dgit.raspbian.org Git - linux.git/log

usbip: Document TCP wrappers

Add references to TCP wrappers configuration in the manual page.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name usbip-document-tcp-wrappers.patch

module: Disable matching missing version CRC

This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061.
We want to fail closed if a symbol version CRC is missing, as the
alternative may allow subverting module signing.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name module-disable-matching-missing-version-crc.patch

alpha: Restore symbol versions for symbols exported from assembly

Add <asm/asm-prototypes.h> so that genksyms knows the types of
these symbols and can generate CRCs for them.

Fixes: 00fc0e0dda62 ("alpha: move exports to actual definitions")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/alpha
Gbp-Pq: Name alpha-restore-symbol-versions-for-symbols-exported-f.patch

PCI: Set pci=nobios by default

CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped
W+X, which is undesirable for security reasons and will result in a
warning at boot now that we enable CONFIG_DEBUG_WX.

This can be overridden using the kernel parameter "pci=nobios", but we
want to disable W+X by default. Disable PCI BIOS probing by default;
it can still be enabled using "pci=bios".

Gbp-Pq: Topic debian
Gbp-Pq: Name i386-686-pae-pci-set-pci-nobios-by-default.patch

arm64: add kernel config option to lock down when in Secure Boot mode

Add a kernel configuration option to lock down the kernel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.

Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.

Signed-off-by: Linn Crosetto <linn@hpe.com>
[bwh: Forward-ported to 4.10: adjust context]
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
[bwh: Forward-ported to 4.11 and lockdown patch set:
- Convert result of efi_get_secureboot() to a boolean
- Use lockdown API and naming]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name arm64-add-kernel-config-option-to-lock-down-when.patch

mtd: Disable slram and phram when locked down

The slram and phram drivers both allow mapping regions of physical
address space such that they can then be read and written by userland
through the MTD interface. This is probably usable to manipulate
hardware into overwriting kernel code on many systems. Prevent that
if locked down.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name mtd-disable-slram-and-phram-when-locked-down.patch

Enable cold boot attack mitigation

[Lukas Wunner: Forward-ported to 4.11: adjust context]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name enable-cold-boot-attack-mitigation.patch

Lock down module params that specify hardware parameters (eg. ioport)

Provided an annotation for module parameters that specify hardware
parameters (such as io ports, iomem addresses, irqs, dma channels, fixed
dma buffers and other types).

Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0061-Lock-down-module-params-that-specify-hardware-parame.patch

Lock down TIOCSSERIAL

Lock down TIOCSSERIAL as that can be used to change the ioport and irq
settings on a serial port. This only appears to be an issue for the serial
drivers that use the core serial code. All other drivers seem to either
ignore attempts to change port/irq or give an error.

Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0060-Lock-down-TIOCSSERIAL.patch

Prohibit PCMCIA CIS storage when the kernel is locked down

Prohibit replacement of the PCMCIA Card Information Structure when the
kernel is locked down.

Suggested-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0059-Prohibit-PCMCIA-CIS-storage-when-the-kernel-is-locke.patch

scsi: Lock down the eata driver

When the kernel is running in secure boot mode, we lock down the kernel to
prevent userspace from modifying the running kernel image. Whilst this
includes prohibiting access to things like /dev/mem, it must also prevent
access by means of configuring driver modules in such a way as to cause a
device to access or modify the kernel image.

The eata driver takes a single string parameter that contains a slew of
settings, including hardware resource configuration. Prohibit use of the
parameter if the kernel is locked down.

Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Dario Ballabio <ballabio_dario@emc.com>
cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
cc: "Martin K. Petersen" <martin.petersen@oracle.com>
cc: linux-scsi@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0058-scsi-Lock-down-the-eata-driver.patch

bpf: Restrict kernel image access functions when the kernel is locked down

There are some bpf functions can be used to read kernel memory:
bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
private keys in kernel memory (e.g. the hibernation image signing key) to
be read by an eBPF program. Prohibit those functions when the kernel is
locked down.

Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0057-bpf-Restrict-kernel-image-access-functions-when-the-.patch

acpi: Disable APEI error injection if the kernel is locked down

ACPI provides an error injection mechanism, EINJ, for debugging and testing
the ACPI Platform Error Interface (APEI) and other RAS features. If
supported by the firmware, ACPI specification 5.0 and later provide for a
way to specify a physical memory address to which to inject the error.

Injecting errors through EINJ can produce errors which to the platform are
indistinguishable from real hardware errors. This can have undesirable
side-effects, such as causing the platform to mark hardware as needing
replacement.

While it does not provide a method to load unauthenticated privileged code,
the effect of these errors may persist across reboots and affect trust in
the underlying hardware, so disable error injection through EINJ if
the kernel is locked down.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0056-acpi-Disable-APEI-error-injection-if-the-kernel-is-l.patch

acpi: Disable ACPI table override if the kernel is locked down

From the kernel documentation (initrd_table_override.txt):

  If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
  to override nearly any ACPI table provided by the BIOS with an
  instrumented, modified one.

When securelevel is set, the kernel should disallow any unauthenticated
changes to kernel space.  ACPI tables contain code invoked by the kernel,
so do not allow ACPI tables to be overridden if the kernel is locked down.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0055-acpi-Disable-ACPI-table-override-if-the-kernel-is-lo.patch

acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules. Ignore the option when the kernel is locked down.

Signed-off-by: Josh Boyer <jwboyer@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0054-acpi-Ignore-acpi_rsdp-kernel-param-when-the-kernel-h.patch

ACPI: Limit access to custom_method when the kernel is locked down

custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if the kernel is locked down.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0053-ACPI-Limit-access-to-custom_method-when-the-kernel-i.patch

asus-wmi: Restrict debugfs interface when the kernel is locked down

We have no way of validating what all of the Asus WMI methods do on a given
machine - and there's a risk that some will allow hardware state to be
manipulated in such a way that arbitrary code can be executed in the
kernel, circumventing module loading restrictions. Prevent that if the
kernel is locked down.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0052-asus-wmi-Restrict-debugfs-interface-when-the-kernel-.patch

x86: Restrict MSR access when the kernel is locked down

Writing to MSRs should not be allowed if the kernel is locked down, since
it could lead to execution of arbitrary code in kernel mode. Based on a
patch by Kees Cook.

Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0051-x86-Restrict-MSR-access-when-the-kernel-is-locked-do.patch

x86: Lock down IO port access when the kernel is locked down

IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO
register space. This would potentially permit root to trigger arbitrary
DMA, so lock it down by default.

This also implicitly locks down the KDADDIO, KDDELIO, KDENABIO and
KDDISABIO console ioctls.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0050-x86-Lock-down-IO-port-access-when-the-kernel-is-lock.patch

PCI: Lock down BAR access when the kernel is locked down

Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
[bwh: For 4.12, adjust context]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch

uswsusp: Disable when the kernel is locked down

uswsusp allows a user process to dump and then restore kernel state, which
makes it possible to modify the running kernel. Disable this if the kernel
is locked down.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0048-uswsusp-Disable-when-the-kernel-is-locked-down.patch

hibernate: Disable when the kernel is locked down

There is currently no way to verify the resume image when returning
from hibernate. This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it when the
kernel is locked down.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0047-hibernate-Disable-when-the-kernel-is-locked-down.patch

kexec_file: Disable at runtime if securelevel has been set

When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
through kexec_file systemcall if securelevel has been set.

This code was showed in Matthew's patch but not in git:
https://lkml.org/lkml/2015/3/13/778

Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0046-kexec_file-Disable-at-runtime-if-securelevel-has-bee.patch

Copy secure_boot flag in boot params across kexec reboot

Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load. In this state, the system is missing the protections provided
by secure boot.

Adding a patch to fix this by retain the secure_boot flag in original
kernel.

secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub. Fixing this issue by copying secure_boot flag across kexec reboot.

Signed-off-by: Dave Young <dyoung@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0045-Copy-secure_boot-flag-in-boot-params-across-kexec-re.patch

kexec: Disable at runtime if the kernel is locked down

kexec permits the loading and execution of arbitrary code in ring 0, which
is something that lock-down is meant to prevent. It makes sense to disable
kexec in this situation.

This does not affect kexec_file_load() which can check for a signature on the
image to be booted.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0044-kexec-Disable-at-runtime-if-the-kernel-is-locked-dow.patch

Add a sysrq option to exit secure boot mode

Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running
kernel image to be modified. This lifts the lockdown.

Signed-off-by: Kyle McMartin <kyle@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
[bwh: For 4.12, adjust context]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0043-Add-a-sysrq-option-to-exit-secure-boot-mode.patch

Restrict /dev/mem and /dev/kmem when the kernel is locked down

Allowing users to write to address space makes it possible for the kernel to
be subverted, avoiding module loading restrictions. Prevent this when the
kernel has been locked down.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0042-Restrict-dev-mem-and-dev-kmem-when-the-kernel-is-loc.patch

Enforce module signatures if the kernel is locked down

If the kernel is locked down, require that all modules have valid
signatures that we can verify.

Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0041-Enforce-module-signatures-if-the-kernel-is-locked-do.patch

efi: Lock down the kernel if booted in secure boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that all kernel modules also be signed. Add a configuration option
that to lock down the kernel - which includes requiring validly signed
modules - if the kernel is secure-booted.

Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0040-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch

Add the ability to lock down access to the running kernel image

Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR registers and disallowing hibernation,

Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0039-Add-the-ability-to-lock-down-access-to-the-running-k.patch

efi: Add EFI_SECURE_BOOT bit

UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit
that can be passed to efi_enabled() to find out whether secure boot is
enabled.

This will be used by the SysRq+x handler, registered by the x86 arch, to find
out whether secure boot mode is enabled so that it can be disabled.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0038-efi-Add-EFI_SECURE_BOOT-bit.patch

bfq: Re-enable auto-loading when built as a module

The block core requests modules with the "-iosched" name suffix, but
bfq no longer has that suffix. Add an alias.

Fixes: ea25da48086d ("block, bfq: split bfq-iosched.c into multiple ...")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name bfq-re-enable-auto-loading-when-built-as-a-module.patch

Kbuild.include: addtree: Remove quotes before matching path

systemtap currently fails to build modules when the kernel source and
object trees are separate.

systemtap adds something like -I"/usr/share/systemtap/runtime" to
EXTRA_CFLAGS, and addtree should not adjust this as it's specifying an
absolute directory. But since make has no understanding of shell
quoting, it does anyway.

For a long time this didn't matter, because addtree would still emit
the original -I option after the adjusted one. However, commit
db547ef19064 ("Kbuild: don't add obj tree in additional includes")
changed it to remove the original -I option.

Remove quotes (both double and single) before matching against the
excluded patterns.

References: https://bugs.debian.org/856474
Reported-by: Jack Henschel <jackdev@mailbox.org>
Reported-by: Ritesh Raj Sarraf <rrs@debian.org>
Fixes: db547ef19064 ("Kbuild: don't add obj tree in additional includes")
Cc: stable@vger.kernel.org # 4.8+
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-include-addtree-remove-quotes-before-matching-path.patch

Partially revert "usb: Kconfig: using select for USB_COMMON dependency"

This reverts commit cb9c1cfc86926d0e86d19c8e34f6c23458cd3478 for
USB_LED_TRIG. This config symbol has bool type and enables extra code
in usb_common itself, not a separate driver. Enabling it should not
force usb_common to be built-in!

Fixes: cb9c1cfc8692 ("usb: Kconfig: using select for USB_COMMON dependency")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name partially-revert-usb-kconfig-using-select-for-usb_co.patch

fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers

This helps initramfs builders and other tools to find the full
dependencies of a module.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name fs-add-module_softdep-declarations-for-hard-coded-cr.patch

phy/marvell: disable 4-port phys

The Marvell PHY was originally disabled because it can cause networking
failures on some systems. According to Lennert Buytenhek this is because some
of the variants added did not share the same register layout. Since the known
cases are all 4-ports disable those variants (indicated by a 4 in the
penultimate position of the model name) until they can be audited for
correctness.

[bwh: Also #if-out the init functions for these PHYs to avoid
compiler warnings]

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name disable-some-marvell-phys.patch

kbuild: Use -nostdinc in compile tests

gcc 4.8 and later include <stdc-predef.h> by default.  In some
versions of eglibc that includes <bits/predefs.h>, but that may be
missing when building with a biarch compiler.  Also <stdc-predef.h>
itself could be missing as we are only trying to build a kernel, not
userland.

The -nostdinc option disables this, though it isn't explicitly
documented.  This option is already used when actually building
the kernel, but not by cc-option and other tests.  This can result
in silently miscompiling the kernel.

References: https://bugs.debian.org/717557
References: https://bugs.debian.org/726861
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-use-nostdinc-in-compile-tests.patch

ARM64: dts: marvell: armada-37xx: Enable uSD on ESPRESSObin

The ESPRESSObin board exposes one of the SDHCI interfaces
via J1 uSD slot. This patch enables it.

Tested-by: Miquel Raynal <miquel.raynal@free-electrons.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Signed-off-by: Zbigniew Bodek <zbodek@gmail.com>
[gregory.clement@free-electrons.com: removed "no-1-8-v"]
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Gbp-Pq: Topic features/arm64
Gbp-Pq: Name ARM64-dts-marvell-armada-37xx-Enable-uSD-on-ESPRESSO.patch

x86: Make x32 syscall support conditional on a kernel parameter

Enabling x32 in the standard amd64 kernel would increase its attack
surface while provide no benefit to the vast majority of its users.
No-one seems interested in regularly checking for vulnerabilities
specific to x32 (at least no-one with a white hat).

Still, adding another flavour just to turn on x32 seems wasteful. And
the only differences on syscall entry are two instructions (mask out
the x32 flag and compare the syscall number).

So pad the standard comparison with a nop and add a kernel parameter
"syscall.x32" which controls whether this is replaced with the x32
version at boot time. Add a Kconfig parameter to set the default.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-make-x32-syscall-support-conditional.patch

x86: memtest: WARN if bad RAM found

Since this is not a particularly thorough test, if we find any bad
bits of RAM then there is a fair chance that there are other bad bits
we fail to detect.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-memtest-WARN-if-bad-RAM-found.patch

MIPS: Loongson 3: Add Loongson LS3A RS780E 1-way machine definition

Add a Loongson LS3A RS780E 1-way machine definition, which only differs
from other Loongson 3 based machines by the UART base clock speed.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[bwh: Forward-ported to 4.2]

Gbp-Pq: Topic features/mips
Gbp-Pq: Name MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch

MIPS: increase MAX_PHYSMEM_BITS on Loongson 3 only

Commit c4617318 broke Loongson-2 support and maybe even more by increasing
the value of MAX_PHYSMEM_BITS. At it is currently only needed on
Loongson-3, define it conditionally.

Note: this should be replace by upstream fix when available.

Gbp-Pq: Topic features/mips
Gbp-Pq: Name MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch

ARM: dts: exynos: Add dwc3 SUSPHY quirk

Odroid XU4 board does not enumerate SuperSpeed devices.
This patch makes exynos5 series chips use USB SUSPHY quirk,
which solves the problem.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-dts-exynos-add-dwc3-susphy-quirk.patch

sh: Do not use hyphen in exported variable names

arch/sh/Makefile defines and exports ld-bfd to be used by
arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile.  Similarly
arch/sh/boot/Makefile defines and exports suffix-y to be used by
arch/sh/boot/compressed/Makefile.  However some shells, including
dash, will not pass through environment variables whose name includes
a hyphen.  Usually GNU make does not use a shell to recurse, but if
e.g. $(srctree) contains '~' it will use a shell here.

Rename these variables to ld_bfd and suffix_y.

References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0
Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/sh
Gbp-Pq: Name sh-boot-do-not-use-hyphen-in-exported-variable-name.patch

perf tools: Fix unwind build on i386

EINVAL may not be defined when building unwind-libunwind.c with
REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in
LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks
for a negative return value and doesn't care what it is. So change
-EINVAL to -1.

Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name perf-tools-fix-unwind-build-on-i386.patch

Revert "gpu: host1x: Add IOMMU support"

This reverts commit 404bfb78daf3bedafb0bfab24947059575cbea3d, which
resulted in a build failure:

drivers/gpu/host1x/cdma.c: In function 'host1x_pushbuffer_init':
drivers/gpu/host1x/cdma.c:94:48: error: passing argument 3 of 'dma_alloc_wc' from incompatible pointer type [-Werror=incompatible-pointer-types]
   pb->mapped = dma_alloc_wc(host1x->dev, size, &pb->phys,
                                                ^
In file included from drivers/gpu/host1x/cdma.c:22:0:
include/linux/dma-mapping.h:773:21: note: expected 'dma_addr_t * {aka long long unsigned int *}' but argument is of type 'phys_addr_t * {aka unsigned int *}'
static inline void *dma_alloc_wc(struct device *dev, size_t size,
                     ^~~~~~~~~~~~

This code is mixing up dma_addr_t and phys_addr_t, and this looks had
to avoid when combining the two address mapping APIs.  But with XEN
enabled and ARM_LPAE not enabled, as in the armmp config, dma_addr_t
is 64-bit while phys_addr_t is 32-bit.

It also reverts the commit fea20995976f4b2e8968f852a18e280487d42f0d
"gpu: host1x: Free the IOMMU domain when there is no device to attach"
which depends on it.

Gbp-Pq: Topic debian
Gbp-Pq: Name revert-gpu-host1x-add-iommu-support.patch

platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

Some Lenovo ideapad models do not have hardware rfkill switches, but
trying to read the rfkill switches through the ideapad-laptop module.
It caused to always reported blocking breaking wifi.

Fix it by adding those models to no_hw_rfkill_list.

Signed-off-by: Yang Jiaxun <yjx@flygoat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-several-models-to-no.patch

platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill

Like other Lenovo models the IdeaPad V510-15IKB does not have an hw
rfkill switch. This results in hard-blocked radios after boot, resulting
in always blocked radios rendering them unusable.

Add the IdeaPad V510-15IKB to the no_hw_rfkill DMI list and allows using
the built-in radios.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-ideapad-v510-15ikb-t.patch

platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill

Lenovo Legion Y720-15IKBN is yet another Lenovo model that does not
have an hw rfkill switch, resulting in wifi always reported as hard
blocked.

Add the model to the list of models without rfkill switch.

Signed-off-by: Olle Liljenzin <olle@liljenzin.se>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-y720-15ikbn-to-no_hw.patch

platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill

Lenovo Legion Y520-15IKBN is yet another Lenovo model that does not
have an hw rfkill switch, resulting in wifi always reported as hard
blocked.

Add the model to the list of models without rfkill switch.

Signed-off-by: Olle Liljenzin <olle@liljenzin.se>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-y520-15ikbn-to-no_hw.patch

platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill

Like other Lenovo models the IdeaPad V310-15ISK does not have an hw
rfkill switch. This results in hard-blocked radios after boot, resulting
in always blocked radios rendering them unusable.

Add the IdeaPad V310-15ISK to the no_hw_rfkill DMI list and allows using
the built-in radios.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-ideapad-v310-15isk-t.patch

platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill

Like other Lenovo models the IdeaPad 310-15IKB does not have an hw rfkill
switch. This results in hard-blocked radios after boot, resulting in
always blocked radios rendering them unusable.

Add the IdeaPad 310-15IKB to the no_hw_rfkill DMI list and allows using
the built-in radios.

Signed-off-by: Sven Rebhan <Sven.Rebhan@googlemail.com>
[andy: massaged commit message]
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-ideapad-310-15ikb-to.patch

ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419

The old board code for the TS419 assigns MPP pins 15 and 16 as SATA
activity signals (and none as SATA presence signals). Currently the
device tree assigns the SoC's default pinmux groups for SATA, which
conflict with the second Ethernet port.

Reported-by: gmbh@gazeta.pl
Tested-by: gmbh@gazeta.pl
References: https://bugs.debian.org/855017
Cc: stable@vger.kernel.org # 3.15+
Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch

Don't WARN about expected W+X pages on Xen

Currently Xen PV domains (or at least dom0) on amd64 tend to have a
large number of low kernel pages with W+X permissions. It's not
obvious how to fix this, and we're not going to get any new
information by WARNing about this, but we do still want to hear about
other W+X cases. So add a condition to the WARN_ON.

Gbp-Pq: Topic debian
Gbp-Pq: Name amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch

btrfs: warn about RAID5/6 being experimental at mount time

Too many people come complaining about losing their data -- and indeed,
there's no warning outside a wiki and the mailing list tribal knowledge.
Message severity chosen for consistency with XFS -- "alert" makes dmesg
produce nice red background which should get the point across.

Signed-off-by: Adam Borowski <kilobyte@angband.pl>
[bwh: Also add_taint() so this is flagged in bug reports]

Gbp-Pq: Topic debian
Gbp-Pq: Name btrfs-warn-about-raid5-6-being-experimental-at-mount.patch

fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS

Various free and proprietary AV products use this feature and users
apparently want it. But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that. So warn and taint the kernel if this feature is
actually used.

Gbp-Pq: Topic debian
Gbp-Pq: Name fanotify-taint-on-use-of-fanotify_access_permissions.patch

fjes: Disable auto-loading

fjes matches a generic ACPI device ID, and relies on its probe
function to distinguish whether that really corresponds to a supported
device. Very few system will need the driver and it wastes memory on
all the other systems where the same device ID appears, so disable
auto-loading.

Gbp-Pq: Topic debian
Gbp-Pq: Name fjes-disable-autoload.patch

viafb: Autoload on OLPC XO 1.5 only

It appears that viafb won't work automatically on all the boards for
which it has a PCI device ID match. Currently, it is blacklisted by
udev along with most other framebuffer drivers, so this doesn't matter
much.

However, this driver is required for console support on the XO 1.5.
We need to allow it to be autoloaded on this model only, and then
un-blacklist it in udev.

Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name viafb-autoload-on-olpc-xo1.5-only.patch

snd-pcsp: Disable autoload

There are two drivers claiming the platform:pcspkr device:
- pcspkr creates an input(!) device that can only beep
- snd-pcsp creates an equivalent input device plus a PCM device that can
  play barely recognisable renditions of sampled sound

snd-pcsp is blacklisted by the alsa-base package, but not everyone
installs that.  On PCs where no sound is wanted at all, both drivers
will still be loaded and one or other will complain that it couldn't
claim the relevant I/O range.

In case anyone finds snd-pcsp useful, we continue to build it.  But
remove the alias, to ensure it's not loaded where it's not wanted.

Gbp-Pq: Topic debian
Gbp-Pq: Name snd-pcsp-disable-autoload.patch

cdc_ncm,cdc_mbim: Use NCM by default

Devices that support both NCM and MBIM modes should be kept in NCM
mode unless there is userland support for MBIM.

Set the default value of cdc_ncm.prefer_mbim to false and leave it to
userland (modem-manager) to override this with a modprobe.conf file
once it's ready to speak MBIM.

Gbp-Pq: Topic debian
Gbp-Pq: Name cdc_ncm-cdc_mbim-use-ncm-by-default.patch

security,perf: Allow further restriction of perf_event_open

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

add sysctl to disallow unprivileged CLONE_NEWUSER by default

add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]

Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

yama: Disable by default

Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch

sched: Do not enable autogrouping by default

We want to provide the option of autogrouping but without enabling
it by default yet.

Gbp-Pq: Topic debian
Gbp-Pq: Name sched-autogroup-disabled.patch

fs: Enable link security restrictions by default

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

dccp: Disable auto-loading as mitigation against local exploits

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch

decnet: Disable auto-loading as mitigation against local exploits

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'decnet' protocol is unmaintained and of mostly historical
interest, and the user-space support package 'dnet-common' loads the
module explicitly. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name decnet-Disable-auto-loading-as-mitigation-against-lo.patch

rds: Disable auto-loading as mitigation against local exploits

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch

af_802154: Disable auto-loading as mitigation against local exploits

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch

aufs4.x-rcN standalone patch

Patch headers added by debian/patches/features/all/aufs4/gen-patch

aufs4.x-rcN standalone patch

Gbp-Pq: Topic features/all/aufs4
Gbp-Pq: Name aufs4-standalone.patch

aufs4.x-rcN mmap patch

Patch headers added by debian/patches/features/all/aufs4/gen-patch

aufs4.x-rcN mmap patch

Gbp-Pq: Topic features/all/aufs4
Gbp-Pq: Name aufs4-mmap.patch

aufs4.x-rcN base patch

Patch headers added by debian/patches/features/all/aufs4/gen-patch

aufs4.x-rcN base patch

Gbp-Pq: Topic features/all/aufs4
Gbp-Pq: Name aufs4-base.patch

radeon: Firmware is required for DRM and KMS on R600 onward

radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/radeon when a device is probed, and abort if it is
missing, except for the pre-R600 case.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch

firmware: Remove redundant log messages from drivers

Now that firmware_class logs every success and failure consistently,
many other log messages can be removed from drivers.

This will probably need to be split up into multiple patches prior to
upstream submission.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware-remove-redundant-log-messages-from-drivers.patch

firmware_class: Log every success and failure against given device

The hundreds of users of request_firmware() have nearly as many
different log formats for reporting failures.  They also have only the
vaguest hint as to what went wrong; only firmware_class really knows
that.  Therefore, add specific log messages for the failure modes that
aren't currently logged.

In case of a driver that tries multiple names, this may result in the
impression that it failed to initialise.  Therefore, also log successes.

This makes many error messages in drivers redundant, which will be
removed in later patches.

This does not cover the case where we fall back to a user-mode helper
(which is no longer enabled in Debian).

NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n"
format to detect missing firmware.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware_class-log-every-success-and-failure.patch

iwlwifi: Do not request unreleased firmware for IWL6000

The iwlwifi driver currently supports firmware API versions 4-6 for
these devices.  It will request the file for the latest supported
version and then fall back to earlier versions.  However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless.  So stop
requesting the unreleased firmware.

Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch

af9005: Use request_firmware() to load register init script

Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.

Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch

Install perf scripts non-executable

[bwh: Forward-ported to 3.12]

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install.patch

Create manpages and binaries including the version

[bwh: Fix version insertion in perf man page cross-references and perf
man page title. Install bash_completion script for perf with a
version-dependent name. And do the same for trace.]

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-version.patch

modpost symbol prefix setting

[bwh: The original version of this was added by Bastian Blank. The
upstream code includes <generated/autoconf.h> so that <linux/export.h>
can tell whether C symbols have an underscore prefix. Since we build
modpost separately from the kernel, <generated/autoconf.h> won't exist.
However, no Debian Linux architecture uses the symbol prefix, so we
can simply omit it.]

Gbp-Pq: Topic debian
Gbp-Pq: Name modpost-symbol-prefix.patch

Kbuild: kconfig: Verbose version of --listnewconfig

If the KBUILD_VERBOSE environment variable is set to non-zero, show
the default values of new symbols and not just their names.

Based on work by Bastian Blank <waldi@debian.org> and
maximilian attems <max@stro.at>. Simplified by Michal Marek
<mmarek@suse.cz>.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name Kbuild-kconfig-Verbose-version-of-listnewconfig.patch

powerpcspe-omit-uimage

Gbp-Pq: Topic debian
Gbp-Pq: Name powerpcspe-omit-uimage.patch

Fix uImage build

[bwh: This was added without a description, but I think it is dealing
with a similar issue to powerpcspe-omit-uimage.patch]

Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch

Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"

This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and
5373633cc9253ba82547473e899cab141c54133e.

We really don't want to add -Werror anywhere.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-disable-werror.patch

Tweak gitignore for Debian pkg-kernel using git svn.

[bwh: Tweak further for pure git]

Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch

kbuild: Make the toolchain variables easily overwritable

Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, CFLAGS_KERNEL and CFLAGS_MODULE.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch

Make mkcompile_h accept an alternate timestamp string

We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch

Include package version along with kernel release in stack traces

For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.

Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch

linux (4.13.10-1) unstable; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
    - cifs: check rsp for NULL before dereferencing in SMB2_open
    - cifs: release cifs root_cred after exit_cifs
    - cifs: release auth_key.response for reconnect.
    - nvme-pci: fix host memory buffer allocation fallback
    - nvme-pci: use appropriate initial chunk size for HMB allocation
    - nvme-pci: propagate (some) errors from host memory buffer setup
    - dax: remove the pmem_dax_ops->flush abstraction
    - dm integrity: do not check integrity for failed read operations
    - mmc: block: Fix incorrectly initialized requests
    - fs/proc: Report eip/esp in /prod/PID/stat for coredumping
    - scsi: scsi_transport_fc: fix NULL pointer dereference in
      fc_bsg_job_timeout
    - cifs: SMB3: Add support for multidialect negotiate (SMB2.1 and later)
    - mac80211: fix VLAN handling with TXQs
    - mac80211_hwsim: Use proper TX power
    - mac80211: flush hw_roc_start work before cancelling the ROC
    - genirq: Make sparse_irq_lock protect what it should protect
    - genirq/msi: Fix populating multiple interrupts
    - genirq: Fix cpumask check in __irq_startup_managed()
    - [powerpc*] KVM: Book3S HV: Hold kvm->lock around call to
      kvmppc_update_lpcr
    - [powerpc*] KVM: Book3S HV: Fix bug causing host SLB to be restored
      incorrectly
    - [powerpc*] KVM: PPC: Book3S HV: Don't access XIVE PIPR register using
      byte accesses
    - tracing: Fix trace_pipe behavior for instance traces
    - tracing: Erase irqsoff trace with empty write
    - tracing: Remove RCU work arounds from stack tracer
    - md/raid5: fix a race condition in stripe batch
    - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
    - scsi: aacraid: Fix 2T+ drives on SmartIOC-2000
    - scsi: aacraid: Add a small delay after IOP reset
    - [armhf] drm/exynos: Fix locking in the suspend/resume paths
    - [x86] drm/i915/gvt: Fix incorrect PCI BARs reporting
    - Revert "drm/i915/bxt: Disable device ready before shutdown command"
    - drm/amdgpu: revert tile table update for oland
    - drm/radeon: disable hard reset in hibernate for APUs
    - crypto: drbg - fix freeing of resources
    - security/keys: properly zero out sensitive key material in big_key
    - security/keys: rewrite all of big_key crypto
    - KEYS: fix writing past end of user-supplied buffer in keyring_read()
    - KEYS: prevent creating a different user's keyrings
    - [x86] libnvdimm, namespace: fix btt claim class crash
    - [powerpc*] eeh: Create PHB PEs after EEH is initialized
    - [powerpc*] pseries: Fix parent_dn reference leak in add_dt_node()
    - [powerpc*] tm: Flush TM only if CPU has TM feature
    - [mips*] Fix perf event init
    - [s390x] perf: fix bug when creating per-thread event
    - [s390x] mm: make pmdp_invalidate() do invalidation only
    - [s390x] mm: fix write access check in gup_huge_pmd()
    - PM: core: Fix device_pm_check_callbacks()
    - Revert "IB/ipoib: Update broadcast object if PKey value was changed in
      index 0"
    - cifs: Fix SMB3.1.1 guest authentication to Samba
    - cifs: SMB3: Fix endian warning
    - cifs: SMB3: Warn user if trying to sign connection that authenticated as
      guest
    - cifs: SMB: Validate negotiate (to protect against downgrade) even if
      signing off
    - cifs: SMB3: handle new statx fields
    - cifs: SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
    - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
    - libceph: don't allow bidirectional swap of pg-upmap-items
    - brd: fix overflow in __brd_direct_access
    - gfs2: Fix debugfs glocks dump
    - bsg-lib: don't free job in bsg_prepare_job
    - iw_cxgb4: drop listen destroy replies if no ep found
    - iw_cxgb4: remove the stid on listen create failure
    - iw_cxgb4: put ep reference in pass_accept_req()
    - rcu: Allow for page faults in NMI handlers
    - mmc: sdhci-pci: Fix voltage switch for some Intel host controllers
    - extable: Consolidate *kernel_text_address() functions
    - extable: Enable RCU if it is not watching in kernel_text_address()
    - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
    - [arm64] Make sure SPsel is always set
    - [arm64] mm: Use READ_ONCE when dereferencing pointer to pte table
    - [arm64] fault: Route pte translation faults via do_translation_fault
    - [x86] KVM: VMX: extract __pi_post_block
    - [x86] KVM: VMX: avoid double list add with VT-d posted interrupts
    - [x86] KVM: VMX: simplify and fix vmx_vcpu_pi_load
    - [x86] KVM: nVMX: fix HOST_CR3/HOST_CR4 cache
    - [x86] kvm: Handle async PF in RCU read-side critical sections
    - xfs: validate bdev support for DAX inode flag
    - sched/sysctl: Check user input value of sysctl_sched_time_avg
    - irq/generic-chip: Don't replace domain's name
    - mtd: Fix partition alignment check on multi-erasesize devices
    - [armhf] etnaviv: fix submit error path
    - [armhf] etnaviv: fix gem object list corruption
    - futex: Fix pi_state->owner serialization
    - md: fix a race condition for flush request handling
    - md: separate request handling
    - PCI: Fix race condition with driver_override
    - btrfs: fix NULL pointer dereference from free_reloc_roots()
    - btrfs: clear ordered flag on cleaning up ordered extents
    - btrfs: finish ordered extent cleaning if no progress is found
    - btrfs: propagate error to btrfs_cmp_data_prepare caller
    - btrfs: prevent to set invalid default subvolid
    - [x86] platform: fujitsu-laptop: Don't oops when FUJ02E3 is not presnt
    - PM / OPP: Call notifier without holding opp_table->lock
    - [x86] mm: Fix fault error path using unsafe vma pointer
    - [x86] fpu: Don't let userspace set bogus xcomp_bv (CVE-2017-15537)
    - [x86] KVM: VMX: do not change SN bit in vmx_update_pi_irte()
    - [x86] KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
    - [x86] KVM: VMX: use cmpxchg64
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6
    - [armhf,arm64] usb: dwc3: ep0: fix DMA starvation by assigning req->trb on
      ep0
    - mlxsw: spectrum: Fix EEPROM access in case of SFP/SFP+
    - net: bonding: Fix transmit load balancing in balance-alb mode if
      specified by sysfs
    - openvswitch: Fix an error handling path in
      'ovs_nla_init_match_and_action()'
    - net: bonding: fix tlb_dynamic_lb default value
    - net_sched: gen_estimator: fix scaling error in bytes/packets samples
    - net: sched: fix use-after-free in tcf_action_destroy and tcf_del_walker
    - sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
    - tcp: update skb->skb_mstamp more carefully
    - bpf/verifier: reject BPF_ALU64|BPF_END
    - tcp: fix data delivery rate
    - udpv6: Fix the checksum computation when HW checksum does not apply
    - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
    - net: phy: Fix mask value write on gmii2rgmii converter speed register
    - ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline
    - net/sched: cls_matchall: fix crash when used with classful qdisc
    - 8139too: revisit napi_complete_done() usage
    - bpf: do not disable/enable BH in bpf_map_free_id()
    - tcp: fastopen: fix on syn-data transmit failure
    - [powerpc*] net: emac: Fix napi poll list corruption
    - net: ipv6: fix regression of no RTM_DELADDR sent after DAD failure
    - packet: hold bind lock when rebinding to fanout hook (CVE-2017-15649)
    - net: change skb->mac_header when Generic XDP calls adjust_head
    - net_sched: always reset qdisc backlog in qdisc_reset()
    - [armhf,arm64] net: stmmac: Cocci spatch "of_table"
    - [arm64] net: qcom/emac: specify the correct size when mapping a DMA buffer
    - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
    - l2tp: fix race condition in l2tp_tunnel_delete
    - tun: bail out from tun_get_user() if the skb is empty
    - [armhf,arm64] net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple
      vlans
    - [armhf,arm64] net: dsa: Fix network device registration order
    - packet: in packet_do_bind, test fanout with bind_lock held (CVE-2017-15649)
    - packet: only test po->has_vnet_hdr once in packet_snd
    - [armhf,arm64] net: dsa: mv88e6xxx: lock mutex when freeing IRQs
    - net: Set sk_prot_creator when cloning sockets to the right proto
    - net/mlx5e: IPoIB, Fix access to invalid memory address
    - netlink: do not proceed if dump's start() errs
    - ip6_gre: ip6gre_tap device should keep dst
    - ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path
    - IPv4: early demux can return an error code
    - tipc: use only positive error codes in messages
    - l2tp: fix l2tp_eth module loading
    - socket, bpf: fix possible use after free
    - net: rtnetlink: fix info leak in RTM_GETSTATS call
    - [amd64] bpf: fix bpf_tail_call() x64 JIT
    - usb: gadget: core: fix ->udc_set_speed() logic
    - USB: gadgetfs: Fix crash caused by inadequate synchronization
    - USB: gadgetfs: fix copy_to_user while holding spinlock
    - usb: gadget: udc: atmel: set vbus irqflags explicitly
    - usb-storage: unusual_devs entry to fix write-access regression for
      Seagate external drives
    - usb-storage: fix bogus hardware error messages for ATA pass-thru devices
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
    - usb: pci-quirks.c: Corrected timeout values used in handshake
    - USB: cdc-wdm: ignore -EPIPE from GetEncapsulatedResponse
    - USB: dummy-hcd: fix connection failures (wrong speed)
    - USB: dummy-hcd: fix infinite-loop resubmission bug
    - USB: dummy-hcd: Fix erroneous synchronization change
    - USB: devio: Prevent integer overflow in proc_do_submiturb()
    - USB: g_mass_storage: Fix deadlock when driver is unbound
    - USB: uas: fix bug in handling of alternate settings
    - USB: core: harden cdc_parse_cdc_header
    - usb: Increase quirk delay for USB devices
    - USB: fix out-of-bounds in usb_set_configuration
    - usb: xhci: Free the right ring in xhci_add_endpoint()
    - xhci: fix finding correct bus_state structure for USB 3.1 hosts
    - xhci: fix wrong endpoint ESIT value shown in tracing
    - usb: host: xhci-plat: allow sysdev to inherit from ACPI
    - xhci: Fix sleeping with spin_lock_irq() held in ASmedia 1042A workaround
    - xhci: set missing SuperSpeedPlus Link Protocol bit in roothub descriptor
    - [x86] Revert "xhci: Limit USB2 port wake support for AMD Promontory hosts"
    - [armhf] iio: adc: twl4030: Fix an error handling path in
      'twl4030_madc_probe()'
    - [armhf] iio: adc: twl4030: Disable the vusb3v1 rugulator in the error
      handling path of 'twl4030_madc_probe()'
    - iio: core: Return error for failed read_reg
    - uwb: properly check kthread_run return value
    - uwb: ensure that endpoint is interrupt
    - ksm: fix unlocked iteration over vmas in cmp_and_merge_page()
    - mm, hugetlb, soft_offline: save compound page order before page migration
    - mm, oom_reaper: skip mm structs with mmu notifiers
    - mm: fix RODATA_TEST failure "rodata_test: test data was not read only"
    - mm: avoid marking swap cached page as lazyfree
    - mm: fix data corruption caused by lazyfree page
    - userfaultfd: non-cooperative: fix fork use after free
    - ALSA: compress: Remove unused variable
    - Revert "ALSA: echoaudio: purge contradictions between dimension matrix
      members and total number of members"
    - ALSA: usx2y: Suppress kernel warning at page allocation failures
    - [powerpc*] powernv: Increase memory block size to 1GB on radix
    - [powerpc*] Fix action argument for cpufeatures-based TLB flush
    - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
    - [x86] intel_th: pci: Add Lewisburg PCH support
    - driver core: platform: Don't read past the end of "driver_override" buffer
    - cgroup: Reinit cgroup_taskset structure before cgroup_migrate_execute()
      returns
    - [x86] Drivers: hv: fcopy: restore correct transfer length
    - [x86] vmbus: don't acquire the mutex in vmbus_hvsock_device_unregister()
    - ftrace: Fix kmemleak in unregister_ftrace_graph
    - ovl: fix error value printed in ovl_lookup_index()
    - ovl: fix dput() of ERR_PTR in ovl_cleanup_index()
    - ovl: fix dentry leak in ovl_indexdir_cleanup()
    - ovl: fix missing unlock_rename() in ovl_do_copy_up()
    - ovl: fix regression caused by exclusive upper/work dir protection
    - [arm64] dt marvell: Fix AP806 system controller size
    - [arm64] Ensure the instruction emulation is ready for userspace
    - HID: rmi: Make sure the HID device is opened on resume
    - HID: i2c-hid: allocate hid buffers for real worst case
    - HID: wacom: leds: Don't try to control the EKR's read-only LEDs
    - HID: wacom: Properly report negative values from Intuos Pro 2 Bluetooth
    - HID: wacom: Correct coordinate system of touchring and pen twist
    - HID: wacom: generic: Send MSC_SERIAL and ABS_MISC when leaving prox
    - HID: wacom: generic: Clear ABS_MISC when tool leaves proximity
    - HID: wacom: Always increment hdev refcount within wacom_get_hdev_data
    - HID: wacom: bits shifted too much for 9th and 10th buttons
    - btrfs: avoid overflow when sector_t is 32 bit
    - Btrfs: fix overlap of fs_info::flags values
    - dm crypt: reject sector_size feature if device length is not aligned to it
    - dm ioctl: fix alignment of event number in the device list
    - dm crypt: fix memory leak in crypt_ctr_cipher_old()
    - [powerpc*] KVM: Book3S: Fix server always zero from kvmppc_xive_get_xive()
    - [x86] kvm: Avoid async PF preempting the kernel incorrectly
    - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
    - scsi: sd: Implement blacklist option for WRITE SAME w/ UNMAP
    - scsi: sd: Do not override max_sectors_kb sysfs setting
    - brcmfmac: setup passive scan if requested by user-space
    - [x86] drm/i915: always update ELD connector type after get modes
    - [x86] drm/i915/bios: ignore HDMI on port A
    - bsg-lib: fix use-after-free under memory-pressure
    - nvme-pci: Use PCI bus address for data/queues in CMB
    - mmc: core: add driver strength selection when selecting hs400es
    - nl80211: Define policy for packet pattern attributes
    - [armhf] clk: samsung: exynos4: Enable VPLL and EPLL clocks for
      suspend/resume cycle
    - udp: perform source validation for mcast early demux
    - udp: fix bcast packet reception
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.7
    - watchdog: Revert "iTCO_wdt: all versions count down twice"
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
    - USB: dummy-hcd: Fix deadlock caused by disconnect detection
    - [mips*] math-emu: Remove pr_err() calls from fpu_emu()
    - [mips*] bpf: Fix uninitialised target compiler error
    - [x86] mei: always use domain runtime pm callbacks.
    - [armhf] dmaengine: edma: Align the memcpy acnt array size with the
      transfer
    - [armhf] dmaengine: ti-dma-crossbar: Fix possible race condition with
      dma_inuse
    - NFS: Fix uninitialized rpc_wait_queue
    - nfs/filelayout: fix oops when freeing filelayout segment
    - HID: usbhid: fix out-of-bounds bug
    - crypto: skcipher - Fix crash on zero-length input
    - crypto: shash - Fix zero-length shash ahash digest crash
    - [x86] KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
    - [x86] pinctrl/amd: Fix build dependency on pinmux code
    - [x86] iommu/amd: Finish TLB flush in amd_iommu_unmap()
    - device property: Track owner device of device property
    - Revert "vmalloc: back off when the current task is killed"
    - fs/mpage.c: fix mpage_writepage() for pages with buffers
    - ALSA: usb-audio: Kill stray URB at exiting
    - ALSA: seq: Fix copy_from_user() call inside lock
    - ALSA: caiaq: Fix stray URB at probe error path
    - ALSA: line6: Fix NULL dereference at podhd_disconnect()
    - ALSA: line6: Fix missing initialization before error path
    - ALSA: line6: Fix leftover URB at error-path during probe
    - drm/atomic: Unref duplicated drm_atomic_state in
      drm_atomic_helper_resume()
    - [x86] drm/i915/edp: Get the Panel Power Off timestamp after panel is off
    - [x86] drm/i915: Read timings from the correct transcoder in
      intel_crtc_mode_get()
    - [x86] drm/i915/bios: parse DDI ports also for CHV for HDMI DDC pin and DP
      AUX channel
    - [x86] drm/i915: Use crtc_state_is_legacy_gamma in intel_color_check
    - usb: gadget: configfs: Fix memory leak of interface directory data
    - usb: gadget: composite: Fix use-after-free in
      usb_composite_overwrite_options
    - [arm64] PCI: aardvark: Move to struct pci_host_bridge IRQ mapping
      functions
    - [armhf,armhf] Revert "PCI: tegra: Do not allocate MSI target memory"
    - direct-io: Prevent NULL pointer access in submit_page_section
    - fix unbalanced page refcounting in bio_map_user_iov (CVE-2017-12190)
    - more bio_map_user_iov() leak fixes
    - bio_copy_user_iov(): don't ignore ->iov_offset
    - perf script: Add missing separator for "-F ip,brstack" (and brstackoff)
    - genirq/cpuhotplug: Enforce affinity setting on startup of managed irqs
    - genirq/cpuhotplug: Add sanity check for effective affinity mask
    - USB: serial: cp210x: fix partnum regression
    - USB: serial: console: fix use-after-free on disconnect
    - USB: serial: console: fix use-after-free after failed setup
    - RAS/CEC: Use the right length for "cec_disable"
    - [x86] alternatives: Fix alt_max_short macro to really be a max()
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.9
    - [x86] apic: Silence "FW_BUG TSC_DEADLINE disabled due to Errata" on CPUs
      without the feature
    - [x86] apic: Silence "FW_BUG TSC_DEADLINE disabled due to Errata" on
      hypervisors
    - [armhf,arm64] perf pmu: Unbreak perf record for arm/arm64 with events
      with explicit PMU
    - mm: page_vma_mapped: ensure pmd is loaded with READ_ONCE outside of lock
    - HID: hid-elecom: extend to fix descriptor for HUGE trackball
    - [x86] Drivers: hv: vmbus: Fix rescind handling issues
    - [x86] Drivers: hv: vmbus: Fix bugs in rescind handling
    - [x86] vmbus: simplify hv_ringbuffer_read
    - [x86] vmbus: refactor hv_signal_on_read
    - [x86] vmbus: eliminate duplicate cached index
    - [x86] vmbus: more host signalling avoidance
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.10
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
    - usb: hub: Allow reset retry for USB2 devices on connect bounce
    - ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
    - can: gs_usb: fix busy loop if no more TX context is available
    - scsi: qla2xxx: Fix uninitialized work element
    - nbd: don't set the device size until we're connected
    - [s390x] cputime: fix guest/irq/softirq times after CPU hotplug
    - [hppa/parisc] Fix double-word compare and exchange in LWS code on 32-bit
      kernels
    - [hppa] Fix detection of nonsynchronous cr16 cycle counters
    - iio: dummy: events: Add missing break
    - [armhf] usb: musb: sunxi: Explicitly release USB PHY on exit
    - [armhf] USB: musb: fix session-bit runtime-PM quirk
    - [armhf] USB: musb: fix late external abort on suspend
    - [armhf] usb: musb: musb_cppi41: Fix the address of teardown and autoreq
      registers
    - [armhf] usb: musb: musb_cppi41: Fix cppi41_set_dma_mode() for DA8xx
    - [armhf] usb: musb: musb_cppi41: Configure the number of channels for DA8xx
    - [armhf] usb: musb: Check for host-mode using is_host_active() on reset
      interrupt
    - xhci: Identify USB 3.1 capable hosts by their port protocol capability
    - xhci: Cleanup current_cmd in xhci_cleanup_command_queue()
    - usb: xhci: Reset halted endpoint if trb is noop
    - usb: xhci: Handle error condition in xhci_stop_device()
    - can: esd_usb2: Fix can_dlc value for received RTR, frames
    - can: af_can: can_pernet_init(): add missing error handling for kzalloc
      returning NULL
    - KEYS: encrypted: fix dereference of NULL user_key_payload
    - mmc: sdhci-pci: Fix default d3_retune for Intel host controllers
    - [x86] drm/i915: Use bdw_ddi_translations_fdi for Broadwell
    - drm/nouveau/kms/nv50: fix oops during DP IRQ handling on non-MST boards
    - drm/nouveau/bsp/g92: disable by default
    - drm/nouveau/mmu: flush tlbs before deleting page tables
    - media: cec: Respond to unregistered initiators, when applicable
    - media: dvb: i2c transfers over usb cannot be done from stack
    - ALSA: seq: Enable 'use' locking in all configurations
    - ALSA: hda: Remove superfluous '-' added by printk conversion
    - ALSA: hda: Abort capability probe at invalid register read
    - [x86] i2c: ismt: Separate I2C block read from SMBus block read
    - [x86] i2c: piix4: Fix SMBus port selection for AMD Family 17h chips
    - Revert "tools/power turbostat: stop migrating, unless '-m'"
    - brcmfmac: Add check for short event packets
    - brcmsmac: make some local variables 'static const' to reduce stack size
    - [armhf] dts: sun6i: Fix endpoint IDs in second display pipeline
    - [i386] clockevents/drivers/cs5535: Improve resilience to spurious
      interrupts
    - rtlwifi: rtl8821ae: Fix connection lost problem
    - [x86] microcode/intel: Disable late loading on model 79
    - lib/digsig: fix dereference of NULL user_key_payload
    - fscrypt: fix dereference of NULL user_key_payload
    - ecryptfs: fix dereference of NULL user_key_payload
    - KEYS: Fix race between updating and finding a negative key
      (CVE-2017-15951)
    - FS-Cache: fix dereference of NULL user_key_payload
    - KEYS: don't let add_key() update an uninstantiated key (CVE-2017-15299)
    - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
    - [arm64] dts: rockchip: correct vqmmc voltage for rk3399 platforms
    - ALSA: hda - Fix incorrect TLV callback check introduced during set_fs()
      removal
    - iomap_dio_rw: Allocate AIO completion queue before submitting dio
    - xfs: don't unconditionally clear the reflink flag on zero-block files
    - xfs: evict CoW fork extents when performing finsert/fcollapse
    - fs/xfs: Use %pS printk format for direct addresses
    - xfs: report zeroed or not correctly in xfs_zero_range()
    - xfs: update i_size after unwritten conversion in dio completion
    - xfs: perag initialization should only touch m_ag_max_usable for AG 0
    - xfs: Capture state of the right inode in xfs_iflush_done
    - xfs: always swap the cow forks when swapping extents
    - xfs: handle racy AIO in xfs_reflink_end_cow
    - xfs: Don't log uninitialised fields in inode structures
    - xfs: move more RT specific code under CONFIG_XFS_RT
    - xfs: don't change inode mode if ACL update fails
    - xfs: reinit btree pointer on attr tree inactivation walk
    - xfs: handle error if xfs_btree_get_bufs fails
    - xfs: cancel dirty pages on invalidation
    - xfs: trim writepage mapping to within eof
    - xfs: move two more RT specific functions into CONFIG_XFS_RT

  [ Ben Hutchings ]
  * [arm64] brcmfmac: Enable BRCMFMAC_SDIO (Closes: #877911)
  * Update build dependencies on libbabeltrace[,-ctf}-dev
  * linux-kbuild: Include scripts/ld-version.sh, needed for powerpc 64-bit
    modules
  * dax: Avoid most ABI changes in 4.13.5
  * SCSI: Avoid ABI change in 4.13.6
  * [x86] kvm: Ignore ABI change in 4.13.6
  * inet, l2tp, snd-seq, usb/gadget: Ignore ABI changes
  * [armel,armhf] mbus: Ignore ABI change in 4.13.10
  * Revert "bpf: one perf event close won't free bpf program attached ..."
    to avoid an ABI change
  * [armel] security: Enable SECURITY_APPARMOR and disable SECURITY_SELINUX
  * security: Enable DEFAULT_SECURITY_APPARMOR
  * mac80211: Avoid ABI change in 4.13.5
  * [x86] rmi4: Enable RMI4_SMB as module (Closes: #875621)
  * KEYS: Limit ABI change in 4.13.10

[dgit import unpatched linux 4.13.10-1]

Import linux_4.13.10.orig.tar.xz

[dgit import orig linux_4.13.10.orig.tar.xz]

Import linux_4.13.10-1.debian.tar.xz

[dgit import tarball linux 4.13.10-1 linux_4.13.10-1.debian.tar.xz]