Update to 3.12.4
svn path=/dists/sid/linux/; revision=20877
This commit is contained in:
parent
e227ad0d78
commit
4570eb612b
|
@ -1,3 +1,27 @@
|
||||||
|
linux (3.12.4-1) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
|
* New upstream stable update:
|
||||||
|
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
|
||||||
|
- net: x86: bpf: don't forget to free sk_filter (v2)
|
||||||
|
- net: Fix "ip rule delete table 256" (Closes: #724783)
|
||||||
|
- net-tcp: fix panic in tcp_fastopen_cache_set()
|
||||||
|
- inet: prevent leakage of uninitialized memory to user in recv syscalls
|
||||||
|
(CVE-2013-6405)
|
||||||
|
- ping: prevent NULL pointer dereference on write to msg_name
|
||||||
|
(CVE-2013-6432)
|
||||||
|
- ipv6: fix leaking uninitialized port number of offender sockaddr
|
||||||
|
- netfilter: push reasm skb through instead of original frag skbs
|
||||||
|
- packet: fix use after free race in send path when dev is released
|
||||||
|
- gso: handle new frag_list of frags GRO packets
|
||||||
|
- net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
|
||||||
|
- xfs: add capability check to free eofblocks ioctl
|
||||||
|
- iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address
|
||||||
|
limits
|
||||||
|
- aio: Fix a trinity splat
|
||||||
|
- aio: prevent double free in ioctx_alloc
|
||||||
|
|
||||||
|
-- Ben Hutchings <ben@decadent.org.uk> Wed, 11 Dec 2013 06:04:49 +0000
|
||||||
|
|
||||||
linux (3.12.3-1~exp1) experimental; urgency=medium
|
linux (3.12.3-1~exp1) experimental; urgency=medium
|
||||||
|
|
||||||
* New upstream stable update:
|
* New upstream stable update:
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
|
||||||
Date: Tue, 5 Nov 2013 02:41:27 +0100
|
|
||||||
Subject: ipv6: fix headroom calculation in udp6_ufo_fragment
|
|
||||||
Origin: https://git.kernel.org/linus/0e033e04c2678dbbe74a46b23fffb7bb918c288e
|
|
||||||
|
|
||||||
Commit 1e2bd517c108816220f262d7954b697af03b5f9c ("udp6: Fix udp
|
|
||||||
fragmentation for tunnel traffic.") changed the calculation if
|
|
||||||
there is enough space to include a fragment header in the skb from a
|
|
||||||
skb->mac_header dervived one to skb_headroom. Because we already peeled
|
|
||||||
off the skb to transport_header this is wrong. Change this back to check
|
|
||||||
if we have enough room before the mac_header.
|
|
||||||
|
|
||||||
This fixes a panic Saran Neti reported. He used the tbf scheduler which
|
|
||||||
skb_gso_segments the skb. The offsets get negative and we panic in memcpy
|
|
||||||
because the skb was erroneously not expanded at the head.
|
|
||||||
|
|
||||||
Reported-by: Saran Neti <Saran.Neti@telus.com>
|
|
||||||
Cc: Pravin B Shelar <pshelar@nicira.com>
|
|
||||||
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
|
||||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
||||||
---
|
|
||||||
net/ipv6/udp_offload.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
--- a/net/ipv6/udp_offload.c
|
|
||||||
+++ b/net/ipv6/udp_offload.c
|
|
||||||
@@ -88,7 +88,7 @@ static struct sk_buff *udp6_ufo_fragment
|
|
||||||
|
|
||||||
/* Check if there is enough headroom to insert fragment header. */
|
|
||||||
tnl_hlen = skb_tnl_header_len(skb);
|
|
||||||
- if (skb_headroom(skb) < (tnl_hlen + frag_hdr_sz)) {
|
|
||||||
+ if (skb->mac_header < (tnl_hlen + frag_hdr_sz)) {
|
|
||||||
if (gso_pskb_expand_head(skb, tnl_hlen + frag_hdr_sz))
|
|
||||||
goto out;
|
|
||||||
}
|
|
|
@ -1,47 +0,0 @@
|
||||||
From: Dan Carpenter <dan.carpenter@oracle.com>
|
|
||||||
Date: Wed, 27 Nov 2013 15:40:21 +0300
|
|
||||||
Subject: net: clamp ->msg_namelen instead of returning an error
|
|
||||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=db31c55a6fb245fdbb752a2ca4aefec89afabb06
|
|
||||||
|
|
||||||
If kmsg->msg_namelen > sizeof(struct sockaddr_storage) then in the
|
|
||||||
original code that would lead to memory corruption in the kernel if you
|
|
||||||
had audit configured. If you didn't have audit configured it was
|
|
||||||
harmless.
|
|
||||||
|
|
||||||
There are some programs such as beta versions of Ruby which use too
|
|
||||||
large of a buffer and returning an error code breaks them. We should
|
|
||||||
clamp the ->msg_namelen value instead.
|
|
||||||
|
|
||||||
Fixes: 1661bf364ae9 ("net: heap overflow in __audit_sockaddr()")
|
|
||||||
Reported-by: Eric Wong <normalperson@yhbt.net>
|
|
||||||
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
|
|
||||||
Tested-by: Eric Wong <normalperson@yhbt.net>
|
|
||||||
Acked-by: Eric Dumazet <edumazet@google.com>
|
|
||||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
||||||
---
|
|
||||||
net/compat.c | 2 +-
|
|
||||||
net/socket.c | 2 +-
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
--- a/net/compat.c
|
|
||||||
+++ b/net/compat.c
|
|
||||||
@@ -72,7 +72,7 @@ int get_compat_msghdr(struct msghdr *kms
|
|
||||||
__get_user(kmsg->msg_flags, &umsg->msg_flags))
|
|
||||||
return -EFAULT;
|
|
||||||
if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
|
|
||||||
- return -EINVAL;
|
|
||||||
+ kmsg->msg_namelen = sizeof(struct sockaddr_storage);
|
|
||||||
kmsg->msg_name = compat_ptr(tmp1);
|
|
||||||
kmsg->msg_iov = compat_ptr(tmp2);
|
|
||||||
kmsg->msg_control = compat_ptr(tmp3);
|
|
||||||
--- a/net/socket.c
|
|
||||||
+++ b/net/socket.c
|
|
||||||
@@ -1970,7 +1970,7 @@ static int copy_msghdr_from_user(struct
|
|
||||||
if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
|
|
||||||
return -EFAULT;
|
|
||||||
if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
|
|
||||||
- return -EINVAL;
|
|
||||||
+ kmsg->msg_namelen = sizeof(struct sockaddr_storage);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,85 +0,0 @@
|
||||||
From: Eric Dumazet <edumazet@google.com>
|
|
||||||
Date: Wed, 13 Nov 2013 06:32:54 -0800
|
|
||||||
Subject: tcp: tsq: restore minimal amount of queueing
|
|
||||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=98e09386c0ef4dfd48af7ba60ff908f0d525cdee
|
|
||||||
|
|
||||||
After commit c9eeec26e32e ("tcp: TSQ can use a dynamic limit"), several
|
|
||||||
users reported throughput regressions, notably on mvneta and wifi
|
|
||||||
adapters.
|
|
||||||
|
|
||||||
802.11 AMPDU requires a fair amount of queueing to be effective.
|
|
||||||
|
|
||||||
This patch partially reverts the change done in tcp_write_xmit()
|
|
||||||
so that the minimal amount is sysctl_tcp_limit_output_bytes.
|
|
||||||
|
|
||||||
It also remove the use of this sysctl while building skb stored
|
|
||||||
in write queue, as TSO autosizing does the right thing anyway.
|
|
||||||
|
|
||||||
Users with well behaving NICS and correct qdisc (like sch_fq),
|
|
||||||
can then lower the default sysctl_tcp_limit_output_bytes value from
|
|
||||||
128KB to 8KB.
|
|
||||||
|
|
||||||
This new usage of sysctl_tcp_limit_output_bytes permits each driver
|
|
||||||
authors to check how their driver performs when/if the value is set
|
|
||||||
to a minimum of 4KB.
|
|
||||||
|
|
||||||
Normally, line rate for a single TCP flow should be possible,
|
|
||||||
but some drivers rely on timers to perform TX completion and
|
|
||||||
too long TX completion delays prevent reaching full throughput.
|
|
||||||
|
|
||||||
Fixes: c9eeec26e32e ("tcp: TSQ can use a dynamic limit")
|
|
||||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
|
||||||
Reported-by: Sujith Manoharan <sujith@msujith.org>
|
|
||||||
Reported-by: Arnaud Ebalard <arno@natisbad.org>
|
|
||||||
Tested-by: Sujith Manoharan <sujith@msujith.org>
|
|
||||||
Cc: Felix Fietkau <nbd@openwrt.org>
|
|
||||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
||||||
---
|
|
||||||
Documentation/networking/ip-sysctl.txt | 3 ---
|
|
||||||
net/ipv4/tcp.c | 6 ------
|
|
||||||
net/ipv4/tcp_output.c | 6 +++++-
|
|
||||||
3 files changed, 5 insertions(+), 10 deletions(-)
|
|
||||||
|
|
||||||
--- a/Documentation/networking/ip-sysctl.txt
|
|
||||||
+++ b/Documentation/networking/ip-sysctl.txt
|
|
||||||
@@ -588,9 +588,6 @@ tcp_limit_output_bytes - INTEGER
|
|
||||||
typical pfifo_fast qdiscs.
|
|
||||||
tcp_limit_output_bytes limits the number of bytes on qdisc
|
|
||||||
or device to reduce artificial RTT/cwnd and reduce bufferbloat.
|
|
||||||
- Note: For GSO/TSO enabled flows, we try to have at least two
|
|
||||||
- packets in flight. Reducing tcp_limit_output_bytes might also
|
|
||||||
- reduce the size of individual GSO packet (64KB being the max)
|
|
||||||
Default: 131072
|
|
||||||
|
|
||||||
tcp_challenge_ack_limit - INTEGER
|
|
||||||
--- a/net/ipv4/tcp.c
|
|
||||||
+++ b/net/ipv4/tcp.c
|
|
||||||
@@ -806,12 +806,6 @@ static unsigned int tcp_xmit_size_goal(s
|
|
||||||
xmit_size_goal = min_t(u32, gso_size,
|
|
||||||
sk->sk_gso_max_size - 1 - hlen);
|
|
||||||
|
|
||||||
- /* TSQ : try to have at least two segments in flight
|
|
||||||
- * (one in NIC TX ring, another in Qdisc)
|
|
||||||
- */
|
|
||||||
- xmit_size_goal = min_t(u32, xmit_size_goal,
|
|
||||||
- sysctl_tcp_limit_output_bytes >> 1);
|
|
||||||
-
|
|
||||||
xmit_size_goal = tcp_bound_to_half_wnd(tp, xmit_size_goal);
|
|
||||||
|
|
||||||
/* We try hard to avoid divides here */
|
|
||||||
--- a/net/ipv4/tcp_output.c
|
|
||||||
+++ b/net/ipv4/tcp_output.c
|
|
||||||
@@ -1875,8 +1875,12 @@ static bool tcp_write_xmit(struct sock *
|
|
||||||
* - better RTT estimation and ACK scheduling
|
|
||||||
* - faster recovery
|
|
||||||
* - high rates
|
|
||||||
+ * Alas, some drivers / subsystems require a fair amount
|
|
||||||
+ * of queued bytes to ensure line rate.
|
|
||||||
+ * One example is wifi aggregation (802.11 AMPDU)
|
|
||||||
*/
|
|
||||||
- limit = max(skb->truesize, sk->sk_pacing_rate >> 10);
|
|
||||||
+ limit = max_t(unsigned int, sysctl_tcp_limit_output_bytes,
|
|
||||||
+ sk->sk_pacing_rate >> 10);
|
|
||||||
|
|
||||||
if (atomic_read(&sk->sk_wmem_alloc) > limit) {
|
|
||||||
set_bit(TSQ_THROTTLED, &tp->tsq_flags);
|
|
|
@ -74,9 +74,6 @@ features/all/mvsas-Recognise-device-subsystem-9485-9485-as-88SE94.patch
|
||||||
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
|
bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch
|
||||||
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
|
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
|
||||||
bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
|
bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch
|
||||||
bugfix/all/net-clamp-msg_namelen-instead-of-returning-an-error.patch
|
|
||||||
bugfix/all/tcp-tsq-restore-minimal-amount-of-queueing.patch
|
|
||||||
bugfix/all/rds-prevent-bug_on-triggered-by-congestion-update-to-loopback.patch
|
bugfix/all/rds-prevent-bug_on-triggered-by-congestion-update-to-loopback.patch
|
||||||
bugfix/all/ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch
|
|
||||||
bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
|
bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch
|
||||||
bugfix/arm/ahci-imx-Explicitly-clear-IMX6Q_GPR13_SATA_MPLL_CLK_.patch
|
bugfix/arm/ahci-imx-Explicitly-clear-IMX6Q_GPR13_SATA_MPLL_CLK_.patch
|
||||||
|
|
Loading…
Reference in New Issue