diff --git a/debian/changelog b/debian/changelog index 898821e96..1d00d1702 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,62 @@ -linux (3.13.6-2) UNRELEASED; urgency=medium +linux (3.13.7-1) UNRELEASED; urgency=medium + * New upstream stable update: + http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 + - mm: page_alloc: exempt GFP_THISNODE allocations from zone fairness + (regression in 3.12) + - mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid m(un)locking + (regression in 3.12) + - ocfs2: fix quota file corruption + - ocfs2 syncs the wrong range... + - memcg: fix endless loop in __mem_cgroup_iter_next() + (regression in 3.13.3) + - net-tcp: fastopen: fix high order allocations + - ipv6: reuse ip6_frag_id from ip6_ufo_append_data + - ipv4: ipv6: better estimate tunnel header cut for correct ufo handling + - ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL + pointer + - mac80211: clear sequence/fragment number in QoS-null frames + - ath9k: Fix ETSI compliance for AR9462 2.0 + - ath9k: protect tid->sched check + - cpuset: fix a locking issue in cpuset_migrate_mm() + - cpuset: fix a race condition in __cpuset_node_allowed_softwall() + - firewire: net: fix use after free + - firewire: don't use PREPARE_DELAYED_WORK + - libata: disable queued TRIM for Crucial M500 mSATA SSDs + - libata: use wider match for blacklisting Crucial M500 + - NFSv4: Fix another nfs4_sequence corruptor (Closes: #734268) + - cpufreq: use cpufreq_cpu_get() to avoid cpufreq_get() race conditions + - cpufreq: Skip current frequency initialization for ->setpolicy drivers + (regression in 3.13) + - iscsi/iser-target: Use list_del_init for ->i_conn_node + - iser-target: Ignore completions for FRWRs in isert_cq_tx_work + - iser-target: Fix post_send_buf_count for RDMA READ/WRITE + - mm/readahead.c: fix do_readahead() for no readpage(s) + (regression in 3.13) + - fs/proc/base.c: fix GPF in /proc/$PID/map_files + - drm/i915: fix pch pci device enumeration (regression in 3.11) + - drm/i915: Reject >165MHz modes w/ DVI monitors (regression in 3.11) + - drm/radeon: fix runpm disabling on non-PX harder + (may fix #741619, #742507) + - PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled + (fixes regression in 3.13.6) + - [x86] vmxnet3: fix netpoll race condition + - mm/compaction: break out of loop on !PageBuddy in isolate_freepages_block + - dm space map metadata: fix refcount decrement below 0 which caused + corruption + - dm cache: fix truncation bug when copying a block to/from >2TB fast + device + - net: unix socket code abuses csum_partial + - SCSI: qla2xxx: Fix multiqueue MSI-X registration. + - [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU + - Btrfs: fix tree mod logging + - Btrfs: fix data corruption when reading/updating compressed extents + - intel_pstate: Add setting voltage value for baytrail P states. + - Fix mountpoint reference leakage in linkat + - bio-integrity: Fix bio_integrity_verify segment start bug + - memcg: reparent charges of children before processing parent + + [ Ben Hutchings ] * [arm] mm: Avoid ABI change in 3.13.6 (fixes FTBFS) -- Ben Hutchings Fri, 21 Mar 2014 19:47:01 +0000 diff --git a/debian/patches/bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch b/debian/patches/bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch deleted file mode 100644 index d13919d94..000000000 --- a/debian/patches/bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch +++ /dev/null @@ -1,135 +0,0 @@ -From: Daniel Borkmann -Date: Mon, 3 Mar 2014 17:23:04 +0100 -Subject: net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH - capable -Origin: https://git.kernel.org/linus/ec0223ec48a90cb605244b45f7c62de856403729 - -RFC4895 introduced AUTH chunks for SCTP; during the SCTP -handshake RANDOM; CHUNKS; HMAC-ALGO are negotiated (CHUNKS -being optional though): - - ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> - <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- - -------------------- COOKIE-ECHO --------------------> - <-------------------- COOKIE-ACK --------------------- - -A special case is when an endpoint requires COOKIE-ECHO -chunks to be authenticated: - - ---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ----------> - <------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] --------- - ------------------ AUTH; COOKIE-ECHO ----------------> - <-------------------- COOKIE-ACK --------------------- - -RFC4895, section 6.3. Receiving Authenticated Chunks says: - - The receiver MUST use the HMAC algorithm indicated in - the HMAC Identifier field. If this algorithm was not - specified by the receiver in the HMAC-ALGO parameter in - the INIT or INIT-ACK chunk during association setup, the - AUTH chunk and all the chunks after it MUST be discarded - and an ERROR chunk SHOULD be sent with the error cause - defined in Section 4.1. [...] If no endpoint pair shared - key has been configured for that Shared Key Identifier, - all authenticated chunks MUST be silently discarded. [...] - - When an endpoint requires COOKIE-ECHO chunks to be - authenticated, some special procedures have to be followed - because the reception of a COOKIE-ECHO chunk might result - in the creation of an SCTP association. If a packet arrives - containing an AUTH chunk as a first chunk, a COOKIE-ECHO - chunk as the second chunk, and possibly more chunks after - them, and the receiver does not have an STCB for that - packet, then authentication is based on the contents of - the COOKIE-ECHO chunk. In this situation, the receiver MUST - authenticate the chunks in the packet by using the RANDOM - parameters, CHUNKS parameters and HMAC_ALGO parameters - obtained from the COOKIE-ECHO chunk, and possibly a local - shared secret as inputs to the authentication procedure - specified in Section 6.3. If authentication fails, then - the packet is discarded. If the authentication is successful, - the COOKIE-ECHO and all the chunks after the COOKIE-ECHO - MUST be processed. If the receiver has an STCB, it MUST - process the AUTH chunk as described above using the STCB - from the existing association to authenticate the - COOKIE-ECHO chunk and all the chunks after it. [...] - -Commit bbd0d59809f9 introduced the possibility to receive -and verification of AUTH chunk, including the edge case for -authenticated COOKIE-ECHO. On reception of COOKIE-ECHO, -the function sctp_sf_do_5_1D_ce() handles processing, -unpacks and creates a new association if it passed sanity -checks and also tests for authentication chunks being -present. After a new association has been processed, it -invokes sctp_process_init() on the new association and -walks through the parameter list it received from the INIT -chunk. It checks SCTP_PARAM_RANDOM, SCTP_PARAM_HMAC_ALGO -and SCTP_PARAM_CHUNKS, and copies them into asoc->peer -meta data (peer_random, peer_hmacs, peer_chunks) in case -sysctl -w net.sctp.auth_enable=1 is set. If in INIT's -SCTP_PARAM_SUPPORTED_EXT parameter SCTP_CID_AUTH is set, -peer_random != NULL and peer_hmacs != NULL the peer is to be -assumed asoc->peer.auth_capable=1, in any other case -asoc->peer.auth_capable=0. - -Now, if in sctp_sf_do_5_1D_ce() chunk->auth_chunk is -available, we set up a fake auth chunk and pass that on to -sctp_sf_authenticate(), which at latest in -sctp_auth_calculate_hmac() reliably dereferences a NULL pointer -at position 0..0008 when setting up the crypto key in -crypto_hash_setkey() by using asoc->asoc_shared_key that is -NULL as condition key_id == asoc->active_key_id is true if -the AUTH chunk was injected correctly from remote. This -happens no matter what net.sctp.auth_enable sysctl says. - -The fix is to check for net->sctp.auth_enable and for -asoc->peer.auth_capable before doing any operations like -sctp_sf_authenticate() as no key is activated in -sctp_auth_asoc_init_active_key() for each case. - -Now as RFC4895 section 6.3 states that if the used HMAC-ALGO -passed from the INIT chunk was not used in the AUTH chunk, we -SHOULD send an error; however in this case it would be better -to just silently discard such a maliciously prepared handshake -as we didn't even receive a parameter at all. Also, as our -endpoint has no shared key configured, section 6.3 says that -MUST silently discard, which we are doing from now onwards. - -Before calling sctp_sf_pdiscard(), we need not only to free -the association, but also the chunk->auth_chunk skb, as -commit bbd0d59809f9 created a skb clone in that case. - -I have tested this locally by using netfilter's nfqueue and -re-injecting packets into the local stack after maliciously -modifying the INIT chunk (removing RANDOM; HMAC-ALGO param) -and the SCTP packet containing the COOKIE_ECHO (injecting -AUTH chunk before COOKIE_ECHO). Fixed with this patch applied. - -Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk") -Signed-off-by: Daniel Borkmann -Cc: Vlad Yasevich -Cc: Neil Horman -Acked-by: Vlad Yasevich -Signed-off-by: David S. Miller ---- - net/sctp/sm_statefuns.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c -index 591b44d..ae65b6b 100644 ---- a/net/sctp/sm_statefuns.c -+++ b/net/sctp/sm_statefuns.c -@@ -758,6 +758,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net, - struct sctp_chunk auth; - sctp_ierror_t ret; - -+ /* Make sure that we and the peer are AUTH capable */ -+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) { -+ kfree_skb(chunk->auth_chunk); -+ sctp_association_free(new_asoc); -+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); -+ } -+ - /* set-up our fake chunk so that we can process it */ - auth.skb = chunk->auth_chunk; - auth.asoc = chunk->asoc; diff --git a/debian/patches/bugfix/all/revert-usbnet-ax88179_178a-enable-tso-if-usb-host.patch b/debian/patches/bugfix/all/revert-usbnet-ax88179_178a-enable-tso-if-usb-host.patch deleted file mode 100644 index 3a8acdb15..000000000 --- a/debian/patches/bugfix/all/revert-usbnet-ax88179_178a-enable-tso-if-usb-host.patch +++ /dev/null @@ -1,57 +0,0 @@ -From: Mathias Nyman -Subject: [PATCH 2/2] Revert "USBNET: ax88179_178a: enable tso if usb host supports sg dma" -Date: Fri, 7 Mar 2014 17:06:58 +0200 -Origin: http://permalink.gmane.org/gmane.linux.kernel/1662582 - -This reverts commit 3804fad45411b48233b48003e33a78f290d227c8. - -This commit, together with commit 247bf557273dd775505fb9240d2d152f4f20d304 -"xhci 1.0: Limit arbitrarily-aligned scatter gather." were -origially added to get xHCI 1.0 hosts and usb ethernet ax88179_178a devices -working together with scatter gather. xHCI 1.0 hosts pose some requirement on how transfer -buffers are aligned, setting this requirement for 1.0 hosts caused USB 3.0 mass -storage devices to fail more frequently. - -USB 3.0 mass storage devices used to work before 3.14-rc1. Theoretically, -the TD fragment rules could have caused an occasional disk glitch. -Now the devices *will* fail, instead of theoretically failing. -From a user perspective, this looks like a regression; the USB device obviously -fails on 3.14-rc1, and may sometimes silently fail on prior kernels. - -The proper soluition is to implement the TD fragment rules for xHCI 1.0 hosts, -but for now, revert this patch until scatter gather can be properly supported. - -Signed-off-by: Mathias Nyman -Cc: stable ---- - drivers/net/usb/ax88179_178a.c | 8 -------- - 1 file changed, 8 deletions(-) - -diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c -index 955df81..42085e6 100644 ---- a/drivers/net/usb/ax88179_178a.c -+++ b/drivers/net/usb/ax88179_178a.c -@@ -1029,20 +1029,12 @@ static int ax88179_bind(struct usbnet *dev, struct usb_interface *intf) - dev->mii.phy_id = 0x03; - dev->mii.supports_gmii = 1; - -- if (usb_device_no_sg_constraint(dev->udev)) -- dev->can_dma_sg = 1; -- - dev->net->features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM | - NETIF_F_RXCSUM; - - dev->net->hw_features |= NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM | - NETIF_F_RXCSUM; - -- if (dev->can_dma_sg) { -- dev->net->features |= NETIF_F_SG | NETIF_F_TSO; -- dev->net->hw_features |= NETIF_F_SG | NETIF_F_TSO; -- } -- - /* Enable checksum offload */ - *tmp = AX_RXCOE_IP | AX_RXCOE_TCP | AX_RXCOE_UDP | - AX_RXCOE_TCPV6 | AX_RXCOE_UDPV6; --- -1.8.1.2 - diff --git a/debian/patches/bugfix/all/revert-xhci-1.0-limit-arbitrarilyaligned-scatter-gather.patch b/debian/patches/bugfix/all/revert-xhci-1.0-limit-arbitrarilyaligned-scatter-gather.patch deleted file mode 100644 index c96931671..000000000 --- a/debian/patches/bugfix/all/revert-xhci-1.0-limit-arbitrarilyaligned-scatter-gather.patch +++ /dev/null @@ -1,72 +0,0 @@ -From: Mathias Nyman -Subject: [PATCH 1/2] Revert "xhci 1.0: Limit arbitrarily-aligned scatter gather." -Date: Fri, 7 Mar 2014 17:06:57 +0200 -Origin: http://permalink.gmane.org/gmane.linux.kernel.stable/83276 - -This reverts commit 247bf557273dd775505fb9240d2d152f4f20d304. - -This commit, together with commit 3804fad45411b48233b48003e33a78f290d227c8 -"USBNET: ax88179_178a: enable tso if usb host supports sg dma" were -origially added to get xHCI 1.0 hosts and usb ethernet ax88179_178a devices -working together with scatter gather. xHCI 1.0 hosts pose some requirement on how transfer -buffers are aligned, setting this requirement for 1.0 hosts caused USB 3.0 mass -storage devices to fail more frequently. - -USB 3.0 mass storage devices used to work before 3.14-rc1. Theoretically, -the TD fragment rules could have caused an occasional disk glitch. -Now the devices *will* fail, instead of theoretically failing. -From a user perspective, this looks like a regression; the USB device obviously -fails on 3.14-rc1, and may sometimes silently fail on prior kernels. - -The proper soluition is to implement the TD fragment rules required, but for now -this patch needs to be reverted to get USB 3.0 mass storage devices working at the -level they used to. - -Signed-off-by: Mathias Nyman -Cc: stable ---- - drivers/usb/host/xhci.c | 14 +++----------- - 1 file changed, 3 insertions(+), 11 deletions(-) - -diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c -index 6fe577d..924a6cc 100644 ---- a/drivers/usb/host/xhci.c -+++ b/drivers/usb/host/xhci.c -@@ -4733,6 +4733,9 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) - /* Accept arbitrarily long scatter-gather lists */ - hcd->self.sg_tablesize = ~0; - -+ /* support to build packet from discontinuous buffers */ -+ hcd->self.no_sg_constraint = 1; -+ - /* XHCI controllers don't stop the ep queue on short packets :| */ - hcd->self.no_stop_on_short = 1; - -@@ -4757,14 +4760,6 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) - /* xHCI private pointer was set in xhci_pci_probe for the second - * registered roothub. - */ -- xhci = hcd_to_xhci(hcd); -- /* -- * Support arbitrarily aligned sg-list entries on hosts without -- * TD fragment rules (which are currently unsupported). -- */ -- if (xhci->hci_version < 0x100) -- hcd->self.no_sg_constraint = 1; -- - return 0; - } - -@@ -4793,9 +4788,6 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) - if (xhci->hci_version > 0x96) - xhci->quirks |= XHCI_SPURIOUS_SUCCESS; - -- if (xhci->hci_version < 0x100) -- hcd->self.no_sg_constraint = 1; -- - /* Make sure the HC is halted. */ - retval = xhci_halt(xhci); - if (retval) --- -1.8.1.2 - diff --git a/debian/patches/series b/debian/patches/series index 398a18750..59fdb0da2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -79,10 +79,7 @@ bugfix/all/staging-lustre-Make-LUSTRE_LLITE_LLOOP-tristate.patch bugfix/all/i2c-designware-remove-HAVE_CLK-build-dependecy.patch debian/snd-pcsp-disable-autoload.patch bugfix/all/bluetooth-allocate-static-minor-for-vhci.patch -bugfix/all/revert-xhci-1.0-limit-arbitrarilyaligned-scatter-gather.patch -bugfix/all/revert-usbnet-ax88179_178a-enable-tso-if-usb-host.patch bugfix/all/net-fix-for-a-race-condition-in-the-inet-frag-code.patch -bugfix/all/net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer.patch bugfix/all/KEYS-Make-the-keyring-cycle-detector-ignore-other-ke.patch bugfix/all/net-use-kfree_skb_list-helper.patch bugfix/all/0001-skbuff-skb_segment-s-frag-nskb_frag.patch