Update to 3.14.5
Drop some networking fixes that are included in it. Update PREEMPT_RT patch series. svn path=/dists/sid/linux/; revision=21368
This commit is contained in:
parent
5c79ca4fc1
commit
1b04c94599
|
@ -1,5 +1,89 @@
|
|||
linux (3.14.4-2) UNRELEASED; urgency=medium
|
||||
linux (3.14.5-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
|
||||
- SCSI: dual scan thread bug fix
|
||||
- SCSI: megaraid: missing bounds check in mimd_to_kioc()
|
||||
- [x86] KVM: remove WARN_ON from get_kernel_ns()
|
||||
- audit: convert PPIDs to the inital PID namespace.
|
||||
- netfilter: nf_tables: fix nft_cmp_fast failure on big endian for size < 4
|
||||
- netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
|
||||
(Closes: #741667)
|
||||
- netfilter: Can't fail and free after table replacement
|
||||
- [i386] x86,preempt: Fix preemption for i386
|
||||
- rbd: fix error paths in rbd_img_request_fill()
|
||||
- [x86] drm/i915: restore QUIRK_NO_PCH_PWM_ENABLE (regression in 3.14)
|
||||
- tick-sched: Don't call update_wall_time() when delta is lesser than
|
||||
tick_period (regression in 3.14)
|
||||
- tick-sched: Check tick_nohz_enabled in tick_nohz_switch_to_nohz()
|
||||
(regression in 3.13)
|
||||
- [hppa] change value of SHMLBA from 0x00400000 to PAGE_SIZE
|
||||
- [hppa] fix epoll_pwait syscall on compat kernel
|
||||
- [hppa] remove _STK_LIM_MAX override
|
||||
- vfs: don't bother with {get,put}_write_access() on non-regular files
|
||||
- cifs: Wait for writebacks to complete before attempting write.
|
||||
- xen/spinlock: Don't enable them unconditionally. (regression in 3.12)
|
||||
- thp: close race between split and zap huge pages (regression in 3.13)
|
||||
- mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
|
||||
- mm: use paravirt friendly ops for NUMA hinting ptes
|
||||
- USB: io_ti: fix firmware download on big-endian machines
|
||||
- fs: Don't return 0 from get_anon_bdev (regression in 3.14)
|
||||
- [x86] drm/vmwgfx: Make sure user-space can't DMA across buffer object
|
||||
boundaries v2
|
||||
- [x86] drm/i915: Do not dereference pointers from ring buffer in evict
|
||||
event (regression in 3.13)
|
||||
- net: core: don't account for udp header size when computing seglen
|
||||
(regression in 3.14)
|
||||
- bridge: Fix double free and memory leak around br_allowed_ingress
|
||||
- filter: prevent nla extensions to peek beyond the end of the message
|
||||
(CVE-2014-3144, CVE-2014-3145)
|
||||
- Revert "net: sctp: Fix a_rwnd/rwnd management to reflect real state of
|
||||
the receiver's buffer" (regression in 3.14)
|
||||
- ip6_gre: don't allow to remove the fb_tunnel_dev
|
||||
- net: sctp: cache auth_enable per endpoint
|
||||
- net: Fix ns_capable check in sock_diag_put_filterinfo
|
||||
- rtnetlink: Warn when interface's information won't fit in our packet
|
||||
- rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF
|
||||
is set
|
||||
- tcp_cubic: fix the range of delayed_ack
|
||||
- net: cdc_ncm: fix buffer overflow (regression in 3.13)
|
||||
- ip_tunnel: Set network header properly for IP_ECN_decapsulate()
|
||||
(regression in 3.11)
|
||||
- ipv4: ip_tunnels: disable cache for nbma gre tunnels (regression in 3.14)
|
||||
- net: cdc_mbim: __vlan_find_dev_deep need rcu_read_lock
|
||||
(regression in 3.13)
|
||||
- net: ipv4: ip_forward: fix inverted local_df test (regression in 3.14)
|
||||
- net: ipv6: send pkttoobig immediately if orig frag size > mtu
|
||||
(regression in 3.14)
|
||||
- ip6_tunnel: fix potential NULL pointer dereference
|
||||
- neigh: set nud_state to NUD_INCOMPLETE when probing router reachability
|
||||
(regression in 3.14)
|
||||
- batman-adv: fix neigh_ifinfo imbalance (regression in 3.14)
|
||||
- batman-adv: fix neigh reference imbalance (regression in 3.14)
|
||||
- batman-adv: always run purge_orig_neighbors (regression in 3.14)
|
||||
- batman-adv: fix removing neigh_ifinfo (regression in 3.14)
|
||||
- [s390,x86] net: filter: fix JIT address randomization
|
||||
- net: avoid dependency of net_get_random_once on nop patching
|
||||
(regression in 3.13)
|
||||
- ipv6: fix calculation of option len in ip6_append_data
|
||||
(regression in 3.13)
|
||||
- rtnetlink: wait for unregistering devices in rtnl_link_unregister()
|
||||
- bonding: fix out of range parameters for bond_intmax_tbl
|
||||
(regression in 3.14)
|
||||
- net: gro: make sure skb->cb[] initial content has not to be zero
|
||||
(regression in 3.13)
|
||||
- batman-adv: fix indirect hard_iface NULL dereference (regression in 3.14)
|
||||
- batman-adv: fix reference counting imbalance while sending fragment
|
||||
(regression in 3.14)
|
||||
- batman-adv: increase orig refcount when storing ref in gw_node
|
||||
- batman-adv: fix local TT check for outgoing arp requests in DAT
|
||||
(regression in 3.13)
|
||||
- net_sched: fix an oops in tcindex filter (regression in 3.14)
|
||||
- ipv6: gro: fix CHECKSUM_COMPLETE support (regression in 3.14)
|
||||
- ipv4: initialise the itag variable in __mkroute_input
|
||||
- net-gro: reset skb->truesize in napi_reuse_skb()
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [x86] ACPICA: Tables: Fix invalid pointer accesses in
|
||||
acpi_tb_parse_root_table(). (Closes: #748574)
|
||||
|
||||
|
|
|
@ -1,78 +0,0 @@
|
|||
From: Mathias Krause <minipli@googlemail.com>
|
||||
Date: Sun, 13 Apr 2014 18:23:33 +0200
|
||||
Subject: filter: prevent nla extensions to peek beyond the end of the message
|
||||
Origin: https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
|
||||
|
||||
The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check
|
||||
for a minimal message length before testing the supplied offset to be
|
||||
within the bounds of the message. This allows the subtraction of the nla
|
||||
header to underflow and therefore -- as the data type is unsigned --
|
||||
allowing far to big offset and length values for the search of the
|
||||
netlink attribute.
|
||||
|
||||
The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is
|
||||
also wrong. It has the minuend and subtrahend mixed up, therefore
|
||||
calculates a huge length value, allowing to overrun the end of the
|
||||
message while looking for the netlink attribute.
|
||||
|
||||
The following three BPF snippets will trigger the bugs when attached to
|
||||
a UNIX datagram socket and parsing a message with length 1, 2 or 3.
|
||||
|
||||
,-[ PoC for missing size check in BPF_S_ANC_NLATTR ]--
|
||||
| ld #0x87654321
|
||||
| ldx #42
|
||||
| ld #nla
|
||||
| ret a
|
||||
`---
|
||||
|
||||
,-[ PoC for the same bug in BPF_S_ANC_NLATTR_NEST ]--
|
||||
| ld #0x87654321
|
||||
| ldx #42
|
||||
| ld #nlan
|
||||
| ret a
|
||||
`---
|
||||
|
||||
,-[ PoC for wrong remainder calculation in BPF_S_ANC_NLATTR_NEST ]--
|
||||
| ; (needs a fake netlink header at offset 0)
|
||||
| ld #0
|
||||
| ldx #42
|
||||
| ld #nlan
|
||||
| ret a
|
||||
`---
|
||||
|
||||
Fix the first issue by ensuring the message length fulfills the minimal
|
||||
size constrains of a nla header. Fix the second bug by getting the math
|
||||
for the remainder calculation right.
|
||||
|
||||
Fixes: 4738c1db15 ("[SKFILTER]: Add SKF_ADF_NLATTR instruction")
|
||||
Fixes: d214c7537b ("filter: add SKF_AD_NLATTR_NEST to look for nested..")
|
||||
Cc: Patrick McHardy <kaber@trash.net>
|
||||
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Signed-off-by: Mathias Krause <minipli@googlemail.com>
|
||||
Acked-by: Daniel Borkmann <dborkman@redhat.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
[bwh: Backported to 3.14: This code is all in sk_run_filter(), not
|
||||
separate functions]
|
||||
---
|
||||
net/core/filter.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/net/core/filter.c
|
||||
+++ b/net/core/filter.c
|
||||
@@ -371,11 +371,15 @@ load_b:
|
||||
|
||||
if (skb_is_nonlinear(skb))
|
||||
return 0;
|
||||
+ if (skb->len < sizeof(struct nlattr))
|
||||
+ return 0;
|
||||
+ if (skb->len < sizeof(struct nlattr))
|
||||
+ return 0;
|
||||
if (A > skb->len - sizeof(struct nlattr))
|
||||
return 0;
|
||||
|
||||
nla = (struct nlattr *)&skb->data[A];
|
||||
- if (nla->nla_len > A - skb->len)
|
||||
+ if (nla->nla_len > skb->len - A)
|
||||
return 0;
|
||||
|
||||
nla = nla_find_nested(nla, X);
|
|
@ -1,40 +0,0 @@
|
|||
From: Vlad Yasevich <vyasevic@redhat.com>
|
||||
Date: Mon, 14 Apr 2014 17:37:26 -0400
|
||||
Subject: net: Start with correct mac_len in skb_network_protocol
|
||||
Origin: https://git.kernel.org/linus/1e785f48d29a09b6cf96db7b49b6320dada332e1
|
||||
|
||||
Sometimes, when the packet arrives at skb_mac_gso_segment()
|
||||
its skb->mac_len already accounts for some of the mac lenght
|
||||
headers in the packet. This seems to happen when forwarding
|
||||
through and OpenSSL tunnel.
|
||||
|
||||
When we start looking for any vlan headers in skb_network_protocol()
|
||||
we seem to ignore any of the already known mac headers and start
|
||||
with an ETH_HLEN. This results in an incorrect offset, dropped
|
||||
TSO frames and general slowness of the connection.
|
||||
|
||||
We can start counting from the known skb->mac_len
|
||||
and return at least that much if all mac level headers
|
||||
are known and accounted for.
|
||||
|
||||
Fixes: 53d6471cef17262d3ad1c7ce8982a234244f68ec (net: Account for all vlan headers in skb_mac_gso_segment)
|
||||
CC: Eric Dumazet <eric.dumazet@gmail.com>
|
||||
CC: Daniel Borkman <dborkman@redhat.com>
|
||||
Tested-by: Martin Filip <nexus+kernel@smoula.net>
|
||||
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/core/dev.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/net/core/dev.c
|
||||
+++ b/net/core/dev.c
|
||||
@@ -2289,7 +2289,7 @@ EXPORT_SYMBOL(skb_checksum_help);
|
||||
__be16 skb_network_protocol(struct sk_buff *skb, int *depth)
|
||||
{
|
||||
__be16 type = skb->protocol;
|
||||
- int vlan_depth = ETH_HLEN;
|
||||
+ int vlan_depth = skb->mac_len;
|
||||
|
||||
/* Tunnel gso handlers can set protocol to ethernet. */
|
||||
if (type == htons(ETH_P_TEB)) {
|
|
@ -1,61 +0,0 @@
|
|||
From: "Wang, Xiaoming" <xiaoming.wang@intel.com>
|
||||
Date: Mon, 14 Apr 2014 12:30:45 -0400
|
||||
Subject: net: ipv4: current group_info should be put after using.
|
||||
Origin: https://git.kernel.org/linus/b04c46190219a4f845e46a459e3102137b7f6cac
|
||||
|
||||
Plug a group_info refcount leak in ping_init.
|
||||
group_info is only needed during initialization and
|
||||
the code failed to release the reference on exit.
|
||||
While here move grabbing the reference to a place
|
||||
where it is actually needed.
|
||||
|
||||
Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
|
||||
Signed-off-by: Zhang Dongxing <dongxing.zhang@intel.com>
|
||||
Signed-off-by: xiaoming wang <xiaoming.wang@intel.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/ipv4/ping.c | 15 +++++++++++----
|
||||
1 file changed, 11 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
|
||||
index f4b19e5..8210964 100644
|
||||
--- a/net/ipv4/ping.c
|
||||
+++ b/net/ipv4/ping.c
|
||||
@@ -252,26 +252,33 @@ int ping_init_sock(struct sock *sk)
|
||||
{
|
||||
struct net *net = sock_net(sk);
|
||||
kgid_t group = current_egid();
|
||||
- struct group_info *group_info = get_current_groups();
|
||||
- int i, j, count = group_info->ngroups;
|
||||
+ struct group_info *group_info;
|
||||
+ int i, j, count;
|
||||
kgid_t low, high;
|
||||
+ int ret = 0;
|
||||
|
||||
inet_get_ping_group_range_net(net, &low, &high);
|
||||
if (gid_lte(low, group) && gid_lte(group, high))
|
||||
return 0;
|
||||
|
||||
+ group_info = get_current_groups();
|
||||
+ count = group_info->ngroups;
|
||||
for (i = 0; i < group_info->nblocks; i++) {
|
||||
int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
|
||||
for (j = 0; j < cp_count; j++) {
|
||||
kgid_t gid = group_info->blocks[i][j];
|
||||
if (gid_lte(low, gid) && gid_lte(gid, high))
|
||||
- return 0;
|
||||
+ goto out_release_group;
|
||||
}
|
||||
|
||||
count -= cp_count;
|
||||
}
|
||||
|
||||
- return -EACCES;
|
||||
+ ret = -EACCES;
|
||||
+
|
||||
+out_release_group:
|
||||
+ put_group_info(group_info);
|
||||
+ return ret;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(ping_init_sock);
|
||||
|
51
debian/patches/features/all/rt/revert-x86-preempt-fix-preemption-for-i386.patch
vendored
Normal file
51
debian/patches/features/all/rt/revert-x86-preempt-fix-preemption-for-i386.patch
vendored
Normal file
|
@ -0,0 +1,51 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 01 Jun 2014 20:05:38 +0100
|
||||
Subject: Revert "x86,preempt: Fix preemption for i386"
|
||||
|
||||
This reverts commit 4c03d4699182312ed42257834b915492af16022a from
|
||||
Linux 3.14.5, which conflicts with the current PREEMPT_RT patch
|
||||
series.
|
||||
|
||||
--- a/arch/x86/include/asm/preempt.h
|
||||
+++ b/arch/x86/include/asm/preempt.h
|
||||
@@ -5,18 +5,6 @@
|
||||
#include <asm/percpu.h>
|
||||
#include <linux/thread_info.h>
|
||||
|
||||
-#ifdef CONFIG_X86_32
|
||||
-/*
|
||||
- * i386's current_thread_info() depends on ESP and for interrupt/exception
|
||||
- * stacks this doesn't yield the actual task thread_info.
|
||||
- *
|
||||
- * We hard rely on the fact that all the TIF_NEED_RESCHED bits are
|
||||
- * the same, therefore use the slightly more expensive version below.
|
||||
- */
|
||||
-#undef tif_need_resched
|
||||
-#define tif_need_resched() test_tsk_thread_flag(current, TIF_NEED_RESCHED)
|
||||
-#endif
|
||||
-
|
||||
DECLARE_PER_CPU(int, __preempt_count);
|
||||
|
||||
/*
|
||||
--- a/include/linux/preempt.h
|
||||
+++ b/include/linux/preempt.h
|
||||
@@ -15,8 +15,6 @@
|
||||
*/
|
||||
#define PREEMPT_NEED_RESCHED 0x80000000
|
||||
|
||||
-#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED)
|
||||
-
|
||||
#include <asm/preempt.h>
|
||||
|
||||
#if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_PREEMPT_TRACER)
|
||||
--- a/include/linux/thread_info.h
|
||||
+++ b/include/linux/thread_info.h
|
||||
@@ -118,6 +118,8 @@
|
||||
*/
|
||||
}
|
||||
|
||||
+#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED)
|
||||
+
|
||||
#if defined TIF_RESTORE_SIGMASK && !defined HAVE_SET_RESTORE_SIGMASK
|
||||
/*
|
||||
* An arch can define its own version of set_restore_sigmask() to get the
|
|
@ -4,6 +4,9 @@ Date: Thu, 14 Feb 2013 22:36:59 +0100
|
|||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/3.14/patches-3.14.3-rt5.tar.xz
|
||||
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
[bwh: Update new call to write_sequnlock() in tick_do_update_jiffies64()
|
||||
added by commit 27630532ef5e ("tick-sched: Check tick_nohz_enabled in
|
||||
tick_nohz_switch_to_nohz()")]
|
||||
---
|
||||
kernel/time/jiffies.c | 7 ++++---
|
||||
kernel/time/tick-common.c | 10 ++++++----
|
||||
|
@ -92,9 +95,14 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|||
|
||||
delta = ktime_sub(now, last_jiffies_update);
|
||||
if (delta.tv64 >= tick_period.tv64) {
|
||||
@@ -85,7 +86,8 @@ static void tick_do_update_jiffies64(kti
|
||||
@@ -85,10 +86,12 @@ static void tick_do_update_jiffies64(kti
|
||||
/* Keep the tick_next_period variable up to date */
|
||||
tick_next_period = ktime_add(last_jiffies_update, tick_period);
|
||||
} else {
|
||||
- write_sequnlock(&jiffies_lock);
|
||||
+ write_seqcount_end(&jiffies_seq);
|
||||
+ raw_spin_unlock(&jiffies_lock);
|
||||
return;
|
||||
}
|
||||
- write_sequnlock(&jiffies_lock);
|
||||
+ write_seqcount_end(&jiffies_seq);
|
||||
|
@ -102,7 +110,7 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|||
update_wall_time();
|
||||
}
|
||||
|
||||
@@ -96,12 +98,14 @@ static ktime_t tick_init_jiffy_update(vo
|
||||
@@ -99,12 +102,14 @@ static ktime_t tick_init_jiffy_update(vo
|
||||
{
|
||||
ktime_t period;
|
||||
|
||||
|
@ -119,7 +127,7 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|||
return period;
|
||||
}
|
||||
|
||||
@@ -537,10 +541,10 @@ static ktime_t tick_nohz_stop_sched_tick
|
||||
@@ -540,10 +545,10 @@ static ktime_t tick_nohz_stop_sched_tick
|
||||
|
||||
/* Read jiffies and the time when jiffies were updated last */
|
||||
do {
|
||||
|
|
|
@ -81,9 +81,6 @@ features/arm/ARM-dt-sun4i-Add-A10-SPI-controller-nodes.patch
|
|||
features/arm/PHY-sunxi-Add-driver-for-sunxi-usb-phy.patch
|
||||
features/arm/ARM-sun4i-dt-Add-bindings-for-USB-clocks.patch
|
||||
features/arm/ARM-sun4i-dt-Add-USB-host-bindings.patch
|
||||
bugfix/all/net-Start-with-correct-mac_len-in-skb_network_protoc.patch
|
||||
bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch
|
||||
bugfix/all/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch
|
||||
debian/libata-avoid-abi-change-in-3.14.4.patch
|
||||
debian/dm-avoid-abi-change-in-3.14.4.patch
|
||||
bugfix/x86/ACPICA-Tables-Fix-invalid-pointer-accesses-in-acpi_t.patch
|
||||
|
|
|
@ -617,6 +617,7 @@ features/all/rt/rcu-Eliminate-softirq-processing-from-rcutree.patch
|
|||
features/all/rt/rcu-make-RCU_BOOST-default-on-RT.patch
|
||||
|
||||
# PREEMPT LAZY
|
||||
features/all/rt/revert-x86-preempt-fix-preemption-for-i386.patch
|
||||
features/all/rt/preempt-lazy-support.patch
|
||||
features/all/rt/x86-preempt-lazy.patch
|
||||
features/all/rt/arm-preempt-lazy-support.patch
|
||||
|
|
Loading…
Reference in New Issue