Update to 3.2.31
Drop 2 patches included in it. Add some more hideous hacks to maintain ABI. svn path=/dists/sid/linux/; revision=19432
This commit is contained in:
parent
f0fc49f73a
commit
efc90e0081
|
@ -1,5 +1,28 @@
|
|||
linux (3.2.30-2) UNRELEASED; urgency=low
|
||||
linux (3.2.31-1) UNRELEASED; urgency=low
|
||||
|
||||
* New upstream stable update:
|
||||
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.31
|
||||
- target: Fix ->data_length re-assignment bug with SCSI overflow
|
||||
- hpsa: fix handling of protocol error
|
||||
- cifs: fix return value in cifsConvertToUTF16
|
||||
- asix: Support DLink DUB-E100 H/W Ver C1 (Closes: #687567)
|
||||
- dj: memory scribble in logi_dj
|
||||
- dm: handle requests beyond end of device instead of using BUG_ON
|
||||
- md/raid10: fix "enough" function for detecting if array is failed.
|
||||
- libata: Prevent interface errors with Seagate FreeAgent GoFlex
|
||||
- vfs: dcache: fix deadlock in tree traversal
|
||||
- Revert "drm/radeon: rework pll selection (v3)" (regression in 3.2.30)
|
||||
- HID: hidraw: don't deallocate memory when it is in use
|
||||
- xfrm: Workaround incompatibility of ESN and async crypto
|
||||
- xfrm_user: fix various information leaks
|
||||
- xfrm_user: ensure user supplied esn replay window is valid
|
||||
- net: guard tcp_set_keepalive() to tcp sockets
|
||||
- ipv4: raw: fix icmp_filter()
|
||||
- ipv6: raw: fix icmpv6_filter()
|
||||
- ipv6: mip6: fix mip6_mh_filter()
|
||||
- netrom: copy_datagram_iovec can fail
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* codel: refine one condition to avoid a nul rec_inv_sqrt
|
||||
* [mips,mipsel] Ignore NFS/SunRPC ABI changes in 3.2.30 (fixes FTBFS)
|
||||
* tg3: Fix TSO CAP for 5704 devs w / ASF enabled
|
||||
|
|
|
@ -1,217 +0,0 @@
|
|||
From: Weiping Pan <wpan@redhat.com>
|
||||
Date: Mon, 23 Jul 2012 10:37:48 +0800
|
||||
Subject: rds: set correct msg_namelen
|
||||
|
||||
commit 06b6a1cf6e776426766298d055bb3991957d90a7 upstream.
|
||||
|
||||
Jay Fenlason (fenlason@redhat.com) found a bug,
|
||||
that recvfrom() on an RDS socket can return the contents of random kernel
|
||||
memory to userspace if it was called with a address length larger than
|
||||
sizeof(struct sockaddr_in).
|
||||
rds_recvmsg() also fails to set the addr_len paramater properly before
|
||||
returning, but that's just a bug.
|
||||
There are also a number of cases wher recvfrom() can return an entirely bogus
|
||||
address. Anything in rds_recvmsg() that returns a non-negative value but does
|
||||
not go through the "sin = (struct sockaddr_in *)msg->msg_name;" code path
|
||||
at the end of the while(1) loop will return up to 128 bytes of kernel memory
|
||||
to userspace.
|
||||
|
||||
And I write two test programs to reproduce this bug, you will see that in
|
||||
rds_server, fromAddr will be overwritten and the following sock_fd will be
|
||||
destroyed.
|
||||
Yes, it is the programmer's fault to set msg_namelen incorrectly, but it is
|
||||
better to make the kernel copy the real length of address to user space in
|
||||
such case.
|
||||
|
||||
How to run the test programs ?
|
||||
I test them on 32bit x86 system, 3.5.0-rc7.
|
||||
|
||||
1 compile
|
||||
gcc -o rds_client rds_client.c
|
||||
gcc -o rds_server rds_server.c
|
||||
|
||||
2 run ./rds_server on one console
|
||||
|
||||
3 run ./rds_client on another console
|
||||
|
||||
4 you will see something like:
|
||||
server is waiting to receive data...
|
||||
old socket fd=3
|
||||
server received data from client:data from client
|
||||
msg.msg_namelen=32
|
||||
new socket fd=-1067277685
|
||||
sendmsg()
|
||||
: Bad file descriptor
|
||||
|
||||
/***************** rds_client.c ********************/
|
||||
|
||||
int main(void)
|
||||
{
|
||||
int sock_fd;
|
||||
struct sockaddr_in serverAddr;
|
||||
struct sockaddr_in toAddr;
|
||||
char recvBuffer[128] = "data from client";
|
||||
struct msghdr msg;
|
||||
struct iovec iov;
|
||||
|
||||
sock_fd = socket(AF_RDS, SOCK_SEQPACKET, 0);
|
||||
if (sock_fd < 0) {
|
||||
perror("create socket error\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
memset(&serverAddr, 0, sizeof(serverAddr));
|
||||
serverAddr.sin_family = AF_INET;
|
||||
serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
|
||||
serverAddr.sin_port = htons(4001);
|
||||
|
||||
if (bind(sock_fd, (struct sockaddr*)&serverAddr, sizeof(serverAddr)) < 0) {
|
||||
perror("bind() error\n");
|
||||
close(sock_fd);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
memset(&toAddr, 0, sizeof(toAddr));
|
||||
toAddr.sin_family = AF_INET;
|
||||
toAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
|
||||
toAddr.sin_port = htons(4000);
|
||||
msg.msg_name = &toAddr;
|
||||
msg.msg_namelen = sizeof(toAddr);
|
||||
msg.msg_iov = &iov;
|
||||
msg.msg_iovlen = 1;
|
||||
msg.msg_iov->iov_base = recvBuffer;
|
||||
msg.msg_iov->iov_len = strlen(recvBuffer) + 1;
|
||||
msg.msg_control = 0;
|
||||
msg.msg_controllen = 0;
|
||||
msg.msg_flags = 0;
|
||||
|
||||
if (sendmsg(sock_fd, &msg, 0) == -1) {
|
||||
perror("sendto() error\n");
|
||||
close(sock_fd);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf("client send data:%s\n", recvBuffer);
|
||||
|
||||
memset(recvBuffer, '\0', 128);
|
||||
|
||||
msg.msg_name = &toAddr;
|
||||
msg.msg_namelen = sizeof(toAddr);
|
||||
msg.msg_iov = &iov;
|
||||
msg.msg_iovlen = 1;
|
||||
msg.msg_iov->iov_base = recvBuffer;
|
||||
msg.msg_iov->iov_len = 128;
|
||||
msg.msg_control = 0;
|
||||
msg.msg_controllen = 0;
|
||||
msg.msg_flags = 0;
|
||||
if (recvmsg(sock_fd, &msg, 0) == -1) {
|
||||
perror("recvmsg() error\n");
|
||||
close(sock_fd);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf("receive data from server:%s\n", recvBuffer);
|
||||
|
||||
close(sock_fd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/***************** rds_server.c ********************/
|
||||
|
||||
int main(void)
|
||||
{
|
||||
struct sockaddr_in fromAddr;
|
||||
int sock_fd;
|
||||
struct sockaddr_in serverAddr;
|
||||
unsigned int addrLen;
|
||||
char recvBuffer[128];
|
||||
struct msghdr msg;
|
||||
struct iovec iov;
|
||||
|
||||
sock_fd = socket(AF_RDS, SOCK_SEQPACKET, 0);
|
||||
if(sock_fd < 0) {
|
||||
perror("create socket error\n");
|
||||
exit(0);
|
||||
}
|
||||
|
||||
memset(&serverAddr, 0, sizeof(serverAddr));
|
||||
serverAddr.sin_family = AF_INET;
|
||||
serverAddr.sin_addr.s_addr = inet_addr("127.0.0.1");
|
||||
serverAddr.sin_port = htons(4000);
|
||||
if (bind(sock_fd, (struct sockaddr*)&serverAddr, sizeof(serverAddr)) < 0) {
|
||||
perror("bind error\n");
|
||||
close(sock_fd);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
printf("server is waiting to receive data...\n");
|
||||
msg.msg_name = &fromAddr;
|
||||
|
||||
/*
|
||||
* I add 16 to sizeof(fromAddr), ie 32,
|
||||
* and pay attention to the definition of fromAddr,
|
||||
* recvmsg() will overwrite sock_fd,
|
||||
* since kernel will copy 32 bytes to userspace.
|
||||
*
|
||||
* If you just use sizeof(fromAddr), it works fine.
|
||||
* */
|
||||
msg.msg_namelen = sizeof(fromAddr) + 16;
|
||||
/* msg.msg_namelen = sizeof(fromAddr); */
|
||||
msg.msg_iov = &iov;
|
||||
msg.msg_iovlen = 1;
|
||||
msg.msg_iov->iov_base = recvBuffer;
|
||||
msg.msg_iov->iov_len = 128;
|
||||
msg.msg_control = 0;
|
||||
msg.msg_controllen = 0;
|
||||
msg.msg_flags = 0;
|
||||
|
||||
while (1) {
|
||||
printf("old socket fd=%d\n", sock_fd);
|
||||
if (recvmsg(sock_fd, &msg, 0) == -1) {
|
||||
perror("recvmsg() error\n");
|
||||
close(sock_fd);
|
||||
exit(1);
|
||||
}
|
||||
printf("server received data from client:%s\n", recvBuffer);
|
||||
printf("msg.msg_namelen=%d\n", msg.msg_namelen);
|
||||
printf("new socket fd=%d\n", sock_fd);
|
||||
strcat(recvBuffer, "--data from server");
|
||||
if (sendmsg(sock_fd, &msg, 0) == -1) {
|
||||
perror("sendmsg()\n");
|
||||
close(sock_fd);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
close(sock_fd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
Signed-off-by: Weiping Pan <wpan@redhat.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/rds/recv.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/net/rds/recv.c b/net/rds/recv.c
|
||||
index 5c6e9f1..9f0f17c 100644
|
||||
--- a/net/rds/recv.c
|
||||
+++ b/net/rds/recv.c
|
||||
@@ -410,6 +410,8 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
|
||||
|
||||
rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
|
||||
|
||||
+ msg->msg_namelen = 0;
|
||||
+
|
||||
if (msg_flags & MSG_OOB)
|
||||
goto out;
|
||||
|
||||
@@ -485,6 +487,7 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
|
||||
sin->sin_port = inc->i_hdr.h_sport;
|
||||
sin->sin_addr.s_addr = inc->i_saddr;
|
||||
memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
|
||||
+ msg->msg_namelen = sizeof(*sin);
|
||||
}
|
||||
break;
|
||||
}
|
|
@ -1,59 +0,0 @@
|
|||
From: Matt Carlson <mcarlson@broadcom.com>
|
||||
Date: Mon, 28 Nov 2011 09:41:03 +0000
|
||||
Subject: tg3: Fix TSO CAP for 5704 devs w / ASF enabled
|
||||
|
||||
commit cf9ecf4b631f649a964fa611f1a5e8874f2a76db upstream.
|
||||
|
||||
On the earliest TSO capable devices, TSO was accomplished through
|
||||
firmware. The TSO cannot coexist with ASF management firmware though.
|
||||
The tg3 driver determines whether or not ASF is enabled by calling
|
||||
tg3_get_eeprom_hw_cfg(), which checks a particular bit of NIC memory.
|
||||
Commit dabc5c670d3f86d15ee4f42ab38ec5bd2682487d, entitled "tg3: Move
|
||||
TSO_CAPABLE assignment", accidentally moved the code that determines
|
||||
TSO capabilities earlier than the call to tg3_get_eeprom_hw_cfg(). As a
|
||||
consequence, the driver was attempting to determine TSO capabilities
|
||||
before it had all the data it needed to make the decision.
|
||||
|
||||
This patch fixes the problem by revisiting and reevaluating the decision
|
||||
after tg3_get_eeprom_hw_cfg() is called.
|
||||
|
||||
Signed-off-by: Matt Carlson <mcarlson@broadcom.com>
|
||||
Signed-off-by: Michael Chan <mchan@broadcom.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/ethernet/broadcom/tg3.c | 14 ++++++++++++--
|
||||
1 file changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
|
||||
index 0acb279..0c695dc 100644
|
||||
--- a/drivers/net/ethernet/broadcom/tg3.c
|
||||
+++ b/drivers/net/ethernet/broadcom/tg3.c
|
||||
@@ -13988,9 +13988,13 @@ static int __devinit tg3_get_invariants(struct tg3 *tp)
|
||||
if (tg3_flag(tp, HW_TSO_1) ||
|
||||
tg3_flag(tp, HW_TSO_2) ||
|
||||
tg3_flag(tp, HW_TSO_3) ||
|
||||
- (tp->fw_needed && !tg3_flag(tp, ENABLE_ASF)))
|
||||
+ tp->fw_needed) {
|
||||
+ /* For firmware TSO, assume ASF is disabled.
|
||||
+ * We'll disable TSO later if we discover ASF
|
||||
+ * is enabled in tg3_get_eeprom_hw_cfg().
|
||||
+ */
|
||||
tg3_flag_set(tp, TSO_CAPABLE);
|
||||
- else {
|
||||
+ } else {
|
||||
tg3_flag_clear(tp, TSO_CAPABLE);
|
||||
tg3_flag_clear(tp, TSO_BUG);
|
||||
tp->fw_needed = NULL;
|
||||
@@ -14266,6 +14270,12 @@ static int __devinit tg3_get_invariants(struct tg3 *tp)
|
||||
*/
|
||||
tg3_get_eeprom_hw_cfg(tp);
|
||||
|
||||
+ if (tp->fw_needed && tg3_flag(tp, ENABLE_ASF)) {
|
||||
+ tg3_flag_clear(tp, TSO_CAPABLE);
|
||||
+ tg3_flag_clear(tp, TSO_BUG);
|
||||
+ tp->fw_needed = NULL;
|
||||
+ }
|
||||
+
|
||||
if (tg3_flag(tp, ENABLE_APE)) {
|
||||
/* Allow reads and writes to the
|
||||
* APE register and memory space.
|
|
@ -0,0 +1,41 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Subject: hid: Avoid ABI change in 3.2.31
|
||||
|
||||
Commit b6787242f32700377d3da3b8d788ab3928bab849 ('HID: hidraw: add
|
||||
proper error handling to raw event reporting') changed the return type
|
||||
of hid_report_raw_event() and hidraw_report_event() from void to int
|
||||
(an error number). Any existing OOT callers are going to ignore this
|
||||
value, whether or not they get recompiled. Therefore, hide the change
|
||||
from genksyms.
|
||||
--- a/include/linux/hid.h
|
||||
+++ b/include/linux/hid.h
|
||||
@@ -875,8 +875,14 @@ static inline int hid_hw_power(struct hi
|
||||
return hdev->ll_driver->power ? hdev->ll_driver->power(hdev, level) : 0;
|
||||
}
|
||||
|
||||
+#ifdef __GENKSYMS__
|
||||
+/* Old callers will ignore the return value even if we change the return type */
|
||||
+void hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
||||
+ int interrupt);
|
||||
+#else
|
||||
int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
||||
int interrupt);
|
||||
+#endif
|
||||
|
||||
extern int hid_generic_init(void);
|
||||
extern void hid_generic_exit(void);
|
||||
--- a/include/linux/hidraw.h
|
||||
+++ b/include/linux/hidraw.h
|
||||
@@ -76,7 +76,12 @@ struct hidraw_list {
|
||||
#ifdef CONFIG_HIDRAW
|
||||
int hidraw_init(void);
|
||||
void hidraw_exit(void);
|
||||
+#ifdef __GENKSYMS__
|
||||
+/* Old callers will ignore the return value even if we change the return type */
|
||||
+void hidraw_report_event(struct hid_device *, u8 *, int);
|
||||
+#else
|
||||
int hidraw_report_event(struct hid_device *, u8 *, int);
|
||||
+#endif
|
||||
int hidraw_connect(struct hid_device *);
|
||||
void hidraw_disconnect(struct hid_device *);
|
||||
#else
|
|
@ -0,0 +1,28 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Subject: xfrm: Avoid ABI change in 3.2.31
|
||||
|
||||
Commit 3b59df46a449ec9975146d71318c4777ad086744 ('xfrm: Workaround
|
||||
incompatibility of ESN and async crypto') added a new operation
|
||||
'recheck' to struct xfrm_replay. There is only one instance which
|
||||
needs this to be different than 'check'. So instead of adding the
|
||||
operation, check whether we're using that instance and call the
|
||||
recheck implementation directly.
|
||||
|
||||
--- a/include/net/xfrm.h
|
||||
+++ b/include/net/xfrm.h
|
||||
@@ -269,11 +269,13 @@ struct xfrm_replay {
|
||||
int (*check)(struct xfrm_state *x,
|
||||
struct sk_buff *skb,
|
||||
__be32 net_seq);
|
||||
+ void (*notify)(struct xfrm_state *x, int event);
|
||||
+ int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
|
||||
+#ifndef __GENKSYMS__
|
||||
int (*recheck)(struct xfrm_state *x,
|
||||
struct sk_buff *skb,
|
||||
__be32 net_seq);
|
||||
- void (*notify)(struct xfrm_state *x, int event);
|
||||
- int (*overflow)(struct xfrm_state *x, struct sk_buff *skb);
|
||||
+#endif
|
||||
};
|
||||
|
||||
struct net_device;
|
|
@ -387,7 +387,6 @@ features/all/bql/ixgbe-add-support-for-byte-queue-limits.patch
|
|||
features/all/bql/igb-ixgbe-netdev_tx_reset_queue-incorrectly-called-from-tx-init.patch
|
||||
features/all/bql/skge-add-byte-queue-limit-support.patch
|
||||
|
||||
bugfix/all/rds-set-correct-msg_namelen.patch
|
||||
bugfix/all/PCI-PM-Runtime-make-PCI-traces-quieter.patch
|
||||
bugfix/all/media-rc-ite-cir-Initialise-ite_dev-rdev-earlier.patch
|
||||
features/all/USB-add-USB_VENDOR_AND_INTERFACE_INFO-macro.patch
|
||||
|
@ -398,6 +397,7 @@ bugfix/x86/drm-i915-i8xx-interrupt-handler.patch
|
|||
features/arm/ahci-Add-JMicron-362-device-IDs.patch
|
||||
bugfix/all/speakup-lower-default-software-speech-rate.patch
|
||||
debian/perf-hide-abi-change-in-3.2.30.patch
|
||||
bugfix/all/tg3-Fix-TSO-CAP-for-5704-devs-w-ASF-enabled.patch
|
||||
bugfix/all/SUNRPC-Set-alloc_slot-for-backchannel-tcp-ops.patch
|
||||
debian/iwlwifi-do-not-request-unreleased-firmware.patch
|
||||
debian/hid-avoid-ABI-change-in-3.2.31.patch
|
||||
debian/xfrm-avoid-ABI-change-in-3.2.31.patch
|
||||
|
|
Loading…
Reference in New Issue