Update to 3.13.7
svn path=/dists/sid/linux/; revision=21180
This commit is contained in:
parent
61289ab39b
commit
82a6c2e239
|
@ -1,5 +1,62 @@
|
|||
linux (3.13.6-2) UNRELEASED; urgency=medium
|
||||
linux (3.13.7-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7
|
||||
- mm: page_alloc: exempt GFP_THISNODE allocations from zone fairness
|
||||
(regression in 3.12)
|
||||
- mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid m(un)locking
|
||||
(regression in 3.12)
|
||||
- ocfs2: fix quota file corruption
|
||||
- ocfs2 syncs the wrong range...
|
||||
- memcg: fix endless loop in __mem_cgroup_iter_next()
|
||||
(regression in 3.13.3)
|
||||
- net-tcp: fastopen: fix high order allocations
|
||||
- ipv6: reuse ip6_frag_id from ip6_ufo_append_data
|
||||
- ipv4: ipv6: better estimate tunnel header cut for correct ufo handling
|
||||
- ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL
|
||||
pointer
|
||||
- mac80211: clear sequence/fragment number in QoS-null frames
|
||||
- ath9k: Fix ETSI compliance for AR9462 2.0
|
||||
- ath9k: protect tid->sched check
|
||||
- cpuset: fix a locking issue in cpuset_migrate_mm()
|
||||
- cpuset: fix a race condition in __cpuset_node_allowed_softwall()
|
||||
- firewire: net: fix use after free
|
||||
- firewire: don't use PREPARE_DELAYED_WORK
|
||||
- libata: disable queued TRIM for Crucial M500 mSATA SSDs
|
||||
- libata: use wider match for blacklisting Crucial M500
|
||||
- NFSv4: Fix another nfs4_sequence corruptor (Closes: #734268)
|
||||
- cpufreq: use cpufreq_cpu_get() to avoid cpufreq_get() race conditions
|
||||
- cpufreq: Skip current frequency initialization for ->setpolicy drivers
|
||||
(regression in 3.13)
|
||||
- iscsi/iser-target: Use list_del_init for ->i_conn_node
|
||||
- iser-target: Ignore completions for FRWRs in isert_cq_tx_work
|
||||
- iser-target: Fix post_send_buf_count for RDMA READ/WRITE
|
||||
- mm/readahead.c: fix do_readahead() for no readpage(s)
|
||||
(regression in 3.13)
|
||||
- fs/proc/base.c: fix GPF in /proc/$PID/map_files
|
||||
- drm/i915: fix pch pci device enumeration (regression in 3.11)
|
||||
- drm/i915: Reject >165MHz modes w/ DVI monitors (regression in 3.11)
|
||||
- drm/radeon: fix runpm disabling on non-PX harder
|
||||
(may fix #741619, #742507)
|
||||
- PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled
|
||||
(fixes regression in 3.13.6)
|
||||
- [x86] vmxnet3: fix netpoll race condition
|
||||
- mm/compaction: break out of loop on !PageBuddy in isolate_freepages_block
|
||||
- dm space map metadata: fix refcount decrement below 0 which caused
|
||||
corruption
|
||||
- dm cache: fix truncation bug when copying a block to/from >2TB fast
|
||||
device
|
||||
- net: unix socket code abuses csum_partial
|
||||
- SCSI: qla2xxx: Fix multiqueue MSI-X registration.
|
||||
- [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU
|
||||
- Btrfs: fix tree mod logging
|
||||
- Btrfs: fix data corruption when reading/updating compressed extents
|
||||
- intel_pstate: Add setting voltage value for baytrail P states.
|
||||
- Fix mountpoint reference leakage in linkat
|
||||
- bio-integrity: Fix bio_integrity_verify segment start bug
|
||||
- memcg: reparent charges of children before processing parent
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [arm] mm: Avoid ABI change in 3.13.6 (fixes FTBFS)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Fri, 21 Mar 2014 19:47:01 +0000
|
||||
|
|
|
@ -1,135 +0,0 @@
|
|||
From: Daniel Borkmann <dborkman@redhat.com>
|
||||
Date: Mon, 3 Mar 2014 17:23:04 +0100
|
||||
Subject: net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH
|
||||
capable
|
||||
Origin: https://git.kernel.org/linus/ec0223ec48a90cb605244b45f7c62de856403729
|
||||
|
||||
RFC4895 introduced AUTH chunks for SCTP; during the SCTP
|
||||
handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS
|
||||
being optional though):
|
||||
|
||||
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
|
||||
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
|
||||
-------------------- COOKIE-ECHO -------------------->
|
||||
<-------------------- COOKIE-ACK ---------------------
|
||||
|
||||
A special case is when an endpoint requires COOKIE-ECHO
|
||||
chunks to be authenticated:
|
||||
|
||||
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
|
||||
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
|
||||
------------------ AUTH; COOKIE-ECHO ---------------->
|
||||
<-------------------- COOKIE-ACK ---------------------
|
||||
|
||||
RFC4895, section 6.3. Receiving Authenticated Chunks says:
|
||||
|
||||
The receiver MUST use the HMAC algorithm indicated in
|
||||
the HMAC Identifier field. If this algorithm was not
|
||||
specified by the receiver in the HMAC-ALGO parameter in
|
||||
the INIT or INIT-ACK chunk during association setup, the
|
||||
AUTH chunk and all the chunks after it MUST be discarded
|
||||
and an ERROR chunk SHOULD be sent with the error cause
|
||||
defined in Section 4.1. [...] If no endpoint pair shared
|
||||
key has been configured for that Shared Key Identifier,
|
||||
all authenticated chunks MUST be silently discarded. [...]
|
||||
|
||||
When an endpoint requires COOKIE-ECHO chunks to be
|
||||
authenticated, some special procedures have to be followed
|
||||
because the reception of a COOKIE-ECHO chunk might result
|
||||
in the creation of an SCTP association. If a packet arrives
|
||||
containing an AUTH chunk as a first chunk, a COOKIE-ECHO
|
||||
chunk as the second chunk, and possibly more chunks after
|
||||
them, and the receiver does not have an STCB for that
|
||||
packet, then authentication is based on the contents of
|
||||
the COOKIE-ECHO chunk. In this situation, the receiver MUST
|
||||
authenticate the chunks in the packet by using the RANDOM
|
||||
parameters, CHUNKS parameters and HMAC_ALGO parameters
|
||||
obtained from the COOKIE-ECHO chunk, and possibly a local
|
||||
shared secret as inputs to the authentication procedure
|
||||
specified in Section 6.3. If authentication fails, then
|
||||
the packet is discarded. If the authentication is successful,
|
||||
the COOKIE-ECHO and all the chunks after the COOKIE-ECHO
|
||||
MUST be processed. If the receiver has an STCB, it MUST
|
||||
process the AUTH chunk as described above using the STCB
|
||||
from the existing association to authenticate the
|
||||
COOKIE-ECHO chunk and all the chunks after it. [...]
|
||||
|
||||
Commit bbd0d59809f9 introduced the possibility to receive
|
||||
and verification of AUTH chunk, including the edge case for
|
||||
authenticated COOKIE-ECHO. On reception of COOKIE-ECHO,
|
||||
the function sctp_sf_do_5_1D_ce() handles processing,
|
||||
unpacks and creates a new association if it passed sanity
|
||||
checks and also tests for authentication chunks being
|
||||
present. After a new association has been processed, it
|
||||
invokes sctp_process_init() on the new association and
|
||||
walks through the parameter list it received from the INIT
|
||||
chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO
|
||||
and SCTP_PARAM_CHUNKS, and copies them into asoc->peer
|
||||
meta data (peer_random, peer_hmacs, peer_chunks) in case
|
||||
sysctl -w net.sctp.auth_enable=1 is set. If in INIT's
|
||||
SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set,
|
||||
peer_random != NULL and peer_hmacs != NULL the peer is to be
|
||||
assumed asoc->peer.auth_capable=1, in any other case
|
||||
asoc->peer.auth_capable=0.
|
||||
|
||||
Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is
|
||||
available, we set up a fake auth chunk and pass that on to
|
||||
sctp_sf_authenticate(), which at latest in
|
||||
sctp_auth_calculate_hmac() reliably dereferences a NULL pointer
|
||||
at position 0..0008 when setting up the crypto key in
|
||||
crypto_hash_setkey() by using asoc->asoc_shared_key that is
|
||||
NULL as condition key_id == asoc->active_key_id is true if
|
||||
the AUTH chunk was injected correctly from remote. This
|
||||
happens no matter what net.sctp.auth_enable sysctl says.
|
||||
|
||||
The fix is to check for net->sctp.auth_enable and for
|
||||
asoc->peer.auth_capable before doing any operations like
|
||||
sctp_sf_authenticate() as no key is activated in
|
||||
sctp_auth_asoc_init_active_key() for each case.
|
||||
|
||||
Now as RFC4895 section 6.3 states that if the used HMAC-ALGO
|
||||
passed from the INIT chunk was not used in the AUTH chunk, we
|
||||
SHOULD send an error; however in this case it would be better
|
||||
to just silently discard such a maliciously prepared handshake
|
||||
as we didn't even receive a parameter at all. Also, as our
|
||||
endpoint has no shared key configured, section 6.3 says that
|
||||
MUST silently discard, which we are doing from now onwards.
|
||||
|
||||
Before calling sctp_sf_pdiscard(), we need not only to free
|
||||
the association, but also the chunk->auth_chunk skb, as
|
||||
commit bbd0d59809f9 created a skb clone in that case.
|
||||
|
||||
I have tested this locally by using netfilter's nfqueue and
|
||||
re-injecting packets into the local stack after maliciously
|
||||
modifying the INIT chunk (removing RANDOM; HMAC-ALGO param)
|
||||
and the SCTP packet containing the COOKIE_ECHO (injecting
|
||||
AUTH chunk before COOKIE_ECHO). Fixed with this patch applied.
|
||||
|
||||
Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
|
||||
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
||||
Cc: Vlad Yasevich <yasevich@gmail.com>
|
||||
Cc: Neil Horman <nhorman@tuxdriver.com>
|
||||
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/sctp/sm_statefuns.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
|
||||
index 591b44d..ae65b6b 100644
|
||||
--- a/net/sctp/sm_statefuns.c
|
||||
+++ b/net/sctp/sm_statefuns.c
|
||||
@@ -758,6 +758,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
|
||||
struct sctp_chunk auth;
|
||||
sctp_ierror_t ret;
|
||||
|
||||
+ /* Make sure that we and the peer are AUTH capable */
|
||||
+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
|
||||
+ kfree_skb(chunk->auth_chunk);
|
||||
+ sctp_association_free(new_asoc);
|
||||
+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
|
||||
+ }
|
||||
+
|
||||
/* set-up our fake chunk so that we can process it */
|
||||
auth.skb = chunk->auth_chunk;
|
||||
auth.asoc = chunk->asoc;
|
|
@ -1,57 +0,0 @@
|
|||
From: Mathias Nyman <mathias.nyman@linux.intel.com>
|
||||
Subject: [PATCH 2/2] Revert "USBNET: ax88179_178a: enable tso if usb host supports sg dma"
|
||||
Date: Fri, 7 Mar 2014 17:06:58 +0200
|
||||
Origin: http://permalink.gmane.org/gmane.linux.kernel/1662582
|
||||
|
||||
This reverts commit 3804fad45411b48233b48003e33a78f290d227c8.
|
||||
|
||||
This commit, together with commit 247bf557273dd775505fb9240d2d152f4f20d304
|
||||
"xhci 1.0: Limit arbitrarily-aligned scatter gather." were
|
||||
origially added to get xHCI 1.0 hosts and usb ethernet ax88179_178a devices
|
||||
working together with scatter gather. xHCI 1.0 hosts pose some requirement on how transfer
|
||||
buffers are aligned, setting this requirement for 1.0 hosts caused USB 3.0 mass
|
||||
storage devices to fail more frequently.
|
||||
|
||||
USB 3.0 mass storage devices used to work before 3.14-rc1. Theoretically,
|
||||
the TD fragment rules could have caused an occasional disk glitch.
|
||||
Now the devices *will* fail, instead of theoretically failing.
|
||||
From a user perspective, this looks like a regression; the USB device obviously
|
||||
fails on 3.14-rc1, and may sometimes silently fail on prior kernels.
|
||||
|
||||
The proper soluition is to implement the TD fragment rules for xHCI 1.0 hosts,
|
||||
but for now, revert this patch until scatter gather can be properly supported.
|
||||
|
||||
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
|
||||
Cc: stable <stable@vger.kernel.org>
|
||||
---
|
||||
drivers/net/usb/ax88179_178a.c | 8 --------
|
||||
1 file changed, 8 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c
|
||||
index 955df81..42085e6 100644
|
||||
--- a/drivers/net/usb/ax88179_178a.c
|
||||
+++ b/drivers/net/usb/ax88179_178a.c
|
||||
@@ -1029,20 +1029,12 @@ static int ax88179_bind(struct usbnet *dev, struct usb_interface *intf)
|
||||
dev->mii.phy_id = 0x03;
|
||||
dev->mii.supports_gmii = 1;
|
||||
|
||||
- if (usb_device_no_sg_constraint(dev->udev))
|
||||
- dev->can_dma_sg = 1;
|
||||
-
|
||||
dev->net->features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM |
|
||||
NETIF_F_RXCSUM;
|
||||
|
||||
dev->net->hw_features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM |
|
||||
NETIF_F_RXCSUM;
|
||||
|
||||
- if (dev->can_dma_sg) {
|
||||
- dev->net->features |= NETIF_F_SG | NETIF_F_TSO;
|
||||
- dev->net->hw_features |= NETIF_F_SG | NETIF_F_TSO;
|
||||
- }
|
||||
-
|
||||
/* Enable checksum offload */
|
||||
*tmp = AX_RXCOE_IP | AX_RXCOE_TCP | AX_RXCOE_UDP |
|
||||
AX_RXCOE_TCPV6 | AX_RXCOE_UDPV6;
|
||||
--
|
||||
1.8.1.2
|
||||
|
|
@ -1,72 +0,0 @@
|
|||
From: Mathias Nyman <mathias.nyman@linux.intel.com>
|
||||
Subject: [PATCH 1/2] Revert "xhci 1.0: Limit arbitrarily-aligned scatter gather."
|
||||
Date: Fri, 7 Mar 2014 17:06:57 +0200
|
||||
Origin: http://permalink.gmane.org/gmane.linux.kernel.stable/83276
|
||||
|
||||
This reverts commit 247bf557273dd775505fb9240d2d152f4f20d304.
|
||||
|
||||
This commit, together with commit 3804fad45411b48233b48003e33a78f290d227c8
|
||||
"USBNET: ax88179_178a: enable tso if usb host supports sg dma" were
|
||||
origially added to get xHCI 1.0 hosts and usb ethernet ax88179_178a devices
|
||||
working together with scatter gather. xHCI 1.0 hosts pose some requirement on how transfer
|
||||
buffers are aligned, setting this requirement for 1.0 hosts caused USB 3.0 mass
|
||||
storage devices to fail more frequently.
|
||||
|
||||
USB 3.0 mass storage devices used to work before 3.14-rc1. Theoretically,
|
||||
the TD fragment rules could have caused an occasional disk glitch.
|
||||
Now the devices *will* fail, instead of theoretically failing.
|
||||
From a user perspective, this looks like a regression; the USB device obviously
|
||||
fails on 3.14-rc1, and may sometimes silently fail on prior kernels.
|
||||
|
||||
The proper soluition is to implement the TD fragment rules required, but for now
|
||||
this patch needs to be reverted to get USB 3.0 mass storage devices working at the
|
||||
level they used to.
|
||||
|
||||
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
|
||||
Cc: stable <stable@vger.kernel.org>
|
||||
---
|
||||
drivers/usb/host/xhci.c | 14 +++-----------
|
||||
1 file changed, 3 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
|
||||
index 6fe577d..924a6cc 100644
|
||||
--- a/drivers/usb/host/xhci.c
|
||||
+++ b/drivers/usb/host/xhci.c
|
||||
@@ -4733,6 +4733,9 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
|
||||
/* Accept arbitrarily long scatter-gather lists */
|
||||
hcd->self.sg_tablesize = ~0;
|
||||
|
||||
+ /* support to build packet from discontinuous buffers */
|
||||
+ hcd->self.no_sg_constraint = 1;
|
||||
+
|
||||
/* XHCI controllers don't stop the ep queue on short packets :| */
|
||||
hcd->self.no_stop_on_short = 1;
|
||||
|
||||
@@ -4757,14 +4760,6 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
|
||||
/* xHCI private pointer was set in xhci_pci_probe for the second
|
||||
* registered roothub.
|
||||
*/
|
||||
- xhci = hcd_to_xhci(hcd);
|
||||
- /*
|
||||
- * Support arbitrarily aligned sg-list entries on hosts without
|
||||
- * TD fragment rules (which are currently unsupported).
|
||||
- */
|
||||
- if (xhci->hci_version < 0x100)
|
||||
- hcd->self.no_sg_constraint = 1;
|
||||
-
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -4793,9 +4788,6 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
|
||||
if (xhci->hci_version > 0x96)
|
||||
xhci->quirks |= XHCI_SPURIOUS_SUCCESS;
|
||||
|
||||
- if (xhci->hci_version < 0x100)
|
||||
- hcd->self.no_sg_constraint = 1;
|
||||
-
|
||||
/* Make sure the HC is halted. */
|
||||
retval = xhci_halt(xhci);
|
||||
if (retval)
|
||||
--
|
||||
1.8.1.2
|
||||
|
|
@ -79,10 +79,7 @@ bugfix/all/staging-lustre-Make-LUSTRE_LLITE_LLOOP-tristate.patch
|
|||
bugfix/all/i2c-designware-remove-HAVE_CLK-build-dependecy.patch
|
||||
debian/snd-pcsp-disable-autoload.patch
|
||||
bugfix/all/bluetooth-allocate-static-minor-for-vhci.patch
|
||||
bugfix/all/revert-xhci-1.0-limit-arbitrarilyaligned-scatter-gather.patch
|
||||
bugfix/all/revert-usbnet-ax88179_178a-enable-tso-if-usb-host.patch
|
||||
bugfix/all/net-fix-for-a-race-condition-in-the-inet-frag-code.patch
|
||||
bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch
|
||||
bugfix/all/KEYS-Make-the-keyring-cycle-detector-ignore-other-ke.patch
|
||||
bugfix/all/net-use-kfree_skb_list-helper.patch
|
||||
bugfix/all/0001-skbuff-skb_segment-s-frag-nskb_frag.patch
|
||||
|
|
Loading…
Reference in New Issue