(req); -+ ring_req.u.indirect.handle = info->handle; -+ ring_req.u.indirect.nr_segments = nseg; - } else { -- ring_req->u.rw.sector_number = (blkif_sector_t)blk_rq_pos(req); -- ring_req->u.rw.handle = info->handle; -- ring_req->operation = rq_data_dir(req) ? -+ ring_req.u.rw.sector_number = (blkif_sector_t)blk_rq_pos(req); -+ ring_req.u.rw.handle = info->handle; -+ ring_req.operation = rq_data_dir(req) ? - BLKIF_OP_WRITE : BLKIF_OP_READ; - if (req->cmd_flags & (REQ_FLUSH | REQ_FUA)) { - /* -@@ -481,24 +481,24 @@ static int blkif_queue_request(struct re - switch (info->feature_flush & - ((REQ_FLUSH|REQ_FUA))) { - case REQ_FLUSH|REQ_FUA: -- ring_req->operation = -+ ring_req.operation = - BLKIF_OP_WRITE_BARRIER; - break; - case REQ_FLUSH: -- ring_req->operation = -+ ring_req.operation = - BLKIF_OP_FLUSH_DISKCACHE; - break; - default: -- ring_req->operation = 0; -+ ring_req.operation = 0; - } - } -- ring_req->u.rw.nr_segments = nseg; -+ ring_req.u.rw.nr_segments = nseg; - } - for_each_sg(info->shadow[id].sg, sg, nseg, i) { - fsect = sg->offset >> 9; - lsect = fsect + (sg->length >> 9) - 1; - -- if ((ring_req->operation == BLKIF_OP_INDIRECT) && -+ if ((ring_req.operation == BLKIF_OP_INDIRECT) && - (i % SEGS_PER_INDIRECT_FRAME == 0)) { - unsigned long uninitialized_var(pfn); - -@@ -504,7 +504,7 @@ static int blkif_queue_request(struct re - gnt_list_entry = get_grant(&gref_head, pfn, info); - info->shadow[id].indirect_grants[n] = gnt_list_entry; - segments = kmap_atomic(pfn_to_page(gnt_list_entry->pfn)); -- ring_req->u.indirect.indirect_grefs[n] = gnt_list_entry->gref; -+ ring_req.u.indirect.indirect_grefs[n] = gnt_list_entry->gref; - } - - gnt_list_entry = get_grant(&gref_head, page_to_pfn(sg_page(sg)), info); -@@ -537,8 +537,8 @@ static int blkif_queue_request(struct re - kunmap_atomic(bvec_data); - kunmap_atomic(shared_data); - } -- if (ring_req->operation != BLKIF_OP_INDIRECT) { -- ring_req->u.rw.seg[i] = -+ if (ring_req.operation != BLKIF_OP_INDIRECT) { -+ ring_req.u.rw.seg[i] = - (struct blkif_request_segment) { - .gref = ref, - .first_sect = fsect, -@@ -556,10 +556,13 @@ static int blkif_queue_request(struct re - kunmap_atomic(segments); - } - -+ /* make the request available to the backend */ -+ *RING_GET_REQUEST(&info->ring, info->ring.req_prod_pvt) = ring_req; -+ wmb(); - info->ring.req_prod_pvt++; - - /* Keep a private copy so we can reissue requests when recovering. */ -- info->shadow[id].req = *ring_req; -+ info->shadow[id].req = ring_req; - - if (new_persistent_gnts) - gnttab_free_grant_references(gref_head); diff --git a/patches.xen/xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch b/patches.xen/xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch deleted file mode 100644 index 6598e40..0000000 --- a/patches.xen/xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch +++ /dev/null @@ -1,65 +0,0 @@ -From d52f00960c1070c683809faddd35a2223e2b8a6e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= -Date: Tue, 3 Nov 2015 16:40:43 +0000 -Subject: [PATCH 6/7] xen-blkback: read from indirect descriptors only once -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since indirect descriptors are in memory shared with the frontend, the -frontend could alter the first_sect and last_sect values after they have -been validated but before they are recorded in the request. This may -result in I/O requests that overflow the foreign page, possibly -overwriting local pages when the I/O request is executed. - -When parsing indirect descriptors, only read first_sect and last_sect -once. - -This is part of XSA155. - -CC: stable@vger.kernel.org -Signed-off-by: Roger Pau Monné -Signed-off-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ----- -v2: This is against v4.3 ---- - drivers/block/xen-blkback/blkback.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c -index 6a685ae..f2e7a38 100644 ---- a/drivers/block/xen-blkback/blkback.c -+++ b/drivers/block/xen-blkback/blkback.c -@@ -950,6 +950,8 @@ static int xen_blkbk_parse_indirect(struct blkif_request *req, - goto unmap; - - for (n = 0, i = 0; n < nseg; n++) { -+ uint8_t first_sect, last_sect; -+ - if ((n % SEGS_PER_INDIRECT_FRAME) == 0) { - /* Map indirect segments */ - if (segments) -@@ -958,14 +960,14 @@ static int xen_blkbk_parse_indirect(struct blkif_request *req, - } - i = n % SEGS_PER_INDIRECT_FRAME; - pending_req->segments[n]->gref = segments[i].gref; -- seg[n].nsec = segments[i].last_sect - -- segments[i].first_sect + 1; -- seg[n].offset = (segments[i].first_sect << 9); -- if ((segments[i].last_sect >= (PAGE_SIZE >> 9)) || -- (segments[i].last_sect < segments[i].first_sect)) { -+ first_sect = READ_ONCE(segments[i].first_sect); -+ last_sect = READ_ONCE(segments[i].last_sect); -+ if (last_sect >= (PAGE_SIZE >> 9) || last_sect < first_sect) { - rc = -EINVAL; - goto unmap; - } -+ seg[n].nsec = last_sect - first_sect + 1; -+ seg[n].offset = first_sect << 9; - preq->nr_sects += seg[n].nsec; - } - --- -2.1.0 - diff --git a/patches.xen/xsa155-linux318-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch b/patches.xen/xsa155-linux44-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch similarity index 98% rename from patches.xen/xsa155-linux318-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch rename to patches.xen/xsa155-linux44-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch index cc69443..9da2107 100644 --- a/patches.xen/xsa155-linux318-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch +++ b/patches.xen/xsa155-linux44-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch @@ -107,9 +107,9 @@ index d6abf19..2af5100 100644 for (;;) { - if (unlikely(rx->status < 0 || -- rx->offset + rx->status > PAGE_SIZE)) { +- rx->offset + rx->status > XEN_PAGE_SIZE)) { + if (unlikely(rx.status < 0 || -+ rx.offset + rx.status > PAGE_SIZE)) { ++ rx.offset + rx.status > XEN_PAGE_SIZE)) { if (net_ratelimit()) dev_warn(dev, "rx->offset: %u, size: %d\n", - rx->offset, rx->status); diff --git a/patches.xen/xsa155-linux41-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch b/patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch similarity index 65% rename from patches.xen/xsa155-linux41-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch rename to patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch index 6c34c12..19a6480 100644 --- a/patches.xen/xsa155-linux41-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch +++ b/patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch @@ -26,28 +26,15 @@ diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index 2af5100..959e479 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c -@@ -452,17 +452,19 @@ static struct xen_netif_tx_request *xenn - struct sk_buff *skb, struct page *page, - unsigned int offset, unsigned int len) - { -+ unsigned int this_len; - /* Skip unused frames from start of page */ - page += offset >> PAGE_SHIFT; - offset &= ~PAGE_MASK; +@@ -453,7 +453,7 @@ static void xennet_tx_setup_grant(unsign + tx->flags = 0; - while (len) { - tx->flags |= XEN_NETTXF_more_data; -+ this_len = min_t(unsigned int, PAGE_SIZE - offset, len); - tx = xennet_make_one_txreq(queue, skb_get(skb), -- page, offset, len); -+ page, offset, this_len); - page++; - offset = 0; -- len -= tx->size; -+ len -= this_len; - } + info->tx = tx; +- info->size += tx->size; ++ info->size += len; + } - return tx; + static struct xen_netif_tx_request *xennet_make_first_txreq( @@ -522,7 +524,7 @@ static int xennet_start_xmit(struct sk_b int slots; struct page *page; @@ -57,15 +44,19 @@ index 2af5100..959e479 100644 unsigned long flags; struct netfront_queue *queue = NULL; unsigned int num_queues = dev->real_num_tx_queues; -@@ -567,11 +569,12 @@ static int xennet_start_xmit(struct sk_b +@@ -614,14 +614,15 @@ static int xennet_start_xmit(struct sk_b } /* First request for the linear area. */ -+ this_len = min_t(unsigned int, PAGE_SIZE - offset, len); - first_tx = tx = xennet_make_one_txreq(queue, skb, - page, offset, len); - page++; - offset = 0; ++ this_len = min_t(unsigned int, XEN_PAGE_SIZE - offset, len); + first_tx = tx = xennet_make_first_txreq(queue, skb, + page, offset, len); +- offset += tx->size; ++ offset += this_len; + if (offset == PAGE_SIZE) { + page++; + offset = 0; + } - len -= tx->size; + len -= this_len; diff --git a/patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch b/patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch new file mode 100644 index 0000000..a8403f6 --- /dev/null +++ b/patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch @@ -0,0 +1,161 @@ +From 74aaa42e1f25309a163acd00083ecbbc186fbb47 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Wed, 16 Dec 2015 06:07:14 +0100 +Subject: [PATCH 13/13] xen-blkfront: prepare request locally, only then put it + on the shared ring +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +Do not reuse data which theoretically might be already modified by the +backend. This is mostly about private copy of the request +(info->shadow[id].req) - make sure the request saved there is really the +one just filled. + +This is part of XSA155. + +CC: stable@vger.kernel.org +Signed-off-by: Marek Marczykowski-Górecki +--- + drivers/block/xen-blkfront.c | 56 ++++++++++++++++++++++++-------------------- + 1 file changed, 30 insertions(+), 26 deletions(-) + +diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c +index 5d7eb04..514cf18 100644 +--- a/drivers/block/xen-blkfront.c ++++ b/drivers/block/xen-blkfront.c +@@ -463,27 +463,29 @@ static int blkif_ioctl(struct block_devi + static int blkif_queue_discard_req(struct request *req) + { + struct blkfront_info *info = req->rq_disk->private_data; +- struct blkif_request *ring_req; ++ struct blkif_request ring_req = { }; + unsigned long id; + + /* Fill out a communications ring structure. */ +- ring_req = RING_GET_REQUEST(&info->ring, info->ring.req_prod_pvt); + id = get_id_from_freelist(info); + info->shadow[id].request = req; + +- ring_req->operation = BLKIF_OP_DISCARD; +- ring_req->u.discard.nr_sectors = blk_rq_sectors(req); +- ring_req->u.discard.id = id; +- ring_req->u.discard.sector_number = (blkif_sector_t)blk_rq_pos(req); ++ ring_req.operation = BLKIF_OP_DISCARD; ++ ring_req.u.discard.nr_sectors = blk_rq_sectors(req); ++ ring_req.u.discard.id = id; ++ ring_req.u.discard.sector_number = (blkif_sector_t)blk_rq_pos(req); + if ((req->cmd_flags & REQ_SECURE) && info->feature_secdiscard) +- ring_req->u.discard.flag = BLKIF_DISCARD_SECURE; ++ ring_req.u.discard.flag = BLKIF_DISCARD_SECURE; + else +- ring_req->u.discard.flag = 0; ++ ring_req.u.discard.flag = 0; + ++ /* make the request available to the backend */ ++ *RING_GET_REQUEST(&info->ring, info->ring.req_prod_pvt) = ring_req; ++ wmb(); + info->ring.req_prod_pvt++; + + /* Keep a private copy so we can reissue requests when recovering. */ +- info->shadow[id].req = *ring_req; ++ info->shadow[id].req = ring_req; + + return 0; + } +@@ -573,7 +575,7 @@ static void blkif_setup_rw_req_grant(uns + static int blkif_queue_rw_req(struct request *req) + { + struct blkfront_info *info = req->rq_disk->private_data; +- struct blkif_request *ring_req; ++ struct blkif_request ring_req = { }; + unsigned long id; + int i; + struct setup_rw_req setup = { +@@ -435,7 +435,6 @@ + new_persistent_gnts = 0; + + /* Fill out a communications ring structure. */ +- ring_req = RING_GET_REQUEST(&info->ring, info->ring.req_prod_pvt); + id = get_id_from_freelist(info); + info->shadow[id].request = req; + +@@ -632,7 +633,7 @@ static int blkif_queue_rw_req(struct req + for_each_sg(info->shadow[id].sg, sg, num_sg, i) + num_grant += gnttab_count_grant(sg->offset, sg->length); + +- ring_req->u.rw.id = id; ++ ring_req.u.rw.id = id; + info->shadow[id].num_sg = num_sg; + if (num_grant > BLKIF_MAX_SEGMENTS_PER_REQUEST) { + /* +@@ -640,16 +641,16 @@ static int blkif_queue_rw_req(struct req + * BLKIF_OP_WRITE + */ + BUG_ON(req->cmd_flags & (REQ_FLUSH | REQ_FUA)); +- ring_req->operation = BLKIF_OP_INDIRECT; +- ring_req->u.indirect.indirect_op = rq_data_dir(req) ? ++ ring_req.operation = BLKIF_OP_INDIRECT; ++ ring_req.u.indirect.indirect_op = rq_data_dir(req) ? + BLKIF_OP_WRITE : BLKIF_OP_READ; +- ring_req->u.indirect.sector_number = (blkif_sector_t)blk_rq_pos(req); +- ring_req->u.indirect.handle = info->handle; +- ring_req->u.indirect.nr_segments = num_grant; ++ ring_req.u.indirect.sector_number = (blkif_sector_t)blk_rq_pos(req); ++ ring_req.u.indirect.handle = info->handle; ++ ring_req.u.indirect.nr_segments = num_grant; + } else { +- ring_req->u.rw.sector_number = (blkif_sector_t)blk_rq_pos(req); +- ring_req->u.rw.handle = info->handle; +- ring_req->operation = rq_data_dir(req) ? ++ ring_req.u.rw.sector_number = (blkif_sector_t)blk_rq_pos(req); ++ ring_req.u.rw.handle = info->handle; ++ ring_req.operation = rq_data_dir(req) ? + BLKIF_OP_WRITE : BLKIF_OP_READ; + if (req->cmd_flags & (REQ_FLUSH | REQ_FUA)) { + /* +@@ -662,21 +663,21 @@ static int blkif_queue_rw_req(struct req + switch (info->feature_flush & + ((REQ_FLUSH|REQ_FUA))) { + case REQ_FLUSH|REQ_FUA: +- ring_req->operation = ++ ring_req.operation = + BLKIF_OP_WRITE_BARRIER; + break; + case REQ_FLUSH: +- ring_req->operation = ++ ring_req.operation = + BLKIF_OP_FLUSH_DISKCACHE; + break; + default: +- ring_req->operation = 0; ++ ring_req.operation = 0; + } + } +- ring_req->u.rw.nr_segments = num_grant; ++ ring_req.u.rw.nr_segments = num_grant; + } + +- setup.ring_req = ring_req; ++ setup.ring_req = &ring_req; + setup.id = id; + for_each_sg(info->shadow[id].sg, sg, num_sg, i) { + BUG_ON(sg->offset + sg->length > PAGE_SIZE); +@@ -698,10 +699,13 @@ static int blkif_queue_rw_req(struct req + if (setup.segments) + kunmap_atomic(setup.segments); + ++ /* make the request available to the backend */ ++ *RING_GET_REQUEST(&info->ring, info->ring.req_prod_pvt) = ring_req; ++ wmb(); + info->ring.req_prod_pvt++; + + /* Keep a private copy so we can reissue requests when recovering. */ +- info->shadow[id].req = *ring_req; ++ info->shadow[id].req = ring_req; + + if (new_persistent_gnts) + gnttab_free_grant_references(setup.gref_head); diff --git a/patches.xen/xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch b/patches.xen/xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch deleted file mode 100644 index 03802fe..0000000 --- a/patches.xen/xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch +++ /dev/null @@ -1,61 +0,0 @@ -From e3de4a44cfe196e162ddeffd6379e5c4e75ff1d7 Mon Sep 17 00:00:00 2001 -From: Konrad Rzeszutek Wilk -Date: Fri, 3 Apr 2015 11:08:22 -0400 -Subject: [PATCH v2 XSA157 1/5] xen/pciback: Return error on - XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled - -The guest sequence of: - - a) XEN_PCI_OP_enable_msi - b) XEN_PCI_OP_enable_msi - c) XEN_PCI_OP_disable_msi - -results in hitting an BUG_ON condition in the msi.c code. - -The MSI code uses an dev->msi_list to which it adds MSI entries. -Under the above conditions an BUG_ON() can be hit. The device -passed in the guest MUST have MSI capability. - -The a) adds the entry to the dev->msi_list and sets msi_enabled. -The b) adds a second entry but adding in to SysFS fails (duplicate entry) -and deletes all of the entries from msi_list and returns (with msi_enabled -is still set). c) pci_disable_msi passes the msi_enabled checks and hits: - -BUG_ON(list_empty(dev_to_msi_list(&dev->dev))); - -and blows up. - -The patch adds a simple check in the XEN_PCI_OP_enable_msi to guard -against that. The check for msix_enabled is not stricly neccessary. - -This is part of XSA-157. - -CC: stable@vger.kernel.org -Reviewed-by: David Vrabel -Reviewed-by: Jan Beulich -Signed-off-by: Konrad Rzeszutek Wilk ---- - drivers/xen/xen-pciback/pciback_ops.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c -index c4a0666..5ce573a 100644 ---- a/drivers/xen/xen-pciback/pciback_ops.c -+++ b/drivers/xen/xen-pciback/pciback_ops.c -@@ -144,7 +144,12 @@ int xen_pcibk_enable_msi(struct xen_pcibk_device *pdev, - if (unlikely(verbose_request)) - printk(KERN_DEBUG DRV_NAME ": %s: enable MSI\n", pci_name(dev)); - -- status = pci_enable_msi(dev); -+ if (dev->msi_enabled) -+ status = -EALREADY; -+ else if (dev->msix_enabled) -+ status = -ENXIO; -+ else -+ status = pci_enable_msi(dev); - - if (status) { - pr_warn_ratelimited("%s: error enabling MSI for guest %u: err %d\n", --- -2.1.0 - diff --git a/patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch b/patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch deleted file mode 100644 index c91f903..0000000 --- a/patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch +++ /dev/null @@ -1,81 +0,0 @@ -From aa48314c60da1035a8e6cc05bec12838a074de98 Mon Sep 17 00:00:00 2001 -From: Konrad Rzeszutek Wilk -Date: Mon, 2 Nov 2015 17:24:08 -0500 -Subject: [PATCH v2 XSA157 3/5] xen/pciback: Do not install an IRQ handler for - MSI interrupts. - -Otherwise an guest can subvert the generic MSI code to trigger -an BUG_ON condition during MSI interrupt freeing: - - for (i = 0; i < entry->nvec_used; i++) - BUG_ON(irq_has_action(entry->irq + i)); - -Xen PCI backed installs an IRQ handler (request_irq) for -the dev->irq whenever the guest writes PCI_COMMAND_MEMORY -(or PCI_COMMAND_IO) to the PCI_COMMAND register. This is -done in case the device has legacy interrupts the GSI line -is shared by the backend devices. - -To subvert the backend the guest needs to make the backend -to change the dev->irq from the GSI to the MSI interrupt line, -make the backend allocate an interrupt handler, and then command -the backend to free the MSI interrupt and hit the BUG_ON. - -Since the backend only calls 'request_irq' when the guest -writes to the PCI_COMMAND register the guest needs to call -XEN_PCI_OP_enable_msi before any other operation. This will -cause the generic MSI code to setup an MSI entry and -populate dev->irq with the new PIRQ value. - -Then the guest can write to PCI_COMMAND PCI_COMMAND_MEMORY -and cause the backend to setup an IRQ handler for dev->irq -(which instead of the GSI value has the MSI pirq). See -'xen_pcibk_control_isr'. - -Then the guest disables the MSI: XEN_PCI_OP_disable_msi -which ends up triggering the BUG_ON condition in 'free_msi_irqs' -as there is an IRQ handler for the entry->irq (dev->irq). - -Note that this cannot be done using MSI-X as the generic -code does not over-write dev->irq with the MSI-X PIRQ values. - -The patch inhibits setting up the IRQ handler if MSI or -MSI-X (for symmetry reasons) code had been called successfully. - -P.S. -Xen PCIBack when it sets up the device for the guest consumption -ends up writting 0 to the PCI_COMMAND (see xen_pcibk_reset_device). -XSA-120 addendum patch removed that - however when upstreaming said -addendum we found that it caused issues with qemu upstream. That -has now been fixed in qemu upstream. - -This is part of XSA-157 - -CC: stable@vger.kernel.org -Reviewed-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ---- - drivers/xen/xen-pciback/pciback_ops.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c -index a107928..5bb76c0 100644 ---- a/drivers/xen/xen-pciback/pciback_ops.c -+++ b/drivers/xen/xen-pciback/pciback_ops.c -@@ -70,6 +70,13 @@ static void xen_pcibk_control_isr(struct pci_dev *dev, int reset) - enable ? "enable" : "disable"); - - if (enable) { -+ /* -+ * The MSI or MSI-X should not have an IRQ handler. Otherwise -+ * if the guest terminates we BUG_ON in free_msi_irqs. -+ */ -+ if (dev->msi_enabled || dev->msix_enabled) -+ goto out; -+ - rc = request_irq(dev_data->irq, - xen_pcibk_guest_interrupt, IRQF_SHARED, - dev_data->irq_name, dev); --- -2.1.0 - diff --git a/patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch b/patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch deleted file mode 100644 index a0d75bf..0000000 --- a/patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 59a403750d3796b45376041a4843fcde436ae37e Mon Sep 17 00:00:00 2001 -From: Konrad Rzeszutek Wilk -Date: Wed, 1 Apr 2015 10:49:47 -0400 -Subject: [PATCH v2 XSA157 4/5] xen/pciback: For XEN_PCI_OP_disable_msi[|x] - only disable if device has MSI(X) enabled. - -Otherwise just continue on, returning the same values as -previously (return of 0, and op->result has the PIRQ value). - -This does not change the behavior of XEN_PCI_OP_disable_msi[|x]. - -The pci_disable_msi or pci_disable_msix have the checks for -msi_enabled or msix_enabled so they will error out immediately. - -However the guest can still call these operations and cause -us to disable the 'ack_intr'. That means the backend IRQ handler -for the legacy interrupt will not respond to interrupts anymore. - -This will lead to (if the device is causing an interrupt storm) -for the Linux generic code to disable the interrupt line. - -Naturally this will only happen if the device in question -is plugged in on the motherboard on shared level interrupt GSI. - -This is part of XSA-157 - -CC: stable@vger.kernel.org -Reviewed-by: David Vrabel -Signed-off-by: Konrad Rzeszutek Wilk ---- - drivers/xen/xen-pciback/pciback_ops.c | 33 ++++++++++++++++++++------------- - 1 file changed, 20 insertions(+), 13 deletions(-) - -diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c -index 5bb76c0..648c09c 100644 ---- a/drivers/xen/xen-pciback/pciback_ops.c -+++ b/drivers/xen/xen-pciback/pciback_ops.c -@@ -185,20 +185,23 @@ static - int xen_pcibk_disable_msi(struct xen_pcibk_device *pdev, - struct pci_dev *dev, struct xen_pci_op *op) - { -- struct xen_pcibk_dev_data *dev_data; -- - if (unlikely(verbose_request)) - printk(KERN_DEBUG DRV_NAME ": %s: disable MSI\n", - pci_name(dev)); -- pci_disable_msi(dev); - -+ if (dev->msi_enabled) { -+ struct xen_pcibk_dev_data *dev_data; -+ -+ pci_disable_msi(dev); -+ -+ dev_data = pci_get_drvdata(dev); -+ if (dev_data) -+ dev_data->ack_intr = 1; -+ } - op->value = dev->irq ? xen_pirq_from_irq(dev->irq) : 0; - if (unlikely(verbose_request)) - printk(KERN_DEBUG DRV_NAME ": %s: MSI: %d\n", pci_name(dev), - op->value); -- dev_data = pci_get_drvdata(dev); -- if (dev_data) -- dev_data->ack_intr = 1; - return 0; - } - -@@ -264,23 +267,27 @@ static - int xen_pcibk_disable_msix(struct xen_pcibk_device *pdev, - struct pci_dev *dev, struct xen_pci_op *op) - { -- struct xen_pcibk_dev_data *dev_data; - if (unlikely(verbose_request)) - printk(KERN_DEBUG DRV_NAME ": %s: disable MSI-X\n", - pci_name(dev)); -- pci_disable_msix(dev); - -+ if (dev->msix_enabled) { -+ struct xen_pcibk_dev_data *dev_data; -+ -+ pci_disable_msix(dev); -+ -+ dev_data = pci_get_drvdata(dev); -+ if (dev_data) -+ dev_data->ack_intr = 1; -+ } - /* - * SR-IOV devices (which don't have any legacy IRQ) have - * an undefined IRQ value of zero. - */ - op->value = dev->irq ? xen_pirq_from_irq(dev->irq) : 0; - if (unlikely(verbose_request)) -- printk(KERN_DEBUG DRV_NAME ": %s: MSI-X: %d\n", pci_name(dev), -- op->value); -- dev_data = pci_get_drvdata(dev); -- if (dev_data) -- dev_data->ack_intr = 1; -+ printk(KERN_DEBUG DRV_NAME ": %s: MSI-X: %d\n", -+ pci_name(dev), op->value); - return 0; - } - #endif --- -2.1.0 - diff --git a/series.conf b/series.conf index 16f3381..dbfad8a 100644 --- a/series.conf +++ b/series.conf @@ -12,25 +12,13 @@ patches.xen/pvops-blkfront-removable-flag.patch patches.xen/pvops-blkfront-eject-support.patch # Security fixes -patches.xen/xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch -patches.xen/xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch -patches.xen/xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch -patches.xen/xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch -patches.xen/xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch -patches.xen/xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch patches.xen/xsa155-linux-0008-xen-Add-RING_COPY_RESPONSE.patch -patches.xen/xsa155-linux318-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch -patches.xen/xsa155-linux41-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch +patches.xen/xsa155-linux44-0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch +patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch patches.xen/xsa155-linux-0011-xen-netfront-add-range-check-for-Tx-response-id.patch patches.xen/xsa155-linux312-0012-xen-blkfront-make-local-copy-of-response-before-usin.patch -patches.xen/xsa155-linux319-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch -patches.xen/xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch -patches.xen/xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch -patches.xen/xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch +patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch # MSI-X enabled device passthrough fix (#1734) patches.xen/0003-xen-pcifront-Report-the-errors-better.patch patches.xen/pci_op-cleanup.patch - -# bug affecting Whonix-gateway (#1753) -patches.backports/0001-netfilter-nf_nat_redirect-add-missing-NULL-pointer-c.patch diff --git a/version b/version index e91d9be..f12d1f2 100644 --- a/version +++ b/version @@ -1 +1 @@ -4.3.3 +4.4.8