Pull in upstream patches to build with latest security-update kernel

The jessie kerle security update for spectre/meltdown brought in a couple
ABI changes that prevent the version of openafs in jessie from building
its kernel module.  Pull in the needed upstream changes to fix the build.

Change-Id: If3daede4ab3a8daa4b4845d1e33ab9ccfffb51a2

diff --git a/debian/changelog b/debian/changelog
index 4986ef432f1628491619d276df6e903df739e45d..10072ab4ad073c6837562b4755d9223255475a2e 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+openafs (1.6.9-2+deb8u7) jessie-proposed-updates; urgency=high
+
+  * Apply upstream patches needed to fix kernel module build against
+    linux 3.16.51-3+deb8u1 kernels after security update-induced ABI changes.
+    (Closes: #886719)
+
+ -- Benjamin Kaduk <kaduk@mit.edu>  Sat, 20 Jan 2018 11:48:09 -0600
+
 openafs (1.6.9-2+deb8u6) jessie-security; urgency=high
 
   * CVE-2017-17432: remote triggered Rx assertion failure

diff --git a/debian/patches/0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch b/debian/patches/0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
new file mode 100644 (file)
index 0000000..e31e605
--- /dev/null
+++ b/debian/patches/0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
@@ -0,0 +1,57 @@
+From: Mark Vitale <mvitale@sinenomine.net>
+Date: Thu, 20 Oct 2016 00:49:37 -0400
+Subject: Linux 4.9: inode_change_ok() becomes setattr_prepare()
+
+Linux commit 31051c85b5e2 "fs: Give dentry to inode_change_ok() instead
+of inode" renames and modifies inode_change_ok(inode, attrs) to
+setattr_prepare(dentry, attrs).
+
+Modify OpenAFS to cope.
+
+Reviewed-on: https://gerrit.openafs.org/12418
+Tested-by: BuildBot <buildbot@rampaginggeek.com>
+Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
+(cherry picked from commit 8aeb711eeaa5ddac5a74c354091e2d4f7ac0cd63)
+
+Change-Id: I7f08c57b7f61465a1ea18333306f52f77bd65084
+Reviewed-on: https://gerrit.openafs.org/12480
+Tested-by: BuildBot <buildbot@rampaginggeek.com>
+Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
+Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
+Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
+(cherry picked from commit 8efca09a5daa3cfc08d0d86e2fb48c9b8d1b270a)
+---
+ acinclude.m4             | 3 +++
+ src/afs/LINUX/osi_file.c | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index 80a05b7..e1cdc8c 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -947,6 +947,9 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
+                AC_CHECK_LINUX_FUNC([set_nlink],
+                                    [#include <linux/fs.h>],
+                                    [set_nlink(NULL, 1);])
++               AC_CHECK_LINUX_FUNC([setattr_prepare],
++                                   [#include <linux/fs.h>],
++                                   [setattr_prepare(NULL, NULL);])
+                AC_CHECK_LINUX_FUNC([sock_create_kern],
+                                    [#include <linux/net.h>],
+                                    [sock_create_kern(0, 0, 0, NULL);])
+diff --git a/src/afs/LINUX/osi_file.c b/src/afs/LINUX/osi_file.c
+index b83f736..d6c0fd6 100644
+--- a/src/afs/LINUX/osi_file.c
++++ b/src/afs/LINUX/osi_file.c
+@@ -184,7 +184,11 @@ osi_UFSTruncate(struct osi_file *afile, afs_int32 asize)
+     newattrs.ia_ctime = CURRENT_TIME;
+ 
+     /* avoid notify_change() since it wants to update dentry->d_parent */
++#ifdef HAVE_LINUX_SETATTR_PREPARE
++    code = setattr_prepare(file_dentry(afile->filp), &newattrs);
++#else
+     code = inode_change_ok(inode, &newattrs);
++#endif
+     if (!code)
+       code = afs_inode_setattr(afile, &newattrs);
+     if (!code)

diff --git a/debian/patches/0024-LINUX-Debian-Ubuntu-build-regression-on-kernel-3.16..patch b/debian/patches/0024-LINUX-Debian-Ubuntu-build-regression-on-kernel-3.16..patch
new file mode 100644 (file)
index 0000000..9e28ebf
--- /dev/null
+++ b/debian/patches/0024-LINUX-Debian-Ubuntu-build-regression-on-kernel-3.16..patch
@@ -0,0 +1,77 @@
+From: Sergio Gelato <Sergio.Gelato@astro.su.se>
+Date: Wed, 22 Feb 2017 13:55:33 -0800
+Subject: LINUX: Debian/Ubuntu build regression on kernel 3.16.39
+
+Now that kernel 4.9 has hit jessie-backports, it becomes desirable to
+also backport the associated openafs patches.
+
+Unfortunately, Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
+causes a build failure against jessie's current default kernel,
+3.16.39-1, due to the fact that setattr_prepare() is available (it was
+cherrypicked to address CVE-2015-1350) but file_dentry() is not (it was
+introduced in kernel 4.6).
+
+This makes it difficult to have a version of openafs for jessie that
+supports both kernels.
+
+To deal with this, follow the implementation of file_dentry() in 4.6,
+and simplify it to account for the lack of d_real() support in older
+kernels.
+
+Note that inode_change_ok() has been added back to 3.16.39-1 to avoid
+ABI changes. That means the current openafs packages in jessie continue
+to work with kernel 3.16.39-1 since they do not include
+Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch.
+
+Originally reported at
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855366
+
+FIXES RT134158
+
+Reviewed-on: https://gerrit.openafs.org/12523
+Tested-by: BuildBot <buildbot@rampaginggeek.com>
+Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
+Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
+(cherry picked from commit 6ea6c182c7fb6c22dafbbf203abcc23726e06cba)
+
+Change-Id: I06951dacef3f7639f749e82439df89ec3d78b592
+Reviewed-on: https://gerrit.openafs.org/12535
+Tested-by: BuildBot <buildbot@rampaginggeek.com>
+Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
+Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
+Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
+(cherry picked from commit b032154f11ec81aee7a132992d0c5611cc630ec4)
+---
+ acinclude.m4               | 3 +++
+ src/afs/LINUX/osi_compat.h | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index e1cdc8c..dd322a1 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -901,6 +901,9 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
+                AC_CHECK_LINUX_FUNC([do_sync_read],
+                                    [#include <linux/fs.h>],
+                                    [do_sync_read(NULL, NULL, 0, NULL);])
++               AC_CHECK_LINUX_FUNC([file_dentry],
++                                   [#include <linux/fs.h>],
++                                   [struct file *f; file_dentry(f);])
+                AC_CHECK_LINUX_FUNC([find_task_by_pid],
+                                    [#include <linux/sched.h>],
+                                    [pid_t p; find_task_by_pid(p);])
+diff --git a/src/afs/LINUX/osi_compat.h b/src/afs/LINUX/osi_compat.h
+index 15f7f69..77b806e 100644
+--- a/src/afs/LINUX/osi_compat.h
++++ b/src/afs/LINUX/osi_compat.h
+@@ -41,6 +41,10 @@ typedef struct path afs_linux_path_t;
+ # define d_alias d_u.d_alias
+ #endif
+ 
++#ifndef HAVE_LINUX_FILE_DENTRY
++#define file_dentry(file) ((file)->f_dentry)
++#endif
++
+ #ifndef HAVE_LINUX_DO_SYNC_READ
+ static inline int
+ do_sync_read(struct file *fp, char *buf, size_t count, loff_t *offp) {

diff --git a/debian/patches/series b/debian/patches/series
index 7540d40efa25e22b71381902b7fb29d31728473c..b0ddb1c618f044b81ef4137d85c288d99cb29b6e 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -20,3 +20,5 @@
 0020-dir-fileserver-leaks-names-of-file-and-directories.patch
 0021-afs-do-not-leak-stale-data-in-buffers.patch
 0022-dir-do-not-leak-contents-of-deleted-directory-entrie.patch
+0023-Linux-4.9-inode_change_ok-becomes-setattr_prepare.patch
+0024-LINUX-Debian-Ubuntu-build-regression-on-kernel-3.16..patch