debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 3.13.7 

svn path=/dists/sid/linux/; revision=21180
This commit is contained in:
Ben Hutchings 2014-03-24 22:19:28 +00:00
parent 61289ab39b
commit 82a6c2e239
5 changed files with 58 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
debian/changelog vendored
View File

@ -1,5 +1,62 @@
linux (3.13.6-2) UNRELEASED; urgency=medium
linux (3.13.7-1) UNRELEASED; urgency=medium
* New upstream stable update:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7
- mm: page_alloc: exempt GFP_THISNODE allocations from zone fairness
(regression in 3.12)
- mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid m(un)locking
(regression in 3.12)
- ocfs2: fix quota file corruption
- ocfs2 syncs the wrong range...
- memcg: fix endless loop in __mem_cgroup_iter_next()
(regression in 3.13.3)
- net-tcp: fastopen: fix high order allocations
- ipv6: reuse ip6_frag_id from ip6_ufo_append_data
- ipv4: ipv6: better estimate tunnel header cut for correct ufo handling
- ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL
pointer
- mac80211: clear sequence/fragment number in QoS-null frames
- ath9k: Fix ETSI compliance for AR9462 2.0
- ath9k: protect tid->sched check
- cpuset: fix a locking issue in cpuset_migrate_mm()
- cpuset: fix a race condition in __cpuset_node_allowed_softwall()
- firewire: net: fix use after free
- firewire: don't use PREPARE_DELAYED_WORK
- libata: disable queued TRIM for Crucial M500 mSATA SSDs
- libata: use wider match for blacklisting Crucial M500
- NFSv4: Fix another nfs4_sequence corruptor (Closes: #734268)
- cpufreq: use cpufreq_cpu_get() to avoid cpufreq_get() race conditions
- cpufreq: Skip current frequency initialization for ->setpolicy drivers
(regression in 3.13)
- iscsi/iser-target: Use list_del_init for ->i_conn_node
- iser-target: Ignore completions for FRWRs in isert_cq_tx_work
- iser-target: Fix post_send_buf_count for RDMA READ/WRITE
- mm/readahead.c: fix do_readahead() for no readpage(s)
(regression in 3.13)
- fs/proc/base.c: fix GPF in /proc/$PID/map_files
- drm/i915: fix pch pci device enumeration (regression in 3.11)
- drm/i915: Reject >165MHz modes w/ DVI monitors (regression in 3.11)
- drm/radeon: fix runpm disabling on non-PX harder
(may fix #741619, #742507)
- PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled
(fixes regression in 3.13.6)
- [x86] vmxnet3: fix netpoll race condition
- mm/compaction: break out of loop on !PageBuddy in isolate_freepages_block
- dm space map metadata: fix refcount decrement below 0 which caused
corruption
- dm cache: fix truncation bug when copying a block to/from >2TB fast
device
- net: unix socket code abuses csum_partial
- SCSI: qla2xxx: Fix multiqueue MSI-X registration.
- [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU
- Btrfs: fix tree mod logging
- Btrfs: fix data corruption when reading/updating compressed extents
- intel_pstate: Add setting voltage value for baytrail P states.
- Fix mountpoint reference leakage in linkat
- bio-integrity: Fix bio_integrity_verify segment start bug
- memcg: reparent charges of children before processing parent
[ Ben Hutchings ]
* [arm] mm: Avoid ABI change in 3.13.6 (fixes FTBFS)
-- Ben Hutchings <ben@decadent.org.uk> Fri, 21 Mar 2014 19:47:01 +0000

135
debian/patches/bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch vendored
View File

@ -1,135 +0,0 @@
From: Daniel Borkmann <dborkman@redhat.com>
Date: Mon, 3 Mar 2014 17:23:04 +0100
Subject: net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH
capable
Origin: https://git.kernel.org/linus/ec0223ec48a90cb605244b45f7c62de856403729
RFC4895 introduced AUTH chunks for SCTP; during the SCTP
handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS
being optional though):
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
-------------------- COOKIE-ECHO -------------------->
<-------------------- COOKIE-ACK ---------------------
A special case is when an endpoint requires COOKIE-ECHO
chunks to be authenticated:
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
------------------ AUTH; COOKIE-ECHO ---------------->
<-------------------- COOKIE-ACK ---------------------
RFC4895, section 6.3. Receiving Authenticated Chunks says:
The receiver MUST use the HMAC algorithm indicated in
the HMAC Identifier field. If this algorithm was not
specified by the receiver in the HMAC-ALGO parameter in
the INIT or INIT-ACK chunk during association setup, the
AUTH chunk and all the chunks after it MUST be discarded
and an ERROR chunk SHOULD be sent with the error cause
defined in Section 4.1. [...] If no endpoint pair shared
key has been configured for that Shared Key Identifier,
all authenticated chunks MUST be silently discarded. [...]
When an endpoint requires COOKIE-ECHO chunks to be
authenticated, some special procedures have to be followed
because the reception of a COOKIE-ECHO chunk might result
in the creation of an SCTP association. If a packet arrives
containing an AUTH chunk as a first chunk, a COOKIE-ECHO
chunk as the second chunk, and possibly more chunks after
them, and the receiver does not have an STCB for that
packet, then authentication is based on the contents of
the COOKIE-ECHO chunk. In this situation, the receiver MUST
authenticate the chunks in the packet by using the RANDOM
parameters, CHUNKS parameters and HMAC_ALGO parameters
obtained from the COOKIE-ECHO chunk, and possibly a local
shared secret as inputs to the authentication procedure
specified in Section 6.3. If authentication fails, then
the packet is discarded. If the authentication is successful,
the COOKIE-ECHO and all the chunks after the COOKIE-ECHO
MUST be processed. If the receiver has an STCB, it MUST
process the AUTH chunk as described above using the STCB
from the existing association to authenticate the
COOKIE-ECHO chunk and all the chunks after it. [...]
Commit bbd0d59809f9 introduced the possibility to receive
and verification of AUTH chunk, including the edge case for
authenticated COOKIE-ECHO. On reception of COOKIE-ECHO,
the function sctp_sf_do_5_1D_ce() handles processing,
unpacks and creates a new association if it passed sanity
checks and also tests for authentication chunks being
present. After a new association has been processed, it
invokes sctp_process_init() on the new association and
walks through the parameter list it received from the INIT
chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO
and SCTP_PARAM_CHUNKS, and copies them into asoc->peer
meta data (peer_random, peer_hmacs, peer_chunks) in case
sysctl -w net.sctp.auth_enable=1 is set. If in INIT's
SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set,
peer_random != NULL and peer_hmacs != NULL the peer is to be
assumed asoc->peer.auth_capable=1, in any other case
asoc->peer.auth_capable=0.
Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is
available, we set up a fake auth chunk and pass that on to
sctp_sf_authenticate(), which at latest in
sctp_auth_calculate_hmac() reliably dereferences a NULL pointer
at position 0..0008 when setting up the crypto key in
crypto_hash_setkey() by using asoc->asoc_shared_key that is
NULL as condition key_id == asoc->active_key_id is true if
the AUTH chunk was injected correctly from remote. This
happens no matter what net.sctp.auth_enable sysctl says.
The fix is to check for net->sctp.auth_enable and for
asoc->peer.auth_capable before doing any operations like
sctp_sf_authenticate() as no key is activated in
sctp_auth_asoc_init_active_key() for each case.
Now as RFC4895 section 6.3 states that if the used HMAC-ALGO
passed from the INIT chunk was not used in the AUTH chunk, we
SHOULD send an error; however in this case it would be better
to just silently discard such a maliciously prepared handshake
as we didn't even receive a parameter at all. Also, as our
endpoint has no shared key configured, section 6.3 says that
MUST silently discard, which we are doing from now onwards.
Before calling sctp_sf_pdiscard(), we need not only to free
the association, but also the chunk->auth_chunk skb, as
commit bbd0d59809f9 created a skb clone in that case.
I have tested this locally by using netfilter's nfqueue and
re-injecting packets into the local stack after maliciously
modifying the INIT chunk (removing RANDOM; HMAC-ALGO param)
and the SCTP packet containing the COOKIE_ECHO (injecting
AUTH chunk before COOKIE_ECHO). Fixed with this patch applied.
Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Vlad Yasevich <yasevich@gmail.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/sctp/sm_statefuns.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 591b44d..ae65b6b 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -758,6 +758,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
struct sctp_chunk auth;
sctp_ierror_t ret;
+ /* Make sure that we and the peer are AUTH capable */
+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
+ kfree_skb(chunk->auth_chunk);
+ sctp_association_free(new_asoc);
+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
+ }
+
/* set-up our fake chunk so that we can process it */
auth.skb = chunk->auth_chunk;
auth.asoc = chunk->asoc;

57
debian/patches/bugfix/all/revert-usbnet-ax88179_178a-enable-tso-if-usb-host.patch vendored
View File

@ -1,57 +0,0 @@
From: Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 2/2] Revert "USBNET: ax88179_178a: enable tso if usb host supports sg dma"
Date: Fri, 7 Mar 2014 17:06:58 +0200
Origin: http://permalink.gmane.org/gmane.linux.kernel/1662582
This reverts commit 3804fad45411b48233b48003e33a78f290d227c8.
This commit, together with commit 247bf557273dd775505fb9240d2d152f4f20d304
"xhci 1.0: Limit arbitrarily-aligned scatter gather." were
origially added to get xHCI 1.0 hosts and usb ethernet ax88179_178a devices
working together with scatter gather. xHCI 1.0 hosts pose some requirement on how transfer
buffers are aligned, setting this requirement for 1.0 hosts caused USB 3.0 mass
storage devices to fail more frequently.
USB 3.0 mass storage devices used to work before 3.14-rc1. Theoretically,
the TD fragment rules could have caused an occasional disk glitch.
Now the devices *will* fail, instead of theoretically failing.
From a user perspective, this looks like a regression; the USB device obviously
fails on 3.14-rc1, and may sometimes silently fail on prior kernels.
The proper soluition is to implement the TD fragment rules for xHCI 1.0 hosts,
but for now, revert this patch until scatter gather can be properly supported.
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: stable <stable@vger.kernel.org>
---
drivers/net/usb/ax88179_178a.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c
index 955df81..42085e6 100644
--- a/drivers/net/usb/ax88179_178a.c
+++ b/drivers/net/usb/ax88179_178a.c
@@ -1029,20 +1029,12 @@ static int ax88179_bind(struct usbnet *dev, struct usb_interface *intf)
dev->mii.phy_id = 0x03;
dev->mii.supports_gmii = 1;
- if (usb_device_no_sg_constraint(dev->udev))
- dev->can_dma_sg = 1;
-
dev->net->features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM |
NETIF_F_RXCSUM;
dev->net->hw_features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM |
NETIF_F_RXCSUM;
- if (dev->can_dma_sg) {
- dev->net->features |= NETIF_F_SG | NETIF_F_TSO;
- dev->net->hw_features |= NETIF_F_SG | NETIF_F_TSO;
- }
-
/* Enable checksum offload */
*tmp = AX_RXCOE_IP | AX_RXCOE_TCP | AX_RXCOE_UDP |
AX_RXCOE_TCPV6 | AX_RXCOE_UDPV6;
--
1.8.1.2

72
debian/patches/bugfix/all/revert-xhci-1.0-limit-arbitrarilyaligned-scatter-gather.patch vendored
View File

@ -1,72 +0,0 @@
From: Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 1/2] Revert "xhci 1.0: Limit arbitrarily-aligned scatter gather."
Date: Fri, 7 Mar 2014 17:06:57 +0200
Origin: http://permalink.gmane.org/gmane.linux.kernel.stable/83276
This reverts commit 247bf557273dd775505fb9240d2d152f4f20d304.
This commit, together with commit 3804fad45411b48233b48003e33a78f290d227c8
"USBNET: ax88179_178a: enable tso if usb host supports sg dma" were
origially added to get xHCI 1.0 hosts and usb ethernet ax88179_178a devices
working together with scatter gather. xHCI 1.0 hosts pose some requirement on how transfer
buffers are aligned, setting this requirement for 1.0 hosts caused USB 3.0 mass
storage devices to fail more frequently.
USB 3.0 mass storage devices used to work before 3.14-rc1. Theoretically,
the TD fragment rules could have caused an occasional disk glitch.
Now the devices *will* fail, instead of theoretically failing.
From a user perspective, this looks like a regression; the USB device obviously
fails on 3.14-rc1, and may sometimes silently fail on prior kernels.
The proper soluition is to implement the TD fragment rules required, but for now
this patch needs to be reverted to get USB 3.0 mass storage devices working at the
level they used to.
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: stable <stable@vger.kernel.org>
---
drivers/usb/host/xhci.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 6fe577d..924a6cc 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -4733,6 +4733,9 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
/* Accept arbitrarily long scatter-gather lists */
hcd->self.sg_tablesize = ~0;
+ /* support to build packet from discontinuous buffers */
+ hcd->self.no_sg_constraint = 1;
+
/* XHCI controllers don't stop the ep queue on short packets :| */
hcd->self.no_stop_on_short = 1;
@@ -4757,14 +4760,6 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
/* xHCI private pointer was set in xhci_pci_probe for the second
* registered roothub.
*/
- xhci = hcd_to_xhci(hcd);
- /*
- * Support arbitrarily aligned sg-list entries on hosts without
- * TD fragment rules (which are currently unsupported).
- */
- if (xhci->hci_version < 0x100)
- hcd->self.no_sg_constraint = 1;
-
return 0;
}
@@ -4793,9 +4788,6 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
if (xhci->hci_version > 0x96)
xhci->quirks |= XHCI_SPURIOUS_SUCCESS;
- if (xhci->hci_version < 0x100)
- hcd->self.no_sg_constraint = 1;
-
/* Make sure the HC is halted. */
retval = xhci_halt(xhci);
if (retval)
--
1.8.1.2

3
debian/patches/series vendored
View File

@ -79,10 +79,7 @@ bugfix/all/staging-lustre-Make-LUSTRE_LLITE_LLOOP-tristate.patch
bugfix/all/i2c-designware-remove-HAVE_CLK-build-dependecy.patch
debian/snd-pcsp-disable-autoload.patch
bugfix/all/bluetooth-allocate-static-minor-for-vhci.patch
bugfix/all/revert-xhci-1.0-limit-arbitrarilyaligned-scatter-gather.patch
bugfix/all/revert-usbnet-ax88179_178a-enable-tso-if-usb-host.patch
bugfix/all/net-fix-for-a-race-condition-in-the-inet-frag-code.patch
bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch
bugfix/all/KEYS-Make-the-keyring-cycle-detector-ignore-other-ke.patch
bugfix/all/net-use-kfree_skb_list-helper.patch
bugfix/all/0001-skbuff-skb_segment-s-frag-nskb_frag.patch