Hello community,
here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2016-02-26 22:18:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kernel-source (Old)
and /work/SRC/openSUSE:Factory/.kernel-source.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source"
Changes:
--------
--- /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes 2016-02-17 10:23:16.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes 2016-02-26 22:18:18.000000000 +0100
@@ -1,0 +2,41 @@
+Tue Feb 23 11:30:49 CET 2016 - tiwai@suse.de
+
+- ALSA: hda - Apply clock gate workaround to Skylake, too
+ (bsc#966137).
+- commit c601f8d
+
+-------------------------------------------------------------------
+Thu Feb 18 13:48:14 CET 2016 - jslaby@suse.cz
+
+- floppy: fix lock_fdc() signal handling (bnc#966880).
+- commit f12d966
+
+-------------------------------------------------------------------
+Thu Feb 18 13:45:27 CET 2016 - jslaby@suse.cz
+
+- floppy: refactor open() flags handling (bnc#966880).
+- commit 70a427d
+
+-------------------------------------------------------------------
+Thu Feb 18 10:31:57 CET 2016 - jslaby@suse.cz
+
+- Update patches.kernel.org/patch-4.4.1-2 (CVE-2016-0723
+ CVE-2016-2384 bnc#961500 bnc#966883 boo#954532 bsc#966693).
+- commit 5c471bf
+
+-------------------------------------------------------------------
+Thu Feb 18 08:56:03 CET 2016 - jslaby@suse.cz
+
+- Linux 4.4.2 (CVE-2016-0723 CVE-2016-2384 bnc#961500 boo#954532
+ bsc#966693).
+- Delete
+ patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice.
+- Delete
+ patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch.
+- Delete
+ patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch.
+- Delete
+ patches.fixes/HID-multitouch-fix-input-mode-switching-on-some-Elan.
+- commit 19ca782
+
+-------------------------------------------------------------------
kernel-default.changes: same change
kernel-docs.changes: same change
kernel-lpae.changes: same change
kernel-obs-build.changes: same change
kernel-obs-qa.changes: same change
kernel-pae.changes: same change
kernel-source.changes: same change
kernel-syms.changes: same change
kernel-vanilla.changes: same change
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kernel-debug.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.4
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: A Debug Version of the Kernel
License: GPL-2.0
Group: System/Kernel
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
kernel-default.spec: same change
++++++ kernel-docs.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -16,7 +16,7 @@
#
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -27,9 +27,9 @@
Summary: Kernel Documentation (man pages)
License: GPL-2.0
Group: Documentation/Man
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ kernel-lpae.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.4
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: Kernel for LPAE enabled systems
License: GPL-2.0
Group: System/Kernel
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ kernel-obs-build.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -19,7 +19,7 @@
#!BuildIgnore: post-build-checks
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -51,9 +51,9 @@
Summary: package kernel and initrd for OBS VM builds
License: GPL-2.0
Group: SLES
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ kernel-obs-qa.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -17,7 +17,7 @@
# needsrootforbuild
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -36,9 +36,9 @@
Summary: Basic QA tests for the kernel
License: GPL-2.0
Group: SLES
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ kernel-pae.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.4
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: Kernel with PAE Support
License: GPL-2.0
Group: System/Kernel
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ kernel-source.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -18,7 +18,7 @@
%define srcversion 4.4
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%define vanilla_only 0
@@ -30,9 +30,9 @@
Summary: The Linux Kernel Sources
License: GPL-2.0
Group: Development/Sources
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ kernel-syms.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -24,10 +24,10 @@
Summary: Kernel Symbol Versions (modversions)
License: GPL-2.0
Group: Development/Sources
-Version: 4.4.1
+Version: 4.4.2
%if %using_buildservice
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ kernel-vanilla.spec ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:28.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:28.000000000 +0100
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.4
-%define patchversion 4.4.1
+%define patchversion 4.4.2
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: The Standard Kernel - without any SUSE patches
License: GPL-2.0
Group: System/Kernel
-Version: 4.4.1
+Version: 4.4.2
%if 0%{?is_kotd}
-Release: <RELEASE>.g6398c2d
+Release: <RELEASE>.gc601f8d
%else
Release: 0
%endif
++++++ patches.drivers.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Apply-clock-gate-workaround-to-Skylake-too new/patches.drivers/ALSA-hda-Apply-clock-gate-workaround-to-Skylake-too
--- old/patches.drivers/ALSA-hda-Apply-clock-gate-workaround-to-Skylake-too 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.drivers/ALSA-hda-Apply-clock-gate-workaround-to-Skylake-too 2016-02-23 11:30:49.000000000 +0100
@@ -0,0 +1,90 @@
+From 7e31a0159461818a1bda49662921b98a29c1187b Mon Sep 17 00:00:00 2001
+From: Takashi Iwai
+Date: Mon, 22 Feb 2016 15:18:13 +0100
+Subject: [PATCH] ALSA: hda - Apply clock gate workaround to Skylake, too
+Git-commit: 7e31a0159461818a1bda49662921b98a29c1187b
+Patch-mainline: 4.5-rc6
+References: bsc#966137
+
+Some Skylake machines show the codec probe errors in certain
+situations, e.g. HP Z240 desktop fails to probe the onboard Realtek
+codec at reloading the snd-hda-intel module like:
+ snd_hda_intel 0000:00:1f.3: spurious response 0x200:0x2, last cmd=0x000000
+ snd_hda_intel 0000:00:1f.3: azx_get_response timeout, switching to polling mode: lastcmd=0x000f0000
+ snd_hda_intel 0000:00:1f.3: No response from codec, disabling MSI: last cmd=0x000f0000
+ snd_hda_intel 0000:00:1f.3: Codec #0 probe error; disabling it...
+ hdaudio hdaudioC0D2: no AFG or MFG node found
+ snd_hda_intel 0000:00:1f.3: no codecs initialized
+
+Also, HP G470 G3 suffers from the similar problem, as reported in
+bugzilla below. On this machine, the codec probe error appears even
+at a fresh boot.
+
+As Libin suggested, the same workaround used for Broxton in the commit
+[6639484ddaf6: ALSA: hda - disable dynamic clock gating on Broxton before reset] can be applied for Skylake in order to fix this problem.
+The Intel HW team also confirmed that this is needed for SKL.
+
+This patch makes the workaround applied to both SKL and BXT
+platforms. The referred macros are moved and one superfluous macro
+(IS_BROXTON()) is another one (IS_BXT()) as well.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=112731
+Suggested-by: Libin Yang
+Cc: # v4.4+
+Signed-off-by: Takashi Iwai
+
+---
+ sound/pci/hda/hda_intel.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -357,7 +357,10 @@ enum {
+ ((pci)->device == 0x0d0c) || \
+ ((pci)->device == 0x160c))
+
+-#define IS_BROXTON(pci) ((pci)->device == 0x5a98)
++#define IS_SKL(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0xa170)
++#define IS_SKL_LP(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x9d70)
++#define IS_BXT(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x5a98)
++#define IS_SKL_PLUS(pci) (IS_SKL(pci) || IS_SKL_LP(pci) || IS_BXT(pci))
+
+ static char *driver_short_names[] = {
+ [AZX_DRIVER_ICH] = "HDA Intel",
+@@ -534,13 +537,13 @@ static void hda_intel_init_chip(struct a
+
+ if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL)
+ snd_hdac_set_codec_wakeup(bus, true);
+- if (IS_BROXTON(pci)) {
++ if (IS_SKL_PLUS(pci)) {
+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val);
+ val = val & ~INTEL_HDA_CGCTL_MISCBDCGE;
+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val);
+ }
+ azx_init_chip(chip, full_reset);
+- if (IS_BROXTON(pci)) {
++ if (IS_SKL_PLUS(pci)) {
+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val);
+ val = val | INTEL_HDA_CGCTL_MISCBDCGE;
+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val);
+@@ -549,7 +552,7 @@ static void hda_intel_init_chip(struct a
+ snd_hdac_set_codec_wakeup(bus, false);
+
+ /* reduce dma latency to avoid noise */
+- if (IS_BROXTON(pci))
++ if (IS_BXT(pci))
+ bxt_reduce_dma_latency(chip);
+ }
+
+@@ -971,11 +974,6 @@ static int azx_resume(struct device *dev
+ /* put codec down to D3 at hibernation for Intel SKL+;
+ * otherwise BIOS may still access the codec and screw up the driver
+ */
+-#define IS_SKL(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0xa170)
+-#define IS_SKL_LP(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x9d70)
+-#define IS_BXT(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x5a98)
+-#define IS_SKL_PLUS(pci) (IS_SKL(pci) || IS_SKL_LP(pci) || IS_BXT(pci))
+-
+ static int azx_freeze_noirq(struct device *dev)
+ {
+ struct pci_dev *pci = to_pci_dev(dev);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice new/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice
--- old/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice 2016-02-15 12:03:27.000000000 +0100
+++ new/patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice 1970-01-01 01:00:00.000000000 +0100
@@ -1,33 +0,0 @@
-From 07d86ca93db7e5cdf4743564d98292042ec21af7 Mon Sep 17 00:00:00 2001
-From: Andrey Konovalov
-Date: Sat, 13 Feb 2016 11:08:06 +0300
-Subject: [PATCH] ALSA: usb-audio: avoid freeing umidi object twice
-Git-commit: 07d86ca93db7e5cdf4743564d98292042ec21af7
-Patch-mainline: 4.5-rc4
-References: CVE-2016-2384,bsc#966693
-
-The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
-when tearing down the rawmidi interface. So we shouldn't try to free it
-in snd_usbmidi_create() after having registered the rawmidi interface.
-
-Found by KASAN.
-
-Signed-off-by: Andrey Konovalov
-Acked-by: Clemens Ladisch
-Cc:
-Signed-off-by: Takashi Iwai
-
----
- sound/usb/midi.c | 1 -
- 1 file changed, 1 deletion(-)
-
---- a/sound/usb/midi.c
-+++ b/sound/usb/midi.c
-@@ -2454,7 +2454,6 @@ int snd_usbmidi_create(struct snd_card *
- else
- err = snd_usbmidi_create_endpoints(umidi, endpoints);
- if (err < 0) {
-- snd_usbmidi_free(umidi);
- return err;
- }
-
++++++ patches.fixes.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch new/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch
--- old/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch 2016-02-02 17:31:39.000000000 +0100
+++ new/patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,66 +0,0 @@
-From: Peter Hurley
-Date: Sun, 10 Jan 2016 22:40:55 -0800
-Subject: tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
-Patch-mainline: v4.5-rc2
-Git-commit: 5c17c861a357e9458001f021a7afa7aab9937439
-References: bnc#961500 CVE-2016-0723
-
-ioctl(TIOCGETD) retrieves the line discipline id directly from the
-ldisc because the line discipline id (c_line) in termios is untrustworthy;
-userspace may have set termios via ioctl(TCSETS*) without actually
-changing the line discipline via ioctl(TIOCSETD).
-
-However, directly accessing the current ldisc via tty->ldisc is
-unsafe; the ldisc ptr dereferenced may be stale if the line discipline
-is changing via ioctl(TIOCSETD) or hangup.
-
-Wait for the line discipline reference (just like read() or write())
-to retrieve the "current" line discipline id.
-
-Cc:
-Signed-off-by: Peter Hurley
-Signed-off-by: Jiri Slaby
----
- drivers/tty/tty_io.c | 24 +++++++++++++++++++++++-
- 1 file changed, 23 insertions(+), 1 deletion(-)
-
---- a/drivers/tty/tty_io.c
-+++ b/drivers/tty/tty_io.c
-@@ -2653,6 +2653,28 @@ static int tiocsetd(struct tty_struct *t
- }
-
- /**
-+ * tiocgetd - get line discipline
-+ * @tty: tty device
-+ * @p: pointer to user data
-+ *
-+ * Retrieves the line discipline id directly from the ldisc.
-+ *
-+ * Locking: waits for ldisc reference (in case the line discipline
-+ * is changing or the tty is being hungup)
-+ */
-+
-+static int tiocgetd(struct tty_struct *tty, int __user *p)
-+{
-+ struct tty_ldisc *ld;
-+ int ret;
-+
-+ ld = tty_ldisc_ref_wait(tty);
-+ ret = put_user(ld->ops->num, p);
-+ tty_ldisc_deref(ld);
-+ return ret;
-+}
-+
-+/**
- * send_break - performed time break
- * @tty: device to break on
- * @duration: timeout in mS
-@@ -2878,7 +2900,7 @@ long tty_ioctl(struct file *file, unsign
- case TIOCGSID:
- return tiocgsid(tty, real_tty, p);
- case TIOCGETD:
-- return put_user(tty->ldisc->ops->num, (int __user *)p);
-+ return tiocgetd(tty, p);
- case TIOCSETD:
- return tiocsetd(tty, p);
- case TIOCVHANGUP:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch new/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch
--- old/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch 2016-02-02 17:31:39.000000000 +0100
+++ new/patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,42 +0,0 @@
-From: Peter Hurley
-Date: Sun, 10 Jan 2016 22:40:56 -0800
-Subject: n_tty: Fix unsafe reference to "other" ldisc
-Patch-mainline: v4.5-rc2
-Git-commit: 6d27a63caad3f13e96cf065d2d96828c2006be6b
-References: bnc#961500
-
-Although n_tty_check_unthrottle() has a valid ldisc reference (since
-the tty core gets the ldisc ref in tty_read() before calling the line
-discipline read() method), it does not have a valid ldisc reference to
-the "other" pty of a pty pair. Since getting an ldisc reference for
-tty->link essentially open-codes tty_wakeup(), just replace with the
-equivalent tty_wakeup().
-
-Cc:
-Signed-off-by: Peter Hurley
-Signed-off-by: Jiri Slaby
----
- drivers/tty/n_tty.c | 7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
-
---- a/drivers/tty/n_tty.c
-+++ b/drivers/tty/n_tty.c
-@@ -258,16 +258,13 @@ static void n_tty_check_throttle(struct
-
- static void n_tty_check_unthrottle(struct tty_struct *tty)
- {
-- if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
-- tty->link->ldisc->ops->write_wakeup == n_tty_write_wakeup) {
-+ if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
- if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
- return;
- if (!tty->count)
- return;
- n_tty_kick_worker(tty);
-- n_tty_write_wakeup(tty->link);
-- if (waitqueue_active(&tty->link->write_wait))
-- wake_up_interruptible_poll(&tty->link->write_wait, POLLOUT);
-+ tty_wakeup(tty->link);
- return;
- }
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/HID-multitouch-fix-input-mode-switching-on-some-Elan new/patches.fixes/HID-multitouch-fix-input-mode-switching-on-some-Elan
--- old/patches.fixes/HID-multitouch-fix-input-mode-switching-on-some-Elan 2016-02-02 17:31:39.000000000 +0100
+++ new/patches.fixes/HID-multitouch-fix-input-mode-switching-on-some-Elan 1970-01-01 01:00:00.000000000 +0100
@@ -1,94 +0,0 @@
-From 73e7d63efb4d774883a338997943bfa59e127085 Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires
-Date: Tue, 1 Dec 2015 12:41:38 +0100
-Subject: [PATCH] HID: multitouch: fix input mode switching on some Elan panels
-Git-commit: 73e7d63efb4d774883a338997943bfa59e127085
-Patch-mainline: v4.5-rc1
-References: boo#954532
-
-as reported by https://bugzilla.kernel.org/show_bug.cgi?id=108481
-
-This bug reports mentions 6d4f5440 ("HID: multitouch: Fetch feature
-reports on demand for Win8 devices") as the origin of the problem but this
-commit actually masked 2 firmware bugs that are annihilating each other:
-
-The report descriptor declares two features in reports 3 and 5:
-
-0x05, 0x0d, // Usage Page (Digitizers) 318
-0x09, 0x0e, // Usage (Device Configuration) 320
-0xa1, 0x01, // Collection (Application) 322
-0x85, 0x03, // Report ID (3) 324
-0x09, 0x22, // Usage (Finger) 326
-0xa1, 0x00, // Collection (Physical) 328
-0x09, 0x52, // Usage (Inputmode) 330
-0x15, 0x00, // Logical Minimum (0) 332
-0x25, 0x0a, // Logical Maximum (10) 334
-0x75, 0x08, // Report Size (8) 336
-0x95, 0x02, // Report Count (2) 338
-0xb1, 0x02, // Feature (Data,Var,Abs) 340
-0xc0, // End Collection 342
-0x09, 0x22, // Usage (Finger) 343
-0xa1, 0x00, // Collection (Physical) 345
-0x85, 0x05, // Report ID (5) 347
-0x09, 0x57, // Usage (Surface Switch) 349
-0x09, 0x58, // Usage (Button Switch) 351
-0x15, 0x00, // Logical Minimum (0) 353
-0x75, 0x01, // Report Size (1) 355
-0x95, 0x02, // Report Count (2) 357
-0x25, 0x03, // Logical Maximum (3) 359
-0xb1, 0x02, // Feature (Data,Var,Abs) 361
-0x95, 0x0e, // Report Count (14) 363
-0xb1, 0x03, // Feature (Cnst,Var,Abs) 365
-0xc0, // End Collection 367
-
-The report ID 3 presents 2 input mode features, while only the first one
-is handled by the device. Given that we did not checked if one was
-previously assigned, we were dealing with the ignored featured and we
-should never have been able to switch this panel into the multitouch mode.
-
-However, the firmware presents an other bugs which allowed 6d4f5440
-to counteract the faulty report descriptor. When we request the values
-of the feature 5, the firmware answers "03 03 00". The fields are correct
-but the report id is wrong. Before 6d4f5440, we retrieved all the features
-and injected them in the system. So when we called report 5, we injected
-in the system the report 3 with the values "03 00".
-Setting the second input mode to 03 in this report changed it to "03 03"
-and the touchpad switched to the mt mode. We could have set anything
-in the second field because the actual value (the first 03 in this report)
-was given by the query of report ID 5.
-
-To sum up: 2 bugs in the firmware were hiding that we were accessing the
-wrong feature.
-
-Signed-off-by: Benjamin Tissoires
-Signed-off-by: Jiri Kosina
-Acked-by: Takashi Iwai
-
----
- drivers/hid/hid-multitouch.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
---- a/drivers/hid/hid-multitouch.c
-+++ b/drivers/hid/hid-multitouch.c
-@@ -357,8 +357,19 @@ static void mt_feature_mapping(struct hi
- break;
- }
-
-- td->inputmode = field->report->id;
-- td->inputmode_index = usage->usage_index;
-+ if (td->inputmode < 0) {
-+ td->inputmode = field->report->id;
-+ td->inputmode_index = usage->usage_index;
-+ } else {
-+ /*
-+ * Some elan panels wrongly declare 2 input mode
-+ * features, and silently ignore when we set the
-+ * value in the second field. Skip the second feature
-+ * and hope for the best.
-+ */
-+ dev_info(&hdev->dev,
-+ "Ignoring the extra HID_DG_INPUTMODE\n");
-+ }
-
- break;
- case HID_DG_CONTACTMAX:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/floppy-fix-lock_fdc-signal-handling.patch new/patches.fixes/floppy-fix-lock_fdc-signal-handling.patch
--- old/patches.fixes/floppy-fix-lock_fdc-signal-handling.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.fixes/floppy-fix-lock_fdc-signal-handling.patch 2016-02-18 13:50:02.000000000 +0100
@@ -0,0 +1,179 @@
+From: Jiri Kosina
+Date: Mon, 1 Feb 2016 11:19:17 +0100
+Subject: floppy: fix lock_fdc() signal handling
+Patch-mainline: 4.5-rc5
+Git-commit: a0c80efe5956ccce9fe7ae5c78542578c07bc20a
+References: bnc#966880
+
+floppy_revalidate() doesn't perform any error handling on lock_fdc()
+result. lock_fdc() might actually be interrupted by a signal (it waits for
+fdc becoming non-busy interruptibly). In such case, floppy_revalidate()
+proceeds as if it had claimed the lock, but it fact it doesn't.
+
+In case of multiple threads trying to open("/dev/fdX"), this leads to
+serious corruptions all over the place, because all of a sudden there is
+no critical section protection (that'd otherwise be guaranteed by locked
+fd) whatsoever.
+
+While at this, fix the fact that the 'interruptible' parameter to
+lock_fdc() doesn't make any sense whatsoever, because we always wait
+interruptibly anyway.
+
+Most of the lock_fdc() callsites do properly handle error (and propagate
+EINTR), but floppy_revalidate() and floppy_check_events() don't. Fix this.
+
+Spotted by 'syzkaller' tool.
+
+Reported-by: Dmitry Vyukov
+Tested-by: Dmitry Vyukov
+Signed-off-by: Jiri Kosina
+Signed-off-by: Jiri Slaby
+---
+ drivers/block/floppy.c | 33 ++++++++++++++++++---------------
+ 1 file changed, 18 insertions(+), 15 deletions(-)
+
+diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
+index fa9bb742df6e..c1aacca88c8f 100644
+--- a/drivers/block/floppy.c
++++ b/drivers/block/floppy.c
+@@ -866,7 +866,7 @@ static void set_fdc(int drive)
+ }
+
+ /* locks the driver */
+-static int lock_fdc(int drive, bool interruptible)
++static int lock_fdc(int drive)
+ {
+ if (WARN(atomic_read(&usage_count) == 0,
+ "Trying to lock fdc while usage count=0\n"))
+@@ -2173,7 +2173,7 @@ static int do_format(int drive, struct format_descr *tmp_format_req)
+ {
+ int ret;
+
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+
+ set_floppy(drive);
+@@ -2960,7 +2960,7 @@ static int user_reset_fdc(int drive, int arg, bool interruptible)
+ {
+ int ret;
+
+- if (lock_fdc(drive, interruptible))
++ if (lock_fdc(drive))
+ return -EINTR;
+
+ if (arg == FD_RESET_ALWAYS)
+@@ -3243,7 +3243,7 @@ static int set_geometry(unsigned int cmd, struct floppy_struct *g,
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+ mutex_lock(&open_lock);
+- if (lock_fdc(drive, true)) {
++ if (lock_fdc(drive)) {
+ mutex_unlock(&open_lock);
+ return -EINTR;
+ }
+@@ -3263,7 +3263,7 @@ static int set_geometry(unsigned int cmd, struct floppy_struct *g,
+ } else {
+ int oldStretch;
+
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+ if (cmd != FDDEFPRM) {
+ /* notice a disk change immediately, else
+@@ -3349,7 +3349,7 @@ static int get_floppy_geometry(int drive, int type, struct floppy_struct **g)
+ if (type)
+ *g = &floppy_type[type];
+ else {
+- if (lock_fdc(drive, false))
++ if (lock_fdc(drive))
+ return -EINTR;
+ if (poll_drive(false, 0) == -EINTR)
+ return -EINTR;
+@@ -3433,7 +3433,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int
+ if (UDRS->fd_ref != 1)
+ /* somebody else has this drive open */
+ return -EBUSY;
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+
+ /* do the actual eject. Fails on
+@@ -3445,7 +3445,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int
+ process_fd_request();
+ return ret;
+ case FDCLRPRM:
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+ current_type[drive] = NULL;
+ floppy_sizes[drive] = MAX_DISK_SIZE << 1;
+@@ -3467,7 +3467,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int
+ UDP->flags &= ~FTD_MSG;
+ return 0;
+ case FDFMTBEG:
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+ if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR)
+ return -EINTR;
+@@ -3484,7 +3484,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int
+ return do_format(drive, &inparam.f);
+ case FDFMTEND:
+ case FDFLUSH:
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+ return invalidate_drive(bdev);
+ case FDSETEMSGTRESH:
+@@ -3507,7 +3507,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int
+ outparam = UDP;
+ break;
+ case FDPOLLDRVSTAT:
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+ if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR)
+ return -EINTR;
+@@ -3530,7 +3530,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int
+ case FDRAWCMD:
+ if (type)
+ return -EINVAL;
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+ set_floppy(drive);
+ i = raw_cmd_ioctl(cmd, (void __user *)param);
+@@ -3539,7 +3539,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int
+ process_fd_request();
+ return i;
+ case FDTWADDLE:
+- if (lock_fdc(drive, true))
++ if (lock_fdc(drive))
+ return -EINTR;
+ twaddle();
+ process_fd_request();
+@@ -3747,7 +3747,8 @@ static unsigned int floppy_check_events(struct gendisk *disk,
+ return DISK_EVENT_MEDIA_CHANGE;
+
+ if (time_after(jiffies, UDRS->last_checked + UDP->checkfreq)) {
+- lock_fdc(drive, false);
++ if (lock_fdc(drive))
++ return -EINTR;
+ poll_drive(false, 0);
+ process_fd_request();
+ }
+@@ -3845,7 +3846,9 @@ static int floppy_revalidate(struct gendisk *disk)
+ "VFS: revalidate called on non-open device.\n"))
+ return -EFAULT;
+
+- lock_fdc(drive, false);
++ res = lock_fdc(drive);
++ if (res)
++ return res;
+ cf = (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags) ||
+ test_bit(FD_VERIFY_BIT, &UDRS->flags));
+ if (!(cf || test_bit(drive, &fake_change) || drive_no_geom(drive))) {
+--
+2.7.1
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/floppy-refactor-open-flags-handling.patch new/patches.fixes/floppy-refactor-open-flags-handling.patch
--- old/patches.fixes/floppy-refactor-open-flags-handling.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.fixes/floppy-refactor-open-flags-handling.patch 2016-02-18 13:50:02.000000000 +0100
@@ -0,0 +1,96 @@
+From: Jiri Kosina
+Date: Sat, 6 Feb 2016 23:00:22 +0100
+Subject: floppy: refactor open() flags handling
+Patch-mainline: 4.5-rc5
+Git-commit: 09954bad448791ef01202351d437abdd9497a804
+References: bnc#966880
+
+In case /dev/fdX is open with O_NDELAY / O_NONBLOCK, floppy_open() immediately
+succeeds, without performing any further media / controller preparations.
+That's "correct" wrt. the NODELAY flag, but is hardly correct wrt. the rest
+of the floppy driver, that is not really O_NONBLOCK ready, at all. Therefore
+it's not too surprising, that subsequent attempts to work with the
+filedescriptor produce bad results. Namely, syzkaller tool has been able
+to livelock mmap() on the returned fd to keep waiting on the page unlock
+bit forever.
+
+Quite frankly, I have trouble defining what non-blocking behavior would be for
+floppies. Is waiting ages for the driver to actually succeed reading a sector
+blocking operation? Is waiting for drive motor to start blocking operation? How
+about in case of virtualized floppies?
+
+One option would be returning EWOULDBLOCK in case O_NDLEAY / O_NONBLOCK is
+being passed to open(). That has a theoretical potential of breaking some
+arcane and archaic userspace though.
+
+Let's take a more conservative aproach, and accept the O_NDLEAY flag, and let
+the driver behave as usual.
+
+While at it, clean up a bit handling of !(mode & (FMODE_READ|FMODE_WRITE))
+case and return EINVAL instead of succeeding as well.
+
+Spotted by syzkaller tool.
+
+Reported-by: Dmitry Vyukov
+Tested-by: Dmitry Vyukov
+Signed-off-by: Jiri Kosina
+Signed-off-by: Jiri Slaby
+---
+ drivers/block/floppy.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
+
+diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
+index b206115d761c..84708a5f8c52 100644
+--- a/drivers/block/floppy.c
++++ b/drivers/block/floppy.c
+@@ -3663,6 +3663,11 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
+
+ opened_bdev[drive] = bdev;
+
++ if (!(mode & (FMODE_READ|FMODE_WRITE))) {
++ res = -EINVAL;
++ goto out;
++ }
++
+ res = -ENXIO;
+
+ if (!floppy_track_buffer) {
+@@ -3706,21 +3711,20 @@ static int floppy_open(struct block_device *bdev, fmode_t mode)
+ if (UFDCS->rawcmd == 1)
+ UFDCS->rawcmd = 2;
+
+- if (!(mode & FMODE_NDELAY)) {
+- if (mode & (FMODE_READ|FMODE_WRITE)) {
+- UDRS->last_checked = 0;
+- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
+- check_disk_change(bdev);
+- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
+- goto out;
+- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
+- goto out;
+- }
+- res = -EROFS;
+- if ((mode & FMODE_WRITE) &&
+- !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags))
+- goto out;
+- }
++ UDRS->last_checked = 0;
++ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags);
++ check_disk_change(bdev);
++ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags))
++ goto out;
++ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags))
++ goto out;
++
++ res = -EROFS;
++
++ if ((mode & FMODE_WRITE) &&
++ !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags))
++ goto out;
++
+ mutex_unlock(&open_lock);
+ mutex_unlock(&floppy_mutex);
+ return 0;
+--
+2.7.1
+
++++++ patches.kernel.org.tar.bz2 ++++++
++++ 5450 lines of diff (skipped)
++++++ series.conf ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:29.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:29.000000000 +0100
@@ -28,6 +28,7 @@
# Send separate patches upstream if you find a problem...
########################################################
patches.kernel.org/patch-4.4.1
+ patches.kernel.org/patch-4.4.1-2
########################################################
# Build fixes that apply to the vanilla kernel too.
@@ -332,6 +333,9 @@
patches.fixes/scsi-ignore-errors-from-scsi_dh_add_device
patches.fixes/sd-Optimal-I-O-size-is-in-bytes-not-sectors
+ patches.fixes/floppy-refactor-open-flags-handling.patch
+ patches.fixes/floppy-fix-lock_fdc-signal-handling.patch
+
########################################################
# DRM/Video
########################################################
@@ -385,18 +389,15 @@
########################################################
# patches.suse/SUSE-bootsplash
# patches.suse/SUSE-bootsplash-mgadrmfb-workaround
- patches.fixes/HID-multitouch-fix-input-mode-switching-on-some-Elan
##########################################################
# Sound
##########################################################
- patches.drivers/ALSA-usb-audio-avoid-freeing-umidi-object-twice
+ patches.drivers/ALSA-hda-Apply-clock-gate-workaround-to-Skylake-too
########################################################
# Char / serial
########################################################
- patches.fixes/0001-tty-Fix-unsafe-ldisc-reference-via-ioctl-TIOCGETD.patch
- patches.fixes/0002-n_tty-Fix-unsafe-reference-to-other-ldisc.patch
########################################################
# Other driver fixes
++++++ source-timestamp ++++++
--- /var/tmp/diff_new_pack.7Y5KUe/_old 2016-02-26 22:18:29.000000000 +0100
+++ /var/tmp/diff_new_pack.7Y5KUe/_new 2016-02-26 22:18:29.000000000 +0100
@@ -1,3 +1,3 @@
-2016-02-15 12:03:27 +0100
-GIT Revision: 6398c2df356e9052b52ba35e636955cf7a7154d9
+2016-02-23 11:30:49 +0100
+GIT Revision: c601f8d968ebc6e67356f602591365adcf716273
GIT Branch: stable