Changelog
linux (4.11.11-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.7
- fs: pass on flags in compat_writev
- configfs: Fix race between create_link and configfs_rmdir
- can: gs_usb: fix memory leak in gs_cmd_reset()
- ila_xlat: add missing hash secret initialization
- cpufreq: conservative: Allow down_threshold to take values from 1 to 10
- vb2: Fix an off by one error in 'vb2_plane_vaddr'
- cec: race fix: don't return -ENONET in cec_receive()
- selinux: fix double free in selinux_parse_opts_str()
- mac80211: don't look at the PM bit of BAR frames
- mac80211/wpa: use constant time memory comparison for MACs
- [x86] drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions.
- [x86] drm/i915: Fix GVT-g PVINFO version compatibility check
- [x86] drm/i915: Fix scaling check for 90/270 degree plane rotation
- [x86] drm/i915: Do not sync RCU during shrinking
- mac80211: fix IBSS presp allocation size
- mac80211: strictly check mesh address extension mode
- mac80211: fix dropped counter in multiqueue RX
- mac80211: don't send SMPS action frame in AP mode when not needed
- [arm64, armhf] drm/vc4: Fix OOPSes from trying to cache a partially
constructed BO.
- serial: 8250_lpss: Unconditionally set PCI master for Quark
- [sh4] serial: sh-sci: Fix (AUTO)RTS in sci_init_pins()
- [sh4] serial: sh-sci: Fix late enablement of AUTORTS
- [x86] mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
- [armhf] mfd: axp20x: Add support for dts property "xpowers,master-mode"
- [armhf] dt-bindings: mfd: axp20x: Add "xpowers,master-mode" property for
AXP806 PMICs
- [powerpc] mm: Add physical address to Linux page table dump
- staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()
- [armhf] iio: adc: ti_am335x_adc: allocating too much in probe
- [x86] ALSA: hda: Add Geminilake id to SKL_PLUS
- ALSA: usb-audio: fix Amanero Combo384 quirk on big-endian hosts
- USB: hub: fix SS max number of ports
- usb: core: fix potential memory leak in error path during hcd creation
- [x86] USB: usbip: fix nonconforming hub descriptor
- [arm64, armhf] usb: dwc3: gadget: Fix ISO transfer performance
- pvrusb2: reduce stack usage pvr2_eeprom_analyze()
- USB: gadget: dummy_hcd: fix hub-descriptor removable fields
- coda: restore original firmware locations
- usb: xhci: Fix USB 3.1 supported protocol parsing
- usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk
- USB: gadget: fix GPF in gadgetfs
- USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks
- mm/memory-failure.c: use compound_head() flags for huge pages
- swap: cond_resched in swap_cgroup_prepare()
- mm: numa: avoid waiting on freed migrated pages
- userfaultfd: shmem: handle coredumping in handle_userfault()
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
- genirq: Release resources in __setup_irq() error path
- alarmtimer: Prevent overflow of relative timers
- alarmtimer: Rate limit periodic intervals
- virtio_balloon: disable VIOMMU support
- [mips*] Fix bnezc/jialc return address calculation
- [mips*] .its targets depend on vmlinux
- [sparc*] crypto: Work around deallocated stack frame reference gcc bug
on sparc.
- [armhf] dts: am335x-sl50: Fix card detect pin for mmc1
- [armhf] dts: am335x-sl50: Fix cannot claim requested pins for spi0
- mm: larger stack guard gap, between vmas
- Allow stack to grow up to address space limit
- mm: fix new crash in unmapped_area_topdown()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
- [armhf] clk: sunxi-ng: a31: Correct lcd1-ch1 clock register offset
- [armhf] clk: sunxi-ng: v3s: Fix usb otg device reset bit
- [armhf] clk: sunxi-ng: sun5i: Fix ahb_bist_clk definition
- xen/blkback: fix disconnect while I/Os in flight
- xen-blkback: don't leak stack data via response ring (XSA-216,
CVE-2017-10911)
- ALSA: firewire-lib: Fix stall of process context at packet error
- ALSA: pcm: Don't treat NULL chmap as a fatal error
- ALSA: hda - Add Coffelake PCI ID
- ALSA: hda - Apply quirks to Broxton-T, too
- fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
- [powerpc] perf: Fix oops when kthread execs user process
- autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
- fs/dax.c: fix inefficiency in dax_writeback_mapping_range()
- lib/cmdline.c: fix get_options() overflow while parsing ranges
- [x86] perf/x86/intel: Add 1G DTLB load/store miss support for SKL
- perf probe: Fix probe definition for inlined functions
- [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
- [s390x] KVM gaccess: fix real-space designation asce handling for gmap
shadows
- [powerpc*] KVM: Book3S HV: Cope with host using large decrementer mode
- [powerpc*] KVM: Book3S HV: Preserve userspace HTM state properly
- [powerpc*] KVM: Book3S HV: Ignore timebase offset on POWER9 DD1
- [powerpc*] KVM: Book3S HV: Context-switch EBB registers properly
- [powerpc*] KVM: Book3S HV: Restore critical SPRs to host values on guest
exit
- [powerpc*] KVM: Book3S HV: Save/restore host values of debug registers
- CIFS: Improve readdir verbosity
- CIFS: Fix some return values in case of error in 'crypt_message'
- cxgb4: notify uP to route ctrlq compl to rdma rspq
- HID: Add quirk for Dell PIXART OEM mouse
- random: silence compiler warnings and fix race
- signal: Only reschedule timers on signals timers have sent
- [powerpc] kprobes: Pause function_graph tracing during jprobes handling
- ]powerpc*] 64s: Handle data breakpoints in Radix mode
- Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
- brcmfmac: add parameter to pass error code in firmware callback
- brcmfmac: use firmware callback upon failure to load
- brcmfmac: unbind all devices upon failure in firmware callback
- time: Fix clock->read(clock) race around clocksource changes
- time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
- [arm64] vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
- target: Fix kref->refcount underflow in transport_cmd_finish_abort
- iscsi-target: Fix delayed logout processing greater than
SECONDS_FOR_LOGOUT_COMP
- iscsi-target: Reject immediate data underflow larger than SCSI transfer
length
- drm/radeon: add a PX quirk for another K53TK variant
- drm/radeon: add a quirk for Toshiba Satellite L20-183
- [x86] drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
- [x86] drm/amdgpu: adjust default display clock
- [x86] drm/amdgpu: add Polaris12 DID
- ACPI / scan: Apply default enumeration to devices with ACPI drivers
- ACPI / scan: Fix enumeration for special SPI and I2C devices
- rxrpc: Fix several cases where a padded len isn't checked in ticket
decode (CVE-2017-7482)
- drm: Fix GETCONNECTOR regression
- usb: gadget: f_fs: avoid out of bounds access on comp_desc
- spi: double time out tolerance
- net: phy: fix marvell phy status reading
- netfilter: xtables: zero padding in data_to_user
- netfilter: xtables: fix build failure from COMPAT_XT_ALIGN outside
CONFIG_COMPAT
- brcmfmac: fix uninitialized warning in brcmf_usb_probe_phase2()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.9
- net: don't call strlen on non-terminated string in dev_set_alias()
- net: Fix inconsistent teardown and release of private netdev state.
- [s390x] net: fix up for "Fix inconsistent teardown and release of
private netdev state"
- mac80211: free netdev on dev_alloc_name() error
- decnet: dn_rtmsg: Improve input length sanitization in
dnrmg_receive_user_skb
- net: Zero ifla_vf_info in rtnl_fill_vfinfo()
- net: ipv6: Release route when device is unregistering
- net: vrf: Make add_fib_rules per network namespace flag
- af_unix: Add sockaddr length checks before accessing sa_family in bind
and connect handlers
- Fix an intermittent pr_emerg warning about lo becoming free.
- sctp: disable BH in sctp_for_each_endpoint
- net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
- net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse
- net/mlx5: Remove several module events out of ethtool stats
- net/mlx5e: Added BW check for DIM decision mechanism
- net/mlx5e: Fix wrong indications in DIM due to counter wraparound
- net/mlx5: Enable 4K UAR only when page size is bigger than 4K
- proc: snmp6: Use correct type in memset
- igmp: acquire pmc lock for ip_mc_clear_src()
- igmp: add a missing spin_lock_init()
- qmi_wwan: new Telewell and Sierra device IDs
- net: don't global ICMP rate limit packets originating from loopback
- ipv6: fix calling in6_ifa_hold incorrectly for dad work
- sctp: return next obj by passing pos + 1 into sctp_transport_get_idx
- net/mlx5e: Fix min inline value for VF rep SQs
- net/mlx5e: Avoid doing a cleanup call if the profile doesn't have it
- net/mlx5: Wait for FW readiness before initializing command interface
- net/mlx5e: Fix timestamping capabilities reporting
- decnet: always not take dst->__refcnt when inserting dst into hash table
- net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
- ipv6: Do not leak throw route references
- rtnetlink: add IFLA_GROUP to ifla_policy
- netfilter: synproxy: fix conntrackd interaction
- NFSv4.x/callback: Create the callback service through svc_create_pooled
- xen/blkback: don't use xen_blkif_get() in xen-blkback kthread
- [mips*] head: Reorder instructions missing a delay slot
- [mips*] Avoid accidental raw backtrace
- [mips*] pm-cps: Drop manual cache-line alignment of ready_count
- [mips*] Fix IRQ tracing & lockdep when rescheduling
- ALSA: hda - Fix endless loop of codec configure
- ALSA: hda - set input_path bitmap to zero after moving it to new place
- NFSv4.2: Don't send mode again in post-EXCLUSIVE4_1 SETATTR with umask
- NFSv4.1: Fix a race in nfs4_proc_layoutget
- Revert "NFS: nfs_rename() handle -ERESTARTSYS dentry left behind"
- ovl: copy-up: don't unlock between lookup and link
- gpiolib: fix filtering out unwanted events
- [x86] intel_rdt: Fix memory leak on mount failure
- [x86] perf/x86/intel/uncore: Fix wrong box pointer check
- [x86] drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
- dm thin: do not queue freed thin mapping for next stage processing
- [x86] mm: Fix boot crash caused by incorrect loop count calculation in
sync_global_pgds()
- [arm64] pinctrl/amd: Use regular interrupt instead of chained
- mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap
mappings
- xen/blkback: don't free be structure too early
- xfrm6: Fix IPv6 payload_len in xfrm6_transport_finish
- xfrm: move xfrm_garbage_collect out of xfrm_policy_flush
- xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
- xfrm: NULL dereference on allocation failure
- xfrm: Oops on error in pfkey_msg2xfrm_state()
- [arm64] PCI: Fix struct acpi_pci_root_ops allocation failure path
- [arm64] ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
- [arm*] 8685/1: ensure memblock-limit is pmd-aligned
- [arm*] davinci: PM: Free resources in error handling path in
'davinci_pm_init'
- [arm*] davinci: PM: Do not free useful resources in normal path in
'davinci_pm_init'
- Revert "x86/entry: Fix the end of the stack for newly forked tasks"
- [x86] boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug
- [x86] perf: Fix spurious NMI with PEBS Load Latency event
- [x86] mpx: Correctly report do_mpx_bt_fault() failures to user-space
- [x86] mm: Fix flush_tlb_page() on Xen
- ocfs2: o2hb: revert hb threshold to keep compatible
- ocfs2: fix deadlock caused by recursive locking in xattr
- iommu/dma: Don't reserve PCI I/O windows
- [amd64] iommu/amd: Fix incorrect error handling in
amd_iommu_bind_pasid()
- [amd64] iommu/amd: Fix interrupt remapping when disable guest_mode
- mtd: nand: brcmnand: Check flash #WP pin status before nand
erase/program
- mtd: nand: fsmc: fix NAND width handling
- [x86] KVM: fix emulation of RSM and IRET instructions
- [x86] KVM: vPMU: fix undefined shift in intel_pmu_refresh()
- [x86] KVM: zero base3 of unusable segments
- KVM: nVMX: Fix exception injection
- esp4: Fix udpencap for local TCP packets.
- [armhf] hsi: Fix build regression due to netdev destructor fix.
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.10
- fs: completely ignore unknown open flags
- driver core: platform: fix race condition with driver_override
- RDMA/uverbs: Check port number supplied by user verbs cmds
- ceph: choose readdir frag based on previous readdir reply
- tracing/kprobes: Allow to create probe with a module name starting with a
digit
- drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810)
- usb: dwc3: replace %p with %pK
- Add USB quirk for HVR-950q to avoid intermittent device resets
- usb: usbip: set buffer pointers to NULL after free
- usb: Fix typo in the definition of Endpoint[out]Request
- USB: core: fix device node leak
- [armhf] pinctrl: meson: meson8b: fix the NAND DQS pins
- [armhf,arm64] pinctrl: sunxi: Fix SPDIF function name for A83T
- pinctrl: core: Fix warning by removing bogus code
- [x86] xhci: Limit USB2 port wake support for AMD Promontory hosts
- gfs2: Fix glock rhashtable rcu bug
- Add "shutdown" to "struct class".
- tpm: Issue a TPM2_Shutdown for TPM2 devices.
- tpm: fix a kernel memory leak in tpm-sysfs.c
- [x86] uaccess: Optimize copy_user_enhanced_fast_string() for short strings
- xen: avoid deadlock in xenbus driver
- crypto: drbg - Fixes panic in wait_for_completion call
- [x86] rt286: add Thinkpad Helix 2 to force_combo_jack_table
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.11
- mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
- proc: Fix proc_sys_prune_dcache to hold a sb reference
- locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
- [x86] staging: comedi: fix clean-up of comedi_class in comedi_init()
- crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
- ext4: check return value of kstrtoull correctly in reserved_clusters_store
- [x86] mm/pat: Don't report PAT on CPUs that don't support it
[ Ben Hutchings ]
* [m68k] udeb: Use only the common module list for nic-shared-modules
(fixes FTBFS)
* [sparc64] Update "Revert "sparc: move exports to definitions"" for the
addition of __multi3 (fixes FTBFS)
* binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
CVE-2017-1000371)
* [rt] Update to 4.11.9-rt7:
- smp/hotplug: Move unparking of percpu threads to the control CPU
- cpu_pm: replace raw_notifier to atomic_notifier
* media: Enable MEDIA_CEC_SUPPORT, VIDEO_VIVID_CEC; USB_PULSE8_CEC as module
(Closes: #868511)
* [armhf] udeb: Add sunxi_wdt to kernel-image (Closes: #866130)
* crypto: Enable CRYPTO_USER, CRYPTO_USER_API_RNG as modules (Closes: #868291)
* udeb: Add dm-raid to md-modules (Closes: #868251)
* [arm64] sound: Enable SND_HDA_INTEL as module (Closes: #867611)
* aufs: Update support patchset to aufs4.11.7+-20170703 (Closes: #867257)
* [x86] ideapad-laptop: Add various IdeaPad models to no_hw_rfkill list
(Closes: #866706)
* firmware: dmi: Add DMI_PRODUCT_FAMILY identification string
* [x86] pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago
systems (Closes: #862723)
* [armhf] Add ARM Mali Midgard device tree bindings and gpu node for rk3288
(thanks to Guillaume Tucker) (Closes: #865646)
[ Uwe Kleine-König ]
* [arm64] enable FB_SIMPLE
[ Vagrant Cascadian ]
* [arm64] Enable support for Rockchip systems (Closes: #860976).
[ Salvatore Bonaccorso ]
* Bump ABI to 2
* [rt] Update to 4.11.8-rt5
[ Cyril Brulebois ]
* [arm64,armhf] udeb: Ship usb3503 module in usb-modules, needed for
e.g. Arndale development boards, thanks to Wei Liu (Closes: #865645).
-- Ben Hutchings <email address hidden> Mon, 17 Jul 2017 03:01:21 +0100
