Update to 3.2.31

Drop 2 patches included in it.
Add some more hideous hacks to maintain ABI.

svn path=/dists/sid/linux/; revision=19432

debian/changelog

@@ -1,5 +1,28 @@
-linux (3.2.30-2) UNRELEASED; urgency=low
+linux (3.2.31-1) UNRELEASED; urgency=low
 
+  * New upstream stable update:
+    http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.31
+    - target: Fix ->data_length re-assignment bug with SCSI overflow
+    - hpsa: fix handling of protocol error
+    - cifs: fix return value in cifsConvertToUTF16
+    - asix: Support DLink DUB-E100 H/W Ver C1 (Closes: #687567)
+    - dj: memory scribble in logi_dj
+    - dm: handle requests beyond end of device instead of using BUG_ON
+    - md/raid10: fix "enough" function for detecting if array is failed.
+    - libata: Prevent interface errors with Seagate FreeAgent GoFlex
+    - vfs: dcache: fix deadlock in tree traversal
+    - Revert "drm/radeon: rework pll selection (v3)" (regression in 3.2.30)
+    - HID: hidraw: don't deallocate memory when it is in use
+    - xfrm: Workaround incompatibility of ESN and async crypto
+    - xfrm_user: fix various information leaks
+    - xfrm_user: ensure user supplied esn replay window is valid
+    - net: guard tcp_set_keepalive() to tcp sockets
+    - ipv4: raw: fix icmp_filter()
+    - ipv6: raw: fix icmpv6_filter()
+    - ipv6: mip6: fix mip6_mh_filter()
+    - netrom: copy_datagram_iovec can fail
+
+  [ Ben Hutchings ]
   * codel: refine one condition to avoid a nul rec_inv_sqrt
   * [mips,mipsel] Ignore NFS/SunRPC ABI changes in 3.2.30 (fixes FTBFS)
   * tg3: Fix TSO CAP for 5704 devs w / ASF enabled

debian/patches/bugfix/all/rds-set-correct-msg_namelen.patch

@@ -1,217 +0,0 @@
-From: Weiping Pan <wpan@redhat.com>
-Date: Mon, 23 Jul 2012 10:37:48 +0800
-Subject: rds: set correct msg_namelen
-
-commit 06b6a1cf6e776426766298d055bb3991957d90a7 upstream.
-
-Jay Fenlason (fenlason@redhat.com) found a bug,
-that recvfrom() on an RDS socket can return the contents of random kernel
-memory to userspace if it was called with a address length larger than
-sizeof(struct sockaddr_in).
-rds_recvmsg() also fails to set the addr_len paramater properly before
-returning, but that's just a bug.
-There are also a number of cases wher recvfrom() can return an entirely bogus
-address. Anything in rds_recvmsg() that returns a non-negative value but does
-not go through the "sin = (struct sockaddr_in *)msg->msg_name;" code path
-at the end of the while(1) loop will return up to 128 bytes of kernel memory
-to userspace.
-
-And I write two test programs to reproduce this bug, you will see that in
-rds_server, fromAddr will be overwritten and the following sock_fd will be
-destroyed.
-Yes, it is the programmer's fault to set msg_namelen incorrectly, but it is
-better to make the kernel copy the real length of address to user space in
-such case.
-
-How to run the test programs ?
-I test them on 32bit x86 system, 3.5.0-rc7.
-
-1 compile
-gcc -o rds_client rds_client.c
-gcc -o rds_server rds_server.c
-
-2 run ./rds_server on one console
-
-3 run ./rds_client on another console
-
-4 you will see something like:
-server is waiting to receive data...
-old socket fd=3
-server received data from client:data from client
-msg.msg_namelen=32
-new socket fd=-1067277685
-sendmsg()
-: Bad file descriptor
-
-/***************** rds_client.c ********************/
-
-int main(void)
-{
-	int sock_fd;
-	struct sockaddr_in serverAddr;
-	struct sockaddr_in toAddr;
-	char recvBuffer[128] = "data from client";
-	struct msghdr msg;
-	struct iovec iov;
-
-	sock_fd = socket(AF_RDS, SOCK_SEQPACKET, 0);
-	if (sock_fd < 0) {
-		perror("create socket error\n");
-		exit(1);
-	}
-
-	memset(&serverAddr, 0, sizeof(serverAddr));
-	serverAddr.sin_family = AF_INET;
-	serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
-	serverAddr.sin_port = htons(4001);
-
-	if (bind(sock_fd, (struct sockaddr*)&serverAddr, sizeof(serverAddr)) < 0) {
-		perror("bind() error\n");
-		close(sock_fd);
-		exit(1);
-	}
-
-	memset(&toAddr, 0, sizeof(toAddr));
-	toAddr.sin_family = AF_INET;
-	toAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
-	toAddr.sin_port = htons(4000);
-	msg.msg_name = &toAddr;
-	msg.msg_namelen = sizeof(toAddr);
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-	msg.msg_iov->iov_base = recvBuffer;
-	msg.msg_iov->iov_len = strlen(recvBuffer) + 1;
-	msg.msg_control = 0;
-	msg.msg_controllen = 0;
-	msg.msg_flags = 0;
-
-	if (sendmsg(sock_fd, &msg, 0) == -1) {
-		perror("sendto() error\n");
-		close(sock_fd);
-		exit(1);
-	}
-
-	printf("client send data:%s\n", recvBuffer);
-
-	memset(recvBuffer, '\0', 128);
-
-	msg.msg_name = &toAddr;
-	msg.msg_namelen = sizeof(toAddr);
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-	msg.msg_iov->iov_base = recvBuffer;
-	msg.msg_iov->iov_len = 128;
-	msg.msg_control = 0;
-	msg.msg_controllen = 0;
-	msg.msg_flags = 0;
-	if (recvmsg(sock_fd, &msg, 0) == -1) {
-		perror("recvmsg() error\n");
-		close(sock_fd);
-		exit(1);
-	}
-
-	printf("receive data from server:%s\n", recvBuffer);
-
-	close(sock_fd);
-
-	return 0;
-}
-
-/***************** rds_server.c ********************/
-
-int main(void)
-{
-	struct sockaddr_in fromAddr;
-	int sock_fd;
-	struct sockaddr_in serverAddr;
-	unsigned int addrLen;
-	char recvBuffer[128];
-	struct msghdr msg;
-	struct iovec iov;
-
-	sock_fd = socket(AF_RDS, SOCK_SEQPACKET, 0);
-	if(sock_fd < 0) {
-		perror("create socket error\n");
-		exit(0);
-	}
-
-	memset(&serverAddr, 0, sizeof(serverAddr));
-	serverAddr.sin_family = AF_INET;
-	serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
-	serverAddr.sin_port = htons(4000);
-	if (bind(sock_fd, (struct sockaddr*)&serverAddr, sizeof(serverAddr)) < 0) {
-		perror("bind error\n");
-		close(sock_fd);
-		exit(1);
-	}
-
-	printf("server is waiting to receive data...\n");
-	msg.msg_name = &fromAddr;
-
-	/*
-	 * I add 16 to sizeof(fromAddr), ie 32,
-	 * and pay attention to the definition of fromAddr,
-	 * recvmsg() will overwrite sock_fd,
-	 * since kernel will copy 32 bytes to userspace.
-	 *
-	 * If you just use sizeof(fromAddr), it works fine.
-	 * */
-	msg.msg_namelen = sizeof(fromAddr) + 16;
-	/* msg.msg_namelen = sizeof(fromAddr); */
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-	msg.msg_iov->iov_base = recvBuffer;
-	msg.msg_iov->iov_len = 128;
-	msg.msg_control = 0;
-	msg.msg_controllen = 0;
-	msg.msg_flags = 0;
-
-	while (1) {
-		printf("old socket fd=%d\n", sock_fd);
-		if (recvmsg(sock_fd, &msg, 0) == -1) {
-			perror("recvmsg() error\n");
-			close(sock_fd);
-			exit(1);
-		}
-		printf("server received data from client:%s\n", recvBuffer);
-		printf("msg.msg_namelen=%d\n", msg.msg_namelen);
-		printf("new socket fd=%d\n", sock_fd);
-		strcat(recvBuffer, "--data from server");
-		if (sendmsg(sock_fd, &msg, 0) == -1) {
-			perror("sendmsg()\n");
-			close(sock_fd);
-			exit(1);
-		}
-	}
-
-	close(sock_fd);
-	return 0;
-}
-
-Signed-off-by: Weiping Pan <wpan@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/rds/recv.c |    3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/rds/recv.c b/net/rds/recv.c
-index 5c6e9f1..9f0f17c 100644
---- a/net/rds/recv.c
-+++ b/net/rds/recv.c
-@@ -410,6 +410,8 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
- 
- 	rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
- 
-+	msg->msg_namelen = 0;
-+
- 	if (msg_flags & MSG_OOB)
- 		goto out;
- 
-@@ -485,6 +487,7 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
- 			sin->sin_port = inc->i_hdr.h_sport;
- 			sin->sin_addr.s_addr = inc->i_saddr;
- 			memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
-+			msg->msg_namelen = sizeof(*sin);
- 		}
- 		break;
- 	}

debian/patches/bugfix/all/tg3-Fix-TSO-CAP-for-5704-devs-w-ASF-enabled.patch

@@ -1,59 +0,0 @@
-From: Matt Carlson <mcarlson@broadcom.com>
-Date: Mon, 28 Nov 2011 09:41:03 +0000
-Subject: tg3: Fix TSO CAP for 5704 devs w / ASF enabled
-
-commit cf9ecf4b631f649a964fa611f1a5e8874f2a76db upstream.
-
-On the earliest TSO capable devices, TSO was accomplished through
-firmware.  The TSO cannot coexist with ASF management firmware though.
-The tg3 driver determines whether or not ASF is enabled by calling
-tg3_get_eeprom_hw_cfg(), which checks a particular bit of NIC memory.
-Commit dabc5c670d3f86d15ee4f42ab38ec5bd2682487d, entitled "tg3: Move
-TSO_CAPABLE assignment", accidentally moved the code that determines
-TSO capabilities earlier than the call to tg3_get_eeprom_hw_cfg().  As a
-consequence, the driver was attempting to determine TSO capabilities
-before it had all the data it needed to make the decision.
-
-This patch fixes the problem by revisiting and reevaluating the decision
-after tg3_get_eeprom_hw_cfg() is called.
-
-Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
-Signed-off-by: Michael Chan <mchan@broadcom.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- drivers/net/ethernet/broadcom/tg3.c |   14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
-index 0acb279..0c695dc 100644
---- a/drivers/net/ethernet/broadcom/tg3.c
-+++ b/drivers/net/ethernet/broadcom/tg3.c
-@@ -13988,9 +13988,13 @@ static int __devinit tg3_get_invariants(struct tg3 *tp)
- 	if (tg3_flag(tp, HW_TSO_1) ||
- 	    tg3_flag(tp, HW_TSO_2) ||
- 	    tg3_flag(tp, HW_TSO_3) ||
--	    (tp->fw_needed && !tg3_flag(tp, ENABLE_ASF)))
-+	    tp->fw_needed) {
-+		/* For firmware TSO, assume ASF is disabled.
-+		 * We'll disable TSO later if we discover ASF
-+		 * is enabled in tg3_get_eeprom_hw_cfg().
-+		 */
- 		tg3_flag_set(tp, TSO_CAPABLE);
--	else {
-+	} else {
- 		tg3_flag_clear(tp, TSO_CAPABLE);
- 		tg3_flag_clear(tp, TSO_BUG);
- 		tp->fw_needed = NULL;
-@@ -14266,6 +14270,12 @@ static int __devinit tg3_get_invariants(struct tg3 *tp)
- 	 */
- 	tg3_get_eeprom_hw_cfg(tp);
- 
-+	if (tp->fw_needed && tg3_flag(tp, ENABLE_ASF)) {
-+		tg3_flag_clear(tp, TSO_CAPABLE);
-+		tg3_flag_clear(tp, TSO_BUG);
-+		tp->fw_needed = NULL;
-+	}
-+
- 	if (tg3_flag(tp, ENABLE_APE)) {
- 		/* Allow reads and writes to the
- 		 * APE register and memory space.

debian/patches/debian/hid-avoid-ABI-change-in-3.2.31.patch

@@ -0,0 +1,41 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Subject: hid: Avoid ABI change in 3.2.31
+
+Commit b6787242f32700377d3da3b8d788ab3928bab849 ('HID: hidraw: add
+proper error handling to raw event reporting') changed the return type
+of hid_report_raw_event() and hidraw_report_event() from void to int
+(an error number).  Any existing OOT callers are going to ignore this
+value, whether or not they get recompiled.  Therefore, hide the change
+from genksyms.
+--- a/include/linux/hid.h
++++ b/include/linux/hid.h
+@@ -875,8 +875,14 @@ static inline int hid_hw_power(struct hi
+ 	return hdev->ll_driver->power ? hdev->ll_driver->power(hdev, level) : 0;
+ }
+ 
++#ifdef __GENKSYMS__
++/* Old callers will ignore the return value even if we change the return type */
++void hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
++		int interrupt);
++#else
+ int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
+ 		int interrupt);
++#endif
+ 
+ extern int hid_generic_init(void);
+ extern void hid_generic_exit(void);
+--- a/include/linux/hidraw.h
++++ b/include/linux/hidraw.h
+@@ -76,7 +76,12 @@ struct hidraw_list {
+ #ifdef CONFIG_HIDRAW
+ int hidraw_init(void);
+ void hidraw_exit(void);
++#ifdef __GENKSYMS__
++/* Old callers will ignore the return value even if we change the return type */
++void hidraw_report_event(struct hid_device *, u8 *, int);
++#else
+ int hidraw_report_event(struct hid_device *, u8 *, int);
++#endif
+ int hidraw_connect(struct hid_device *);
+ void hidraw_disconnect(struct hid_device *);
+ #else

debian/patches/debian/xfrm-avoid-ABI-change-in-3.2.31.patch

@@ -0,0 +1,28 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Subject: xfrm: Avoid ABI change in 3.2.31
+
+Commit 3b59df46a449ec9975146d71318c4777ad086744 ('xfrm: Workaround
+incompatibility of ESN and async crypto') added a new operation
+'recheck' to struct xfrm_replay.  There is only one instance which
+needs this to be different than 'check'.  So instead of adding the
+operation, check whether we're using that instance and call the
+recheck implementation directly.
+
+--- a/include/net/xfrm.h
++++ b/include/net/xfrm.h
+@@ -269,11 +269,13 @@ struct xfrm_replay {
+ 	int	(*check)(struct xfrm_state *x,
+ 			 struct sk_buff *skb,
+ 			 __be32 net_seq);
++	void	(*notify)(struct xfrm_state *x, int event);
++	int	(*overflow)(struct xfrm_state *x, struct sk_buff *skb);
++#ifndef __GENKSYMS__
+ 	int	(*recheck)(struct xfrm_state *x,
+ 			   struct sk_buff *skb,
+ 			   __be32 net_seq);
+-	void	(*notify)(struct xfrm_state *x, int event);
+-	int	(*overflow)(struct xfrm_state *x, struct sk_buff *skb);
++#endif
+ };
+ 
+ struct net_device;

debian/patches/series

@@ -387,7 +387,6 @@ features/all/bql/ixgbe-add-support-for-byte-queue-limits.patch
 features/all/bql/igb-ixgbe-netdev_tx_reset_queue-incorrectly-called-from-tx-init.patch
 features/all/bql/skge-add-byte-queue-limit-support.patch
 
-bugfix/all/rds-set-correct-msg_namelen.patch
 bugfix/all/PCI-PM-Runtime-make-PCI-traces-quieter.patch
 bugfix/all/media-rc-ite-cir-Initialise-ite_dev-rdev-earlier.patch
 features/all/USB-add-USB_VENDOR_AND_INTERFACE_INFO-macro.patch
@@ -398,6 +397,7 @@ bugfix/x86/drm-i915-i8xx-interrupt-handler.patch
 features/arm/ahci-Add-JMicron-362-device-IDs.patch
 bugfix/all/speakup-lower-default-software-speech-rate.patch
 debian/perf-hide-abi-change-in-3.2.30.patch
-bugfix/all/tg3-Fix-TSO-CAP-for-5704-devs-w-ASF-enabled.patch
 bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch
 debian/iwlwifi-do-not-request-unreleased-firmware.patch
+debian/hid-avoid-ABI-change-in-3.2.31.patch
+debian/xfrm-avoid-ABI-change-in-3.2.31.patch