Update to 3.14.5

Drop some networking fixes that are included in it.

Update PREEMPT_RT patch series.

svn path=/dists/sid/linux/; revision=21368

debian/changelog

@@ -1,5 +1,89 @@
-linux (3.14.4-2) UNRELEASED; urgency=medium
+linux (3.14.5-1) UNRELEASED; urgency=medium
 
+  * New upstream stable update:
+    http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
+    - SCSI: dual scan thread bug fix
+    - SCSI: megaraid: missing bounds check in mimd_to_kioc()
+    - [x86] KVM: remove WARN_ON from get_kernel_ns()
+    - audit: convert PPIDs to the inital PID namespace.
+    - netfilter: nf_tables: fix nft_cmp_fast failure on big endian for size < 4
+    - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
+      (Closes: #741667)
+    - netfilter: Can't fail and free after table replacement
+    - [i386] x86,preempt: Fix preemption for i386
+    - rbd: fix error paths in rbd_img_request_fill()
+    - [x86] drm/i915: restore QUIRK_NO_PCH_PWM_ENABLE (regression in 3.14)
+    - tick-sched: Don't call update_wall_time() when delta is lesser than
+      tick_period (regression in 3.14)
+    - tick-sched: Check tick_nohz_enabled in tick_nohz_switch_to_nohz()
+      (regression in 3.13)
+    - [hppa] change value of SHMLBA from 0x00400000 to PAGE_SIZE
+    - [hppa] fix epoll_pwait syscall on compat kernel
+    - [hppa] remove _STK_LIM_MAX override
+    - vfs: don't bother with {get,put}_write_access() on non-regular files
+    - cifs: Wait for writebacks to complete before attempting write.
+    - xen/spinlock: Don't enable them unconditionally. (regression in 3.12)
+    - thp: close race between split and zap huge pages (regression in 3.13)
+    - mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
+    - mm: use paravirt friendly ops for NUMA hinting ptes
+    - USB: io_ti: fix firmware download on big-endian machines
+    - fs: Don't return 0 from get_anon_bdev (regression in 3.14)
+    - [x86] drm/vmwgfx: Make sure user-space can't DMA across buffer object
+      boundaries v2
+    - [x86] drm/i915: Do not dereference pointers from ring buffer in evict
+      event (regression in 3.13)  
+    - net: core: don't account for udp header size when computing seglen
+      (regression in 3.14)
+    - bridge: Fix double free and memory leak around br_allowed_ingress
+    - filter: prevent nla extensions to peek beyond the end of the message
+      (CVE-2014-3144, CVE-2014-3145)
+    - Revert "net: sctp: Fix a_rwnd/rwnd management to reflect real state of
+      the receiver's buffer" (regression in 3.14)
+    - ip6_gre: don't allow to remove the fb_tunnel_dev
+    - net: sctp: cache auth_enable per endpoint
+    - net: Fix ns_capable check in sock_diag_put_filterinfo
+    - rtnetlink: Warn when interface's information won't fit in our packet
+    - rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF
+      is set
+    - tcp_cubic: fix the range of delayed_ack
+    - net: cdc_ncm: fix buffer overflow (regression in 3.13)
+    - ip_tunnel: Set network header properly for IP_ECN_decapsulate()
+      (regression in 3.11)
+    - ipv4: ip_tunnels: disable cache for nbma gre tunnels (regression in 3.14)
+    - net: cdc_mbim: __vlan_find_dev_deep need rcu_read_lock
+      (regression in 3.13)
+    - net: ipv4: ip_forward: fix inverted local_df test (regression in 3.14)
+    - net: ipv6: send pkttoobig immediately if orig frag size > mtu
+      (regression in 3.14)
+    - ip6_tunnel: fix potential NULL pointer dereference
+    - neigh: set nud_state to NUD_INCOMPLETE when probing router reachability
+      (regression in 3.14)
+    - batman-adv: fix neigh_ifinfo imbalance (regression in 3.14)
+    - batman-adv: fix neigh reference imbalance (regression in 3.14)
+    - batman-adv: always run purge_orig_neighbors (regression in 3.14)
+    - batman-adv: fix removing neigh_ifinfo (regression in 3.14)
+    - [s390,x86] net: filter: fix JIT address randomization
+    - net: avoid dependency of net_get_random_once on nop patching
+      (regression in 3.13)
+    - ipv6: fix calculation of option len in ip6_append_data
+      (regression in 3.13)
+    - rtnetlink: wait for unregistering devices in rtnl_link_unregister()
+    - bonding: fix out of range parameters for bond_intmax_tbl
+      (regression in 3.14)
+    - net: gro: make sure skb->cb[] initial content has not to be zero
+      (regression in 3.13)
+    - batman-adv: fix indirect hard_iface NULL dereference (regression in 3.14)
+    - batman-adv: fix reference counting imbalance while sending fragment
+      (regression in 3.14)
+    - batman-adv: increase orig refcount when storing ref in gw_node
+    - batman-adv: fix local TT check for outgoing arp requests in DAT
+      (regression in 3.13)
+    - net_sched: fix an oops in tcindex filter (regression in 3.14)
+    - ipv6: gro: fix CHECKSUM_COMPLETE support (regression in 3.14)
+    - ipv4: initialise the itag variable in __mkroute_input
+    - net-gro: reset skb->truesize in napi_reuse_skb()
+
+  [ Ben Hutchings ]
   * [x86] ACPICA: Tables: Fix invalid pointer accesses in
     acpi_tb_parse_root_table(). (Closes: #748574)
 

debian/patches/bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch

@@ -1,78 +0,0 @@
-From: Mathias Krause <minipli@googlemail.com>
-Date: Sun, 13 Apr 2014 18:23:33 +0200
-Subject: filter: prevent nla extensions to peek beyond the end of the message
-Origin: https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
-
-The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check
-for a minimal message length before testing the supplied offset to be
-within the bounds of the message. This allows the subtraction of the nla
-header to underflow and therefore -- as the data type is unsigned --
-allowing far to big offset and length values for the search of the
-netlink attribute.
-
-The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is
-also wrong. It has the minuend and subtrahend mixed up, therefore
-calculates a huge length value, allowing to overrun the end of the
-message while looking for the netlink attribute.
-
-The following three BPF snippets will trigger the bugs when attached to
-a UNIX datagram socket and parsing a message with length 1, 2 or 3.
-
- ,-[ PoC for missing size check in BPF_S_ANC_NLATTR ]--
- | ld	#0x87654321
- | ldx	#42
- | ld	#nla
- | ret	a
- `---
-
- ,-[ PoC for the same bug in BPF_S_ANC_NLATTR_NEST ]--
- | ld	#0x87654321
- | ldx	#42
- | ld	#nlan
- | ret	a
- `---
-
- ,-[ PoC for wrong remainder calculation in BPF_S_ANC_NLATTR_NEST ]--
- | ; (needs a fake netlink header at offset 0)
- | ld	#0
- | ldx	#42
- | ld	#nlan
- | ret	a
- `---
-
-Fix the first issue by ensuring the message length fulfills the minimal
-size constrains of a nla header. Fix the second bug by getting the math
-for the remainder calculation right.
-
-Fixes: 4738c1db15 ("[SKFILTER]: Add SKF_ADF_NLATTR instruction")
-Fixes: d214c7537b ("filter: add SKF_AD_NLATTR_NEST to look for nested..")
-Cc: Patrick McHardy <kaber@trash.net>
-Cc: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Mathias Krause <minipli@googlemail.com>
-Acked-by: Daniel Borkmann <dborkman@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-[bwh: Backported to 3.14: This code is all in sk_run_filter(), not
- separate functions]
----
- net/core/filter.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
---- a/net/core/filter.c
-+++ b/net/core/filter.c
-@@ -371,11 +371,15 @@ load_b:
- 
- 			if (skb_is_nonlinear(skb))
- 				return 0;
-+			if (skb->len < sizeof(struct nlattr))
-+				return 0;
-+			if (skb->len < sizeof(struct nlattr))
-+				return 0;
- 			if (A > skb->len - sizeof(struct nlattr))
- 				return 0;
- 
- 			nla = (struct nlattr *)&skb->data[A];
--			if (nla->nla_len > A - skb->len)
-+			if (nla->nla_len > skb->len - A)
- 				return 0;
- 
- 			nla = nla_find_nested(nla, X);

debian/patches/bugfix/all/net-Start-with-correct-mac_len-in-skb_network_protoc.patch

@@ -1,40 +0,0 @@
-From: Vlad Yasevich <vyasevic@redhat.com>
-Date: Mon, 14 Apr 2014 17:37:26 -0400
-Subject: net: Start with correct mac_len in skb_network_protocol
-Origin: https://git.kernel.org/linus/1e785f48d29a09b6cf96db7b49b6320dada332e1
-
-Sometimes, when the packet arrives at skb_mac_gso_segment()
-its skb->mac_len already accounts for some of the mac lenght
-headers in the packet.  This seems to happen when forwarding
-through and OpenSSL tunnel.
-
-When we start looking for any vlan headers in skb_network_protocol()
-we seem to ignore any of the already known mac headers and start
-with an ETH_HLEN.  This results in an incorrect offset, dropped
-TSO frames and general slowness of the connection.
-
-We can start counting from the known skb->mac_len
-and return at least that much if all mac level headers
-are known and accounted for.
-
-Fixes: 53d6471cef17262d3ad1c7ce8982a234244f68ec (net: Account for all vlan headers in skb_mac_gso_segment)
-CC: Eric Dumazet <eric.dumazet@gmail.com>
-CC: Daniel Borkman <dborkman@redhat.com>
-Tested-by: Martin Filip <nexus+kernel@smoula.net>
-Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/core/dev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/net/core/dev.c
-+++ b/net/core/dev.c
-@@ -2289,7 +2289,7 @@ EXPORT_SYMBOL(skb_checksum_help);
- __be16 skb_network_protocol(struct sk_buff *skb, int *depth)
- {
- 	__be16 type = skb->protocol;
--	int vlan_depth = ETH_HLEN;
-+	int vlan_depth = skb->mac_len;
- 
- 	/* Tunnel gso handlers can set protocol to ethernet. */
- 	if (type == htons(ETH_P_TEB)) {

debian/patches/bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch

@@ -1,61 +0,0 @@
-From: "Wang, Xiaoming" <xiaoming.wang@intel.com>
-Date: Mon, 14 Apr 2014 12:30:45 -0400
-Subject: net: ipv4: current group_info should be put after using.
-Origin: https://git.kernel.org/linus/b04c46190219a4f845e46a459e3102137b7f6cac
-
-Plug a group_info refcount leak in ping_init.
-group_info is only needed during initialization and
-the code failed to release the reference on exit.
-While here move grabbing the reference to a place
-where it is actually needed.
-
-Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
-Signed-off-by: Zhang Dongxing <dongxing.zhang@intel.com>
-Signed-off-by: xiaoming wang <xiaoming.wang@intel.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/ipv4/ping.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index f4b19e5..8210964 100644
---- a/net/ipv4/ping.c
-+++ b/net/ipv4/ping.c
-@@ -252,26 +252,33 @@ int ping_init_sock(struct sock *sk)
- {
- 	struct net *net = sock_net(sk);
- 	kgid_t group = current_egid();
--	struct group_info *group_info = get_current_groups();
--	int i, j, count = group_info->ngroups;
-+	struct group_info *group_info;
-+	int i, j, count;
- 	kgid_t low, high;
-+	int ret = 0;
- 
- 	inet_get_ping_group_range_net(net, &low, &high);
- 	if (gid_lte(low, group) && gid_lte(group, high))
- 		return 0;
- 
-+	group_info = get_current_groups();
-+	count = group_info->ngroups;
- 	for (i = 0; i < group_info->nblocks; i++) {
- 		int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
- 		for (j = 0; j < cp_count; j++) {
- 			kgid_t gid = group_info->blocks[i][j];
- 			if (gid_lte(low, gid) && gid_lte(gid, high))
--				return 0;
-+				goto out_release_group;
- 		}
- 
- 		count -= cp_count;
- 	}
- 
--	return -EACCES;
-+	ret = -EACCES;
-+
-+out_release_group:
-+	put_group_info(group_info);
-+	return ret;
- }
- EXPORT_SYMBOL_GPL(ping_init_sock);
- 

debian/patches/features/all/rt/revert-x86-preempt-fix-preemption-for-i386.patch

@@ -0,0 +1,51 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Sun, 01 Jun 2014 20:05:38 +0100
+Subject: Revert "x86,preempt: Fix preemption for i386"
+
+This reverts commit 4c03d4699182312ed42257834b915492af16022a from
+Linux 3.14.5, which conflicts with the current PREEMPT_RT patch
+series.
+
+--- a/arch/x86/include/asm/preempt.h
++++ b/arch/x86/include/asm/preempt.h
+@@ -5,18 +5,6 @@
+ #include <asm/percpu.h>
+ #include <linux/thread_info.h>
+ 
+-#ifdef CONFIG_X86_32
+-/*
+- * i386's current_thread_info() depends on ESP and for interrupt/exception
+- * stacks this doesn't yield the actual task thread_info.
+- *
+- * We hard rely on the fact that all the TIF_NEED_RESCHED bits are
+- * the same, therefore use the slightly more expensive version below.
+- */
+-#undef tif_need_resched
+-#define tif_need_resched() test_tsk_thread_flag(current, TIF_NEED_RESCHED)
+-#endif
+-
+ DECLARE_PER_CPU(int, __preempt_count);
+ 
+ /*
+--- a/include/linux/preempt.h
++++ b/include/linux/preempt.h
+@@ -15,8 +15,6 @@
+  */
+ #define PREEMPT_NEED_RESCHED	0x80000000
+ 
+-#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED)
+-
+ #include <asm/preempt.h>
+ 
+ #if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_PREEMPT_TRACER)
+--- a/include/linux/thread_info.h
++++ b/include/linux/thread_info.h
+@@ -118,6 +118,8 @@
+ 	 */
+ }
+ 
++#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED)
++
+ #if defined TIF_RESTORE_SIGMASK && !defined HAVE_SET_RESTORE_SIGMASK
+ /*
+  * An arch can define its own version of set_restore_sigmask() to get the

debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch

@@ -4,6 +4,9 @@ Date: Thu, 14 Feb 2013 22:36:59 +0100
 Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/3.14/patches-3.14.3-rt5.tar.xz
 
 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+[bwh: Update new call to write_sequnlock() in tick_do_update_jiffies64()
+ added by commit 27630532ef5e ("tick-sched: Check tick_nohz_enabled in
+ tick_nohz_switch_to_nohz()")]
 ---
  kernel/time/jiffies.c       |    7 ++++---
  kernel/time/tick-common.c   |   10 ++++++----
@@ -92,9 +95,14 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  
  	delta = ktime_sub(now, last_jiffies_update);
  	if (delta.tv64 >= tick_period.tv64) {
-@@ -85,7 +86,8 @@ static void tick_do_update_jiffies64(kti
+@@ -85,10 +86,12 @@ static void tick_do_update_jiffies64(kti
  		/* Keep the tick_next_period variable up to date */
  		tick_next_period = ktime_add(last_jiffies_update, tick_period);
+ 	} else {
+-		write_sequnlock(&jiffies_lock);
++		write_seqcount_end(&jiffies_seq);
++		raw_spin_unlock(&jiffies_lock);
+ 		return;
  	}
 -	write_sequnlock(&jiffies_lock);
 +	write_seqcount_end(&jiffies_seq);
@@ -102,7 +110,7 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  	update_wall_time();
  }
  
-@@ -96,12 +98,14 @@ static ktime_t tick_init_jiffy_update(vo
+@@ -99,12 +102,14 @@ static ktime_t tick_init_jiffy_update(vo
  {
  	ktime_t period;
  
@@ -119,7 +127,7 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  	return period;
  }
  
-@@ -537,10 +541,10 @@ static ktime_t tick_nohz_stop_sched_tick
+@@ -540,10 +545,10 @@ static ktime_t tick_nohz_stop_sched_tick
  
  	/* Read jiffies and the time when jiffies were updated last */
  	do {

debian/patches/series

@@ -81,9 +81,6 @@ features/arm/ARM-dt-sun4i-Add-A10-SPI-controller-nodes.patch
 features/arm/PHY-sunxi-Add-driver-for-sunxi-usb-phy.patch
 features/arm/ARM-sun4i-dt-Add-bindings-for-USB-clocks.patch
 features/arm/ARM-sun4i-dt-Add-USB-host-bindings.patch
-bugfix/all/net-Start-with-correct-mac_len-in-skb_network_protoc.patch
-bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch
-bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch
 debian/libata-avoid-abi-change-in-3.14.4.patch
 debian/dm-avoid-abi-change-in-3.14.4.patch
 bugfix/x86/ACPICA-Tables-Fix-invalid-pointer-accesses-in-acpi_t.patch

debian/patches/series-rt

@@ -617,6 +617,7 @@ features/all/rt/rcu-Eliminate-softirq-processing-from-rcutree.patch
 features/all/rt/rcu-make-RCU_BOOST-default-on-RT.patch
 
 # PREEMPT LAZY
+features/all/rt/revert-x86-preempt-fix-preemption-for-i386.patch
 features/all/rt/preempt-lazy-support.patch
 features/all/rt/x86-preempt-lazy.patch
 features/all/rt/arm-preempt-lazy-support.patch