From: Greg Kroah-Hartman Date: Wed, 8 May 2013 22:50:29 +0000 (-0700) Subject: 3.8-stable patches X-Git-Tag: v3.9.2~59 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ee00b8f4951d373a6c4d5d51fc3cc073f53c541;p=thirdparty%2Fkernel%2Fstable-queue.git 3.8-stable patches added patches: e1000e-fix-accessing-to-suspended-device.patch e1000e-fix-runtime-power-management-transitions.patch ext4-add-check-for-inodes_count-overflow-in-new-resize-ioctl.patch iommu-amd-properly-initialize-irq-table-lock.patch ipvs-ip_vs_sip_fill_param-bug-bad-check-of-return-value.patch net-eth-ibmveth-fixup-retrieval-of-mac-address.patch netfilter-ctnetlink-don-t-permit-ct-creation-with-random-tuple.patch netfilter-ip6t_npt-fix-translation-for-non-multiple-of-32-prefix-lengths.patch netfilter-ipset-directory-not-empty-error-message.patch netfilter-ipset-list-set-fix-reference-counter-update.patch netfilter-nf_ct_helper-don-t-discard-helper-if-it-is-actually-the-same.patch netfilter-nf_ct_sip-don-t-drop-packets-with-offsets.patch netfilter-nf_nat-fix-race-when-unloading-protocol-modules.patch netfilter-xt_rpfilter-skip-locally-generated-broadcast-multicast-too.patch pci-pm-clear-state_saved-during-suspend.patch perf-x86-intel-add-support-for-ivybridge-model-58-uncore.patch perf-x86-intel-fix-unintended-variable-name-reuse.patch perf-x86-intel-lbr-demand-proper-privileges-for-perf_sample_branch_kernel.patch perf-x86-intel-lbr-fix-lbr-filter.patch xhci-don-t-warn-on-empty-ring-for-suspended-devices.patch --- diff --git a/queue-3.8/e1000e-fix-accessing-to-suspended-device.patch b/queue-3.8/e1000e-fix-accessing-to-suspended-device.patch new file mode 100644 index 00000000000..fc0678e6baa --- /dev/null +++ b/queue-3.8/e1000e-fix-accessing-to-suspended-device.patch @@ -0,0 +1,77 @@ +From khlebnikov@openvz.org Wed May 8 15:32:19 2013 +From: Konstantin Khlebnikov +Date: Wed, 08 May 2013 12:10:25 +0400 +Subject: e1000e: fix accessing to suspended device +To: stable@vger.kernel.org +Cc: Tóth Attila +Message-ID: <20130508081025.25748.44396.stgit@zurg> + +From: Konstantin Khlebnikov + +commit e60b22c5b7e59db09a7c9490b1e132c7e49ae904 upstream. + +This patch fixes some annoying messages like 'Error reading PHY register' and +'Hardware Erorr' and saves several seconds on reboot. + +Signed-off-by: Konstantin Khlebnikov +Cc: Bruce Allan +Acked-by: Rafael J. Wysocki +Tested-by: Borislav Petkov +Tested-by: Aaron Brown +Signed-off-by: Jeff Kirsher +Tested-by: Tóth Attila +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/intel/e1000e/ethtool.c | 13 +++++++++++++ + drivers/net/ethernet/intel/e1000e/netdev.c | 2 ++ + 2 files changed, 15 insertions(+) + +--- a/drivers/net/ethernet/intel/e1000e/ethtool.c ++++ b/drivers/net/ethernet/intel/e1000e/ethtool.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + #include "e1000.h" + +@@ -2053,7 +2054,19 @@ static int e1000_get_rxnfc(struct net_de + } + } + ++static int e1000e_ethtool_begin(struct net_device *netdev) ++{ ++ return pm_runtime_get_sync(netdev->dev.parent); ++} ++ ++static void e1000e_ethtool_complete(struct net_device *netdev) ++{ ++ pm_runtime_put_sync(netdev->dev.parent); ++} ++ + static const struct ethtool_ops e1000_ethtool_ops = { ++ .begin = e1000e_ethtool_begin, ++ .complete = e1000e_ethtool_complete, + .get_settings = e1000_get_settings, + .set_settings = e1000_set_settings, + .get_drvinfo = e1000_get_drvinfo, +--- a/drivers/net/ethernet/intel/e1000e/netdev.c ++++ b/drivers/net/ethernet/intel/e1000e/netdev.c +@@ -4313,6 +4313,7 @@ static void e1000_phy_read_status(struct + (adapter->hw.phy.media_type == e1000_media_type_copper)) { + int ret_val; + ++ pm_runtime_get_sync(&adapter->pdev->dev); + ret_val = e1e_rphy(hw, PHY_CONTROL, &phy->bmcr); + ret_val |= e1e_rphy(hw, PHY_STATUS, &phy->bmsr); + ret_val |= e1e_rphy(hw, PHY_AUTONEG_ADV, &phy->advertise); +@@ -4323,6 +4324,7 @@ static void e1000_phy_read_status(struct + ret_val |= e1e_rphy(hw, PHY_EXT_STATUS, &phy->estatus); + if (ret_val) + e_warn("Error reading PHY register\n"); ++ pm_runtime_put_sync(&adapter->pdev->dev); + } else { + /* Do not read PHY registers if link is not up + * Set values to typical power-on defaults diff --git a/queue-3.8/e1000e-fix-runtime-power-management-transitions.patch b/queue-3.8/e1000e-fix-runtime-power-management-transitions.patch new file mode 100644 index 00000000000..0803f02de6e --- /dev/null +++ b/queue-3.8/e1000e-fix-runtime-power-management-transitions.patch @@ -0,0 +1,214 @@ +From khlebnikov@openvz.org Wed May 8 15:31:32 2013 +From: Konstantin Khlebnikov +Date: Wed, 08 May 2013 12:10:21 +0400 +Subject: e1000e: fix runtime power management transitions +To: stable@vger.kernel.org +Cc: Tóth Attila +Message-ID: <20130508081021.25748.74292.stgit@zurg> + +From: Konstantin Khlebnikov + +commit 66148babe728f3e00e13c56f6b0ecf325abd80da upstream. + +This patch removes redundant actions from driver and fixes its interaction +with actions in pci-bus runtime power management code. + +It removes pci_save_state() from __e1000_shutdown() for normal adapters, +PCI bus callbacks pci_pm_*() will do all this for us. Now __e1000_shutdown() +switches to D3-state only quad-port adapters, because they needs quirk for +clearing false-positive error from downsteam pci-e port. + +pci_save_state() now called after clearing bus-master bit, thus __e1000_resume() +and e1000_io_slot_reset() must set it back after restoring configuration space. + +This patch set get_link_status before calling pm_runtime_put() in e1000_open() +to allow e1000_idle() get real link status and schedule first runtime suspend. + +This patch also enables wakeup for device if management mode is enabled +(like for WoL) as result pci_prepare_to_sleep() would setup wakeup without +special actions like custom 'enable_wakeup' sign. + +Signed-off-by: Konstantin Khlebnikov +Cc: Bruce Allan +Acked-by: Rafael J. Wysocki +Tested-by: Borislav Petkov +Tested-by: Aaron Brown +Signed-off-by: Jeff Kirsher +Tested-by: Tóth Attila +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/intel/e1000e/netdev.c | 78 ++++++----------------------- + 1 file changed, 18 insertions(+), 60 deletions(-) + +--- a/drivers/net/ethernet/intel/e1000e/netdev.c ++++ b/drivers/net/ethernet/intel/e1000e/netdev.c +@@ -3952,6 +3952,7 @@ static int e1000_open(struct net_device + netif_start_queue(netdev); + + adapter->idle_check = true; ++ hw->mac.get_link_status = true; + pm_runtime_put(&pdev->dev); + + /* fire a link status change interrupt to start the watchdog */ +@@ -5450,8 +5451,7 @@ release: + return retval; + } + +-static int __e1000_shutdown(struct pci_dev *pdev, bool *enable_wake, +- bool runtime) ++static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) + { + struct net_device *netdev = pci_get_drvdata(pdev); + struct e1000_adapter *adapter = netdev_priv(netdev); +@@ -5475,10 +5475,6 @@ static int __e1000_shutdown(struct pci_d + } + e1000e_reset_interrupt_capability(adapter); + +- retval = pci_save_state(pdev); +- if (retval) +- return retval; +- + status = er32(STATUS); + if (status & E1000_STATUS_LU) + wufc &= ~E1000_WUFC_LNKC; +@@ -5534,13 +5530,6 @@ static int __e1000_shutdown(struct pci_d + ew32(WUFC, 0); + } + +- *enable_wake = !!wufc; +- +- /* make sure adapter isn't asleep if manageability is enabled */ +- if ((adapter->flags & FLAG_MNG_PT_ENABLED) || +- (hw->mac.ops.check_mng_mode(hw))) +- *enable_wake = true; +- + if (adapter->hw.phy.type == e1000_phy_igp_3) + e1000e_igp3_phy_powerdown_workaround_ich8lan(&adapter->hw); + +@@ -5551,26 +5540,6 @@ static int __e1000_shutdown(struct pci_d + + pci_clear_master(pdev); + +- return 0; +-} +- +-static void e1000_power_off(struct pci_dev *pdev, bool sleep, bool wake) +-{ +- if (sleep && wake) { +- pci_prepare_to_sleep(pdev); +- return; +- } +- +- pci_wake_from_d3(pdev, wake); +- pci_set_power_state(pdev, PCI_D3hot); +-} +- +-static void e1000_complete_shutdown(struct pci_dev *pdev, bool sleep, +- bool wake) +-{ +- struct net_device *netdev = pci_get_drvdata(pdev); +- struct e1000_adapter *adapter = netdev_priv(netdev); +- + /* The pci-e switch on some quad port adapters will report a + * correctable error when the MAC transitions from D0 to D3. To + * prevent this we need to mask off the correctable errors on the +@@ -5584,12 +5553,13 @@ static void e1000_complete_shutdown(stru + pcie_capability_write_word(us_dev, PCI_EXP_DEVCTL, + (devctl & ~PCI_EXP_DEVCTL_CERE)); + +- e1000_power_off(pdev, sleep, wake); ++ pci_save_state(pdev); ++ pci_prepare_to_sleep(pdev); + + pcie_capability_write_word(us_dev, PCI_EXP_DEVCTL, devctl); +- } else { +- e1000_power_off(pdev, sleep, wake); + } ++ ++ return 0; + } + + #ifdef CONFIG_PCIEASPM +@@ -5640,9 +5610,7 @@ static int __e1000_resume(struct pci_dev + if (aspm_disable_flag) + e1000e_disable_aspm(pdev, aspm_disable_flag); + +- pci_set_power_state(pdev, PCI_D0); +- pci_restore_state(pdev); +- pci_save_state(pdev); ++ pci_set_master(pdev); + + e1000e_set_interrupt_capability(adapter); + if (netif_running(netdev)) { +@@ -5708,14 +5676,8 @@ static int __e1000_resume(struct pci_dev + static int e1000_suspend(struct device *dev) + { + struct pci_dev *pdev = to_pci_dev(dev); +- int retval; +- bool wake; +- +- retval = __e1000_shutdown(pdev, &wake, false); +- if (!retval) +- e1000_complete_shutdown(pdev, true, wake); + +- return retval; ++ return __e1000_shutdown(pdev, false); + } + + static int e1000_resume(struct device *dev) +@@ -5738,13 +5700,10 @@ static int e1000_runtime_suspend(struct + struct net_device *netdev = pci_get_drvdata(pdev); + struct e1000_adapter *adapter = netdev_priv(netdev); + +- if (e1000e_pm_ready(adapter)) { +- bool wake; +- +- __e1000_shutdown(pdev, &wake, true); +- } ++ if (!e1000e_pm_ready(adapter)) ++ return 0; + +- return 0; ++ return __e1000_shutdown(pdev, true); + } + + static int e1000_idle(struct device *dev) +@@ -5782,12 +5741,7 @@ static int e1000_runtime_resume(struct d + + static void e1000_shutdown(struct pci_dev *pdev) + { +- bool wake = false; +- +- __e1000_shutdown(pdev, &wake, false); +- +- if (system_state == SYSTEM_POWER_OFF) +- e1000_complete_shutdown(pdev, false, wake); ++ __e1000_shutdown(pdev, false); + } + + #ifdef CONFIG_NET_POLL_CONTROLLER +@@ -5908,9 +5862,9 @@ static pci_ers_result_t e1000_io_slot_re + "Cannot re-enable PCI device after reset.\n"); + result = PCI_ERS_RESULT_DISCONNECT; + } else { +- pci_set_master(pdev); + pdev->state_saved = true; + pci_restore_state(pdev); ++ pci_set_master(pdev); + + pci_enable_wake(pdev, PCI_D3hot, 0); + pci_enable_wake(pdev, PCI_D3cold, 0); +@@ -6341,7 +6295,11 @@ static int e1000_probe(struct pci_dev *p + + /* initialize the wol settings based on the eeprom settings */ + adapter->wol = adapter->eeprom_wol; +- device_set_wakeup_enable(&adapter->pdev->dev, adapter->wol); ++ ++ /* make sure adapter isn't asleep if manageability is enabled */ ++ if (adapter->wol || (adapter->flags & FLAG_MNG_PT_ENABLED) || ++ (hw->mac.ops.check_mng_mode(hw))) ++ device_wakeup_enable(&pdev->dev); + + /* save off EEPROM version number */ + e1000_read_nvm(&adapter->hw, 5, 1, &adapter->eeprom_vers); diff --git a/queue-3.8/ext4-add-check-for-inodes_count-overflow-in-new-resize-ioctl.patch b/queue-3.8/ext4-add-check-for-inodes_count-overflow-in-new-resize-ioctl.patch new file mode 100644 index 00000000000..17b997e29dd --- /dev/null +++ b/queue-3.8/ext4-add-check-for-inodes_count-overflow-in-new-resize-ioctl.patch @@ -0,0 +1,34 @@ +From 3f8a6411fbada1fa482276591e037f3b1adcf55b Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Sun, 21 Apr 2013 22:56:32 -0400 +Subject: ext4: add check for inodes_count overflow in new resize ioctl + +From: Theodore Ts'o + +commit 3f8a6411fbada1fa482276591e037f3b1adcf55b upstream. + +Addresses-Red-Hat-Bugzilla: #913245 + +Reported-by: Eric Sandeen +Signed-off-by: "Theodore Ts'o" +Reviewed-by: Carlos Maiolino +Signed-off-by: Lingzhu Xiang +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/resize.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -1880,6 +1880,10 @@ retry: + return 0; + + ext4_get_group_no_and_offset(sb, n_blocks_count - 1, &n_group, &offset); ++ if (n_group > (0xFFFFFFFFUL / EXT4_INODES_PER_GROUP(sb))) { ++ ext4_warning(sb, "resize would cause inodes_count overflow"); ++ return -EINVAL; ++ } + ext4_get_group_no_and_offset(sb, o_blocks_count - 1, &o_group, &offset); + + n_desc_blocks = num_desc_blocks(sb, n_group + 1); diff --git a/queue-3.8/iommu-amd-properly-initialize-irq-table-lock.patch b/queue-3.8/iommu-amd-properly-initialize-irq-table-lock.patch new file mode 100644 index 00000000000..5ccc818ba68 --- /dev/null +++ b/queue-3.8/iommu-amd-properly-initialize-irq-table-lock.patch @@ -0,0 +1,31 @@ +From 197887f03daecdb3ae21bafeb4155412abad3497 Mon Sep 17 00:00:00 2001 +From: Joerg Roedel +Date: Tue, 9 Apr 2013 21:14:08 +0200 +Subject: iommu/amd: Properly initialize irq-table lock + +From: Joerg Roedel + +commit 197887f03daecdb3ae21bafeb4155412abad3497 upstream. + +Fixes a lockdep warning. + +Reviewed-by: Shuah Khan +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/amd_iommu.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -3948,6 +3948,9 @@ static struct irq_remap_table *get_irq_t + if (!table) + goto out; + ++ /* Initialize table spin-lock */ ++ spin_lock_init(&table->lock); ++ + if (ioapic) + /* Keep the first 32 indexes free for IOAPIC interrupts */ + table->min_index = 32; diff --git a/queue-3.8/ipvs-ip_vs_sip_fill_param-bug-bad-check-of-return-value.patch b/queue-3.8/ipvs-ip_vs_sip_fill_param-bug-bad-check-of-return-value.patch new file mode 100644 index 00000000000..04b594d2c07 --- /dev/null +++ b/queue-3.8/ipvs-ip_vs_sip_fill_param-bug-bad-check-of-return-value.patch @@ -0,0 +1,80 @@ +From f7a1dd6e3ad59f0cfd51da29dfdbfd54122c5916 Mon Sep 17 00:00:00 2001 +From: Hans Schillstrom +Date: Sat, 27 Apr 2013 20:06:14 +0200 +Subject: ipvs: ip_vs_sip_fill_param() BUG: bad check of return value + +From: Hans Schillstrom + +commit f7a1dd6e3ad59f0cfd51da29dfdbfd54122c5916 upstream. + +The reason for this patch is crash in kmemdup +caused by returning from get_callid with uniialized +matchoff and matchlen. + +Removing Zero check of matchlen since it's done by ct_sip_get_header() + +BUG: unable to handle kernel paging request at ffff880457b5763f +IP: [] kmemdup+0x2e/0x35 +PGD 27f6067 PUD 0 +Oops: 0000 [#1] PREEMPT SMP +Modules linked in: xt_state xt_helper nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_mangle xt_connmark xt_conntrack ip6_tables nf_conntrack_ftp ip_vs_ftp nf_nat xt_tcpudp iptable_mangle xt_mark ip_tables x_tables ip_vs_rr ip_vs_lblcr ip_vs_pe_sip ip_vs nf_conntrack_sip nf_conntrack bonding igb i2c_algo_bit i2c_core +CPU 5 +Pid: 0, comm: swapper/5 Not tainted 3.9.0-rc5+ #5 /S1200KP +RIP: 0010:[] [] kmemdup+0x2e/0x35 +RSP: 0018:ffff8803fea03648 EFLAGS: 00010282 +RAX: ffff8803d61063e0 RBX: 0000000000000003 RCX: 0000000000000003 +RDX: 0000000000000003 RSI: ffff880457b5763f RDI: ffff8803d61063e0 +RBP: ffff8803fea03658 R08: 0000000000000008 R09: 0000000000000011 +R10: 0000000000000011 R11: 00ffffffff81a8a3 R12: ffff880457b5763f +R13: ffff8803d67f786a R14: ffff8803fea03730 R15: ffffffffa0098e90 +FS: 0000000000000000(0000) GS:ffff8803fea00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: ffff880457b5763f CR3: 0000000001a0c000 CR4: 00000000001407e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 +Process swapper/5 (pid: 0, threadinfo ffff8803ee18c000, task ffff8803ee18a480) +Stack: + ffff8803d822a080 000000000000001c ffff8803fea036c8 ffffffffa000937a + ffffffff81f0d8a0 000000038135fdd5 ffff880300000014 ffff880300110000 + ffffffff150118ac ffff8803d7e8a000 ffff88031e0118ac 0000000000000000 +Call Trace: + + + [] ip_vs_sip_fill_param+0x13a/0x187 [ip_vs_pe_sip] + [] ip_vs_sched_persist+0x2c6/0x9c3 [ip_vs] + [] ? __lock_acquire+0x677/0x1697 + [] ? native_sched_clock+0x3c/0x7d + [] ? native_sched_clock+0x3c/0x7d + [] ? sched_clock_cpu+0x43/0xcf + [] ip_vs_schedule+0x181/0x4ba [ip_vs] +... + +Signed-off-by: Hans Schillstrom +Acked-by: Julian Anastasov +Signed-off-by: Simon Horman +Signed-off-by: David S. Miller +Cc: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/ipvs/ip_vs_pe_sip.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/net/netfilter/ipvs/ip_vs_pe_sip.c ++++ b/net/netfilter/ipvs/ip_vs_pe_sip.c +@@ -37,14 +37,10 @@ static int get_callid(const char *dptr, + if (ret > 0) + break; + if (!ret) +- return 0; ++ return -EINVAL; + dataoff += *matchoff; + } + +- /* Empty callid is useless */ +- if (!*matchlen) +- return -EINVAL; +- + /* Too large is useless */ + if (*matchlen > IP_VS_PEDATA_MAXLEN) + return -EINVAL; diff --git a/queue-3.8/net-eth-ibmveth-fixup-retrieval-of-mac-address.patch b/queue-3.8/net-eth-ibmveth-fixup-retrieval-of-mac-address.patch new file mode 100644 index 00000000000..e4d95985aab --- /dev/null +++ b/queue-3.8/net-eth-ibmveth-fixup-retrieval-of-mac-address.patch @@ -0,0 +1,77 @@ +From 13f85203e1060da83d9ec1c1c5a63343eaab8de4 Mon Sep 17 00:00:00 2001 +From: Benjamin Herrenschmidt +Date: Fri, 3 May 2013 17:19:01 +0000 +Subject: net/eth/ibmveth: Fixup retrieval of MAC address + +From: Benjamin Herrenschmidt + +commit 13f85203e1060da83d9ec1c1c5a63343eaab8de4 upstream. + +Some ancient pHyp versions used to create a 8 bytes local-mac-address +property in the device-tree instead of a 6 bytes one for veth. + +The Linux driver code to deal with that is an insane hack which also +happens to break with some choices of MAC addresses in qemu by testing +for a bit in the address rather than just looking at the size of the +property. + +Sanitize this by doing the latter instead. + +Signed-off-by: Benjamin Herrenschmidt +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/ibm/ibmveth.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +--- a/drivers/net/ethernet/ibm/ibmveth.c ++++ b/drivers/net/ethernet/ibm/ibmveth.c +@@ -1326,7 +1326,7 @@ static const struct net_device_ops ibmve + + static int ibmveth_probe(struct vio_dev *dev, const struct vio_device_id *id) + { +- int rc, i; ++ int rc, i, mac_len; + struct net_device *netdev; + struct ibmveth_adapter *adapter; + unsigned char *mac_addr_p; +@@ -1336,11 +1336,19 @@ static int ibmveth_probe(struct vio_dev + dev->unit_address); + + mac_addr_p = (unsigned char *)vio_get_attribute(dev, VETH_MAC_ADDR, +- NULL); ++ &mac_len); + if (!mac_addr_p) { + dev_err(&dev->dev, "Can't find VETH_MAC_ADDR attribute\n"); + return -EINVAL; + } ++ /* Workaround for old/broken pHyp */ ++ if (mac_len == 8) ++ mac_addr_p += 2; ++ else if (mac_len != 6) { ++ dev_err(&dev->dev, "VETH_MAC_ADDR attribute wrong len %d\n", ++ mac_len); ++ return -EINVAL; ++ } + + mcastFilterSize_p = (unsigned int *)vio_get_attribute(dev, + VETH_MCAST_FILTER_SIZE, NULL); +@@ -1365,17 +1373,6 @@ static int ibmveth_probe(struct vio_dev + + netif_napi_add(netdev, &adapter->napi, ibmveth_poll, 16); + +- /* +- * Some older boxes running PHYP non-natively have an OF that returns +- * a 8-byte local-mac-address field (and the first 2 bytes have to be +- * ignored) while newer boxes' OF return a 6-byte field. Note that +- * IEEE 1275 specifies that local-mac-address must be a 6-byte field. +- * The RPA doc specifies that the first byte must be 10b, so we'll +- * just look for it to solve this 8 vs. 6 byte field issue +- */ +- if ((*mac_addr_p & 0x3) != 0x02) +- mac_addr_p += 2; +- + adapter->mac_addr = 0; + memcpy(&adapter->mac_addr, mac_addr_p, 6); + diff --git a/queue-3.8/netfilter-ctnetlink-don-t-permit-ct-creation-with-random-tuple.patch b/queue-3.8/netfilter-ctnetlink-don-t-permit-ct-creation-with-random-tuple.patch new file mode 100644 index 00000000000..118e9e04028 --- /dev/null +++ b/queue-3.8/netfilter-ctnetlink-don-t-permit-ct-creation-with-random-tuple.patch @@ -0,0 +1,35 @@ +From 442fad9423b78319e0019a7f5047eddf3317afbc Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Mon, 11 Feb 2013 23:22:38 +0000 +Subject: netfilter: ctnetlink: don't permit ct creation with random tuple + +From: Florian Westphal + +commit 442fad9423b78319e0019a7f5047eddf3317afbc upstream. + +Userspace can cause kernel panic by not specifying orig/reply +tuple: kernel will create a tuple with random stack values. + +Problem is that tuple.dst.dir will be random, too, which +causes nf_ct_tuplehash_to_ctrack() to return garbage. + +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_conntrack_netlink.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/netfilter/nf_conntrack_netlink.c ++++ b/net/netfilter/nf_conntrack_netlink.c +@@ -1705,6 +1705,9 @@ ctnetlink_new_conntrack(struct sock *ctn + if (nlh->nlmsg_flags & NLM_F_CREATE) { + enum ip_conntrack_events events; + ++ if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY]) ++ return -EINVAL; ++ + ct = ctnetlink_create_conntrack(net, zone, cda, &otuple, + &rtuple, u3); + if (IS_ERR(ct)) diff --git a/queue-3.8/netfilter-ip6t_npt-fix-translation-for-non-multiple-of-32-prefix-lengths.patch b/queue-3.8/netfilter-ip6t_npt-fix-translation-for-non-multiple-of-32-prefix-lengths.patch new file mode 100644 index 00000000000..5e36bb46015 --- /dev/null +++ b/queue-3.8/netfilter-ip6t_npt-fix-translation-for-non-multiple-of-32-prefix-lengths.patch @@ -0,0 +1,32 @@ +From 906b1c394d0906a154fbdc904ca506bceb515756 Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer +Date: Sat, 30 Mar 2013 10:23:12 +0000 +Subject: netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths + +From: Matthias Schiffer + +commit 906b1c394d0906a154fbdc904ca506bceb515756 upstream. + +The bitmask used for the prefix mangling was being calculated +incorrectly, leading to the wrong part of the address being replaced +when the prefix length wasn't a multiple of 32. + +Signed-off-by: Matthias Schiffer +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv6/netfilter/ip6t_NPT.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv6/netfilter/ip6t_NPT.c ++++ b/net/ipv6/netfilter/ip6t_NPT.c +@@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struc + if (pfx_len - i >= 32) + mask = 0; + else +- mask = htonl(~((1 << (pfx_len - i)) - 1)); ++ mask = htonl((1 << (i - pfx_len + 32)) - 1); + + idx = i / 32; + addr->s6_addr32[idx] &= mask; diff --git a/queue-3.8/netfilter-ipset-directory-not-empty-error-message.patch b/queue-3.8/netfilter-ipset-directory-not-empty-error-message.patch new file mode 100644 index 00000000000..b96e9c4c8af --- /dev/null +++ b/queue-3.8/netfilter-ipset-directory-not-empty-error-message.patch @@ -0,0 +1,37 @@ +From dd82088dab3646ed28e4aa43d1a5b5d5ffc2afba Mon Sep 17 00:00:00 2001 +From: Jozsef Kadlecsik +Date: Thu, 21 Feb 2013 11:12:40 +0100 +Subject: netfilter: ipset: "Directory not empty" error message + +From: Jozsef Kadlecsik + +commit dd82088dab3646ed28e4aa43d1a5b5d5ffc2afba upstream. + +When an entry flagged with "nomatch" was tested by ipset, it +returned the error message "Kernel error received: +Directory not empty" instead of " is NOT in set " +(reported by John Brendler). + +The internal error code was not properly transformed before returning +to userspace, fixed. + +Signed-off-by: Jozsef Kadlecsik +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/ipset/ip_set_core.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/netfilter/ipset/ip_set_core.c ++++ b/net/netfilter/ipset/ip_set_core.c +@@ -1470,7 +1470,8 @@ ip_set_utest(struct sock *ctnl, struct s + if (ret == -EAGAIN) + ret = 1; + +- return ret < 0 ? ret : ret > 0 ? 0 : -IPSET_ERR_EXIST; ++ return (ret < 0 && ret != -ENOTEMPTY) ? ret : ++ ret > 0 ? 0 : -IPSET_ERR_EXIST; + } + + /* Get headed data of a set */ diff --git a/queue-3.8/netfilter-ipset-list-set-fix-reference-counter-update.patch b/queue-3.8/netfilter-ipset-list-set-fix-reference-counter-update.patch new file mode 100644 index 00000000000..ca3cfab88d1 --- /dev/null +++ b/queue-3.8/netfilter-ipset-list-set-fix-reference-counter-update.patch @@ -0,0 +1,39 @@ +From 02f815cb6d3f57914228be84df9613ee5a01c2e6 Mon Sep 17 00:00:00 2001 +From: Jozsef Kadlecsik +Date: Tue, 9 Apr 2013 08:57:19 +0000 +Subject: netfilter: ipset: list:set: fix reference counter update + +From: Jozsef Kadlecsik + +commit 02f815cb6d3f57914228be84df9613ee5a01c2e6 upstream. + +The last element can be replaced or pushed off and in both +cases the reference counter must be updated. + +Signed-off-by: Jozsef Kadlecsik +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/ipset/ip_set_list_set.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/net/netfilter/ipset/ip_set_list_set.c ++++ b/net/netfilter/ipset/ip_set_list_set.c +@@ -174,9 +174,13 @@ list_set_add(struct list_set *map, u32 i + { + const struct set_elem *e = list_set_elem(map, i); + +- if (i == map->size - 1 && e->id != IPSET_INVALID_ID) +- /* Last element replaced: e.g. add new,before,last */ +- ip_set_put_byindex(e->id); ++ if (e->id != IPSET_INVALID_ID) { ++ const struct set_elem *x = list_set_elem(map, map->size - 1); ++ ++ /* Last element replaced or pushed off */ ++ if (x->id != IPSET_INVALID_ID) ++ ip_set_put_byindex(x->id); ++ } + if (with_timeout(map->timeout)) + list_elem_tadd(map, i, id, ip_set_timeout_set(timeout)); + else diff --git a/queue-3.8/netfilter-nf_ct_helper-don-t-discard-helper-if-it-is-actually-the-same.patch b/queue-3.8/netfilter-nf_ct_helper-don-t-discard-helper-if-it-is-actually-the-same.patch new file mode 100644 index 00000000000..a38b9cf767c --- /dev/null +++ b/queue-3.8/netfilter-nf_ct_helper-don-t-discard-helper-if-it-is-actually-the-same.patch @@ -0,0 +1,42 @@ +From 6e2f0aa8cf8892868bf2c19349cb5d7c407f690d Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Tue, 12 Feb 2013 05:59:53 +0000 +Subject: netfilter: nf_ct_helper: don't discard helper if it is actually the same + +From: Florian Westphal + +commit 6e2f0aa8cf8892868bf2c19349cb5d7c407f690d upstream. + +commit (32f5376 netfilter: nf_ct_helper: disable automatic helper +re-assignment of different type) broke transparent proxy scenarios. + +For example, initial helper lookup might yield "ftp" (dport 21), +while re-lookup after REDIRECT yields "ftp-2121". + +This causes the autoassign code to toss the ftp helper, even +though these are just different instances of the same helper. + +Change the test to check for the helper function address instead +of the helper address, as suggested by Pablo. + +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_conntrack_helper.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/netfilter/nf_conntrack_helper.c ++++ b/net/netfilter/nf_conntrack_helper.c +@@ -236,7 +236,9 @@ int __nf_ct_try_assign_helper(struct nf_ + /* We only allow helper re-assignment of the same sort since + * we cannot reallocate the helper extension area. + */ +- if (help->helper != helper) { ++ struct nf_conntrack_helper *tmp = rcu_dereference(help->helper); ++ ++ if (tmp && tmp->help != helper->help) { + RCU_INIT_POINTER(help->helper, NULL); + goto out; + } diff --git a/queue-3.8/netfilter-nf_ct_sip-don-t-drop-packets-with-offsets.patch b/queue-3.8/netfilter-nf_ct_sip-don-t-drop-packets-with-offsets.patch new file mode 100644 index 00000000000..87abf1c549c --- /dev/null +++ b/queue-3.8/netfilter-nf_ct_sip-don-t-drop-packets-with-offsets.patch @@ -0,0 +1,35 @@ +From 3a7b21eaf4fb3c971bdb47a98f570550ddfe4471 Mon Sep 17 00:00:00 2001 +From: Patrick McHardy +Date: Fri, 5 Apr 2013 08:13:30 +0000 +Subject: netfilter: nf_ct_sip: don't drop packets with offsets + pointing outside the packet + +From: Patrick McHardy + +commit 3a7b21eaf4fb3c971bdb47a98f570550ddfe4471 upstream. + +Some Cisco phones create huge messages that are spread over multiple packets. +After calculating the offset of the SIP body, it is validated to be within +the packet and the packet is dropped otherwise. This breaks operation of +these phones. Since connection tracking is supposed to be passive, just let +those packets pass unmodified and untracked. + +Signed-off-by: Patrick McHardy +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_conntrack_sip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nf_conntrack_sip.c ++++ b/net/netfilter/nf_conntrack_sip.c +@@ -1547,7 +1547,7 @@ static int sip_help_tcp(struct sk_buff * + + msglen = origlen = end - dptr; + if (msglen > datalen) +- return NF_DROP; ++ return NF_ACCEPT; + + ret = process_sip_msg(skb, ct, protoff, dataoff, + &dptr, &msglen); diff --git a/queue-3.8/netfilter-nf_nat-fix-race-when-unloading-protocol-modules.patch b/queue-3.8/netfilter-nf_nat-fix-race-when-unloading-protocol-modules.patch new file mode 100644 index 00000000000..8e8b3d1529d --- /dev/null +++ b/queue-3.8/netfilter-nf_nat-fix-race-when-unloading-protocol-modules.patch @@ -0,0 +1,126 @@ +From c2d421e171868586939c328dfb91bab840fe4c49 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Thu, 11 Apr 2013 04:22:39 +0000 +Subject: netfilter: nf_nat: fix race when unloading protocol modules + +From: Florian Westphal + +commit c2d421e171868586939c328dfb91bab840fe4c49 upstream. + +following oops was reported: +RIP: 0010:[] [] nf_nat_cleanup_conntrack+0x42/0x70 [nf_nat] +RSP: 0018:ffff880202c63d40 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: ffff8801ac7bec28 RCX: ffff8801d0eedbe0 +RDX: dead000000200200 RSI: 0000000000000011 RDI: ffffffffa03265b8 +[..] +Call Trace: + [..] + [] destroy_conntrack+0xbd/0x110 [nf_conntrack] + +Happens when a conntrack timeout expires right after first part +of the nat cleanup has completed (bysrc hash removal), but before +part 2 has completed (re-initialization of nat area). + +[ destroy callback tries to delete bysrc again ] + +Patrick suggested to just remove the affected conntracks -- the +connections won't work properly anyway without nat transformation. + +So, lets do that. + +Reported-by: CAI Qian +Cc: Patrick McHardy +Signed-off-by: Florian Westphal +Acked-by: Patrick McHardy +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_nat_core.c | 40 +++++++--------------------------------- + 1 file changed, 7 insertions(+), 33 deletions(-) + +--- a/net/netfilter/nf_nat_core.c ++++ b/net/netfilter/nf_nat_core.c +@@ -468,33 +468,22 @@ EXPORT_SYMBOL_GPL(nf_nat_packet); + struct nf_nat_proto_clean { + u8 l3proto; + u8 l4proto; +- bool hash; + }; + +-/* Clear NAT section of all conntracks, in case we're loaded again. */ +-static int nf_nat_proto_clean(struct nf_conn *i, void *data) ++/* kill conntracks with affected NAT section */ ++static int nf_nat_proto_remove(struct nf_conn *i, void *data) + { + const struct nf_nat_proto_clean *clean = data; + struct nf_conn_nat *nat = nfct_nat(i); + + if (!nat) + return 0; +- if (!(i->status & IPS_SRC_NAT_DONE)) +- return 0; ++ + if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) || + (clean->l4proto && nf_ct_protonum(i) != clean->l4proto)) + return 0; + +- if (clean->hash) { +- spin_lock_bh(&nf_nat_lock); +- hlist_del_rcu(&nat->bysource); +- spin_unlock_bh(&nf_nat_lock); +- } else { +- memset(nat, 0, sizeof(*nat)); +- i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | +- IPS_SEQ_ADJUST); +- } +- return 0; ++ return i->status & IPS_NAT_MASK ? 1 : 0; + } + + static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) +@@ -506,16 +495,8 @@ static void nf_nat_l4proto_clean(u8 l3pr + struct net *net; + + rtnl_lock(); +- /* Step 1 - remove from bysource hash */ +- clean.hash = true; + for_each_net(net) +- nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); +- synchronize_rcu(); +- +- /* Step 2 - clean NAT section */ +- clean.hash = false; +- for_each_net(net) +- nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); ++ nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean); + rtnl_unlock(); + } + +@@ -527,16 +508,9 @@ static void nf_nat_l3proto_clean(u8 l3pr + struct net *net; + + rtnl_lock(); +- /* Step 1 - remove from bysource hash */ +- clean.hash = true; +- for_each_net(net) +- nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); +- synchronize_rcu(); + +- /* Step 2 - clean NAT section */ +- clean.hash = false; + for_each_net(net) +- nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); ++ nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean); + rtnl_unlock(); + } + +@@ -774,7 +748,7 @@ static void __net_exit nf_nat_net_exit(s + { + struct nf_nat_proto_clean clean = {}; + +- nf_ct_iterate_cleanup(net, &nf_nat_proto_clean, &clean); ++ nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean); + synchronize_rcu(); + nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size); + } diff --git a/queue-3.8/netfilter-xt_rpfilter-skip-locally-generated-broadcast-multicast-too.patch b/queue-3.8/netfilter-xt_rpfilter-skip-locally-generated-broadcast-multicast-too.patch new file mode 100644 index 00000000000..5da1425ee61 --- /dev/null +++ b/queue-3.8/netfilter-xt_rpfilter-skip-locally-generated-broadcast-multicast-too.patch @@ -0,0 +1,77 @@ +From f83a7ea2075ca896f2dbf07672bac9cf3682ff74 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Wed, 17 Apr 2013 22:45:24 +0000 +Subject: netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too + +From: Florian Westphal + +commit f83a7ea2075ca896f2dbf07672bac9cf3682ff74 upstream. + +Alex Efros reported rpfilter module doesn't match following packets: +IN=br.qemu SRC=192.168.2.1 DST=192.168.2.255 [ .. ] +(netfilter bugzilla #814). + +Problem is that network stack arranges for the locally generated broadcasts +to appear on the interface they were sent out, so the IFF_LOOPBACK check +doesn't trigger. + +As -m rpfilter is restricted to PREROUTING, we can check for existing +rtable instead, it catches locally-generated broad/multicast case, too. + +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/netfilter/ipt_rpfilter.c | 8 +++++++- + net/ipv6/netfilter/ip6t_rpfilter.c | 8 +++++++- + 2 files changed, 14 insertions(+), 2 deletions(-) + +--- a/net/ipv4/netfilter/ipt_rpfilter.c ++++ b/net/ipv4/netfilter/ipt_rpfilter.c +@@ -66,6 +66,12 @@ static bool rpfilter_lookup_reverse(stru + return dev_match; + } + ++static bool rpfilter_is_local(const struct sk_buff *skb) ++{ ++ const struct rtable *rt = skb_rtable(skb); ++ return rt && (rt->rt_flags & RTCF_LOCAL); ++} ++ + static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) + { + const struct xt_rpfilter_info *info; +@@ -76,7 +82,7 @@ static bool rpfilter_mt(const struct sk_ + info = par->matchinfo; + invert = info->flags & XT_RPFILTER_INVERT; + +- if (par->in->flags & IFF_LOOPBACK) ++ if (rpfilter_is_local(skb)) + return true ^ invert; + + iph = ip_hdr(skb); +--- a/net/ipv6/netfilter/ip6t_rpfilter.c ++++ b/net/ipv6/netfilter/ip6t_rpfilter.c +@@ -71,6 +71,12 @@ static bool rpfilter_lookup_reverse6(con + return ret; + } + ++static bool rpfilter_is_local(const struct sk_buff *skb) ++{ ++ const struct rt6_info *rt = (const void *) skb_dst(skb); ++ return rt && (rt->rt6i_flags & RTF_LOCAL); ++} ++ + static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) + { + const struct xt_rpfilter_info *info = par->matchinfo; +@@ -78,7 +84,7 @@ static bool rpfilter_mt(const struct sk_ + struct ipv6hdr *iph; + bool invert = info->flags & XT_RPFILTER_INVERT; + +- if (par->in->flags & IFF_LOOPBACK) ++ if (rpfilter_is_local(skb)) + return true ^ invert; + + iph = ipv6_hdr(skb); diff --git a/queue-3.8/pci-pm-clear-state_saved-during-suspend.patch b/queue-3.8/pci-pm-clear-state_saved-during-suspend.patch new file mode 100644 index 00000000000..66b93be59b2 --- /dev/null +++ b/queue-3.8/pci-pm-clear-state_saved-during-suspend.patch @@ -0,0 +1,60 @@ +From khlebnikov@openvz.org Wed May 8 15:30:56 2013 +From: Konstantin Khlebnikov +Date: Wed, 08 May 2013 12:10:18 +0400 +Subject: PCI/PM: Clear state_saved during suspend +To: stable@vger.kernel.org +Cc: Tóth Attila +Message-ID: <20130508081018.25748.86347.stgit@zurg> + +From: Rafael J. Wysocki + +commit 82fee4d67ab86d6fe5eb0f9a9e988ca9d654d765 upstream. + +This patch clears pci_dev->state_saved at the beginning of suspending. +PCI config state may be saved long before that. Some drivers call +pci_save_state() from the ->probe() callback to get snapshot of sane +configuration space to use in the ->slot_reset() callback. + +Signed-off-by: Konstantin Khlebnikov # add comment +Signed-off-by: Bjorn Helgaas +Tested-by: Tóth Attila +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pci-driver.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -628,6 +628,7 @@ static int pci_pm_suspend(struct device + goto Fixup; + } + ++ pci_dev->state_saved = false; + if (pm->suspend) { + pci_power_t prev = pci_dev->current_state; + int error; +@@ -774,6 +775,7 @@ static int pci_pm_freeze(struct device * + return 0; + } + ++ pci_dev->state_saved = false; + if (pm->freeze) { + int error; + +@@ -862,6 +864,7 @@ static int pci_pm_poweroff(struct device + goto Fixup; + } + ++ pci_dev->state_saved = false; + if (pm->poweroff) { + int error; + +@@ -987,6 +990,7 @@ static int pci_pm_runtime_suspend(struct + if (!pm || !pm->runtime_suspend) + return -ENOSYS; + ++ pci_dev->state_saved = false; + pci_dev->no_d3cold = false; + error = pm->runtime_suspend(dev); + suspend_report_result(pm->runtime_suspend, error); diff --git a/queue-3.8/perf-x86-intel-add-support-for-ivybridge-model-58-uncore.patch b/queue-3.8/perf-x86-intel-add-support-for-ivybridge-model-58-uncore.patch new file mode 100644 index 00000000000..00d69b9c698 --- /dev/null +++ b/queue-3.8/perf-x86-intel-add-support-for-ivybridge-model-58-uncore.patch @@ -0,0 +1,38 @@ +From 9a6bc14350b130427725f33e371e86212fa56c85 Mon Sep 17 00:00:00 2001 +From: Vince Weaver +Date: Mon, 29 Apr 2013 15:52:27 -0400 +Subject: perf/x86/intel: Add support for IvyBridge model 58 Uncore + +From: Vince Weaver + +commit 9a6bc14350b130427725f33e371e86212fa56c85 upstream. + +According to Intel Vol3b 18.9, the IvyBridge model 58 uncore is +the same as that of SandyBridge. + +I've done some simple tests and with this patch things seem to +work on my mac-mini. + +Signed-off-by: Vince Weaver +Cc: Peter Zijlstra +Cc: Paul Mackerras +Cc: Arnaldo Carvalho de Melo +Cc: Stephane Eranian +Link: http://lkml.kernel.org/r/alpine.DEB.2.02.1304291549320.15827@vincent-weaver-1.um.maine.edu +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/perf_event_intel_uncore.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +@@ -2853,6 +2853,7 @@ static int __init uncore_cpu_init(void) + msr_uncores = nhm_msr_uncores; + break; + case 42: /* Sandy Bridge */ ++ case 58: /* Ivy Bridge */ + if (snb_uncore_cbox.num_boxes > max_cores) + snb_uncore_cbox.num_boxes = max_cores; + msr_uncores = snb_msr_uncores; diff --git a/queue-3.8/perf-x86-intel-fix-unintended-variable-name-reuse.patch b/queue-3.8/perf-x86-intel-fix-unintended-variable-name-reuse.patch new file mode 100644 index 00000000000..00bc9fdeeec --- /dev/null +++ b/queue-3.8/perf-x86-intel-fix-unintended-variable-name-reuse.patch @@ -0,0 +1,67 @@ +From 1b0dac2ac6debdbf1541e15f2cede03613cf4465 Mon Sep 17 00:00:00 2001 +From: Jan-Simon Möller +Date: Tue, 30 Apr 2013 12:02:33 +0200 +Subject: perf/x86/intel: Fix unintended variable name reuse + +From: Jan-Simon Möller + +commit 1b0dac2ac6debdbf1541e15f2cede03613cf4465 upstream. + +The variable name events_group is already in used and led to a +compilation error when using clang to build the Linux Kernel . +The fix is just to rename the var. No functional change. Please +apply. + +Fix suggested in discussion by PaX Team + +Signed-off-by: Jan-Simon Möller +Cc: rostedt@goodmis.org +Cc: a.p.zijlstra@chello.nl +Cc: paulus@samba.org +Cc: acme@ghostprotocols.net +Link: http://lkml.kernel.org/r/1367316153-14808-1-git-send-email-dl9pf@gmx.de +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/perf_event_intel_uncore.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +@@ -2428,7 +2428,7 @@ static void __init uncore_types_exit(str + static int __init uncore_type_init(struct intel_uncore_type *type) + { + struct intel_uncore_pmu *pmus; +- struct attribute_group *events_group; ++ struct attribute_group *attr_group; + struct attribute **attrs; + int i, j; + +@@ -2455,19 +2455,19 @@ static int __init uncore_type_init(struc + while (type->event_descs[i].attr.attr.name) + i++; + +- events_group = kzalloc(sizeof(struct attribute *) * (i + 1) + +- sizeof(*events_group), GFP_KERNEL); +- if (!events_group) ++ attr_group = kzalloc(sizeof(struct attribute *) * (i + 1) + ++ sizeof(*attr_group), GFP_KERNEL); ++ if (!attr_group) + goto fail; + +- attrs = (struct attribute **)(events_group + 1); +- events_group->name = "events"; +- events_group->attrs = attrs; ++ attrs = (struct attribute **)(attr_group + 1); ++ attr_group->name = "events"; ++ attr_group->attrs = attrs; + + for (j = 0; j < i; j++) + attrs[j] = &type->event_descs[j].attr.attr; + +- type->events_group = events_group; ++ type->events_group = attr_group; + } + + type->pmu_group = &uncore_pmu_attr_group; diff --git a/queue-3.8/perf-x86-intel-lbr-demand-proper-privileges-for-perf_sample_branch_kernel.patch b/queue-3.8/perf-x86-intel-lbr-demand-proper-privileges-for-perf_sample_branch_kernel.patch new file mode 100644 index 00000000000..7381ebb799c --- /dev/null +++ b/queue-3.8/perf-x86-intel-lbr-demand-proper-privileges-for-perf_sample_branch_kernel.patch @@ -0,0 +1,69 @@ +From 7cc23cd6c0c7d7f4bee057607e7ce01568925717 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Fri, 3 May 2013 14:11:25 +0200 +Subject: perf/x86/intel/lbr: Demand proper privileges for PERF_SAMPLE_BRANCH_KERNEL + +From: Peter Zijlstra + +commit 7cc23cd6c0c7d7f4bee057607e7ce01568925717 upstream. + +We should always have proper privileges when requesting kernel +data. + +Signed-off-by: Peter Zijlstra +Cc: Andi Kleen +Cc: eranian@google.com +Link: http://lkml.kernel.org/r/20130503121256.230745028@chello.nl +[ Fix build error reported by fengguang.wu@intel.com, propagate error code back. ] +Signed-off-by: Ingo Molnar +Link: http://lkml.kernel.org/n/tip-v0x9ky3ahzr6nm3c6ilwrili@git.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/perf_event_intel_lbr.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +--- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c +@@ -310,7 +310,7 @@ void intel_pmu_lbr_read(void) + * - in case there is no HW filter + * - in case the HW filter has errata or limitations + */ +-static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event) ++static int intel_pmu_setup_sw_lbr_filter(struct perf_event *event) + { + u64 br_type = event->attr.branch_sample_type; + int mask = 0; +@@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filte + if (br_type & PERF_SAMPLE_BRANCH_USER) + mask |= X86_BR_USER; + +- if (br_type & PERF_SAMPLE_BRANCH_KERNEL) ++ if (br_type & PERF_SAMPLE_BRANCH_KERNEL) { ++ if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) ++ return -EACCES; + mask |= X86_BR_KERNEL; ++ } + + /* we ignore BRANCH_HV here */ + +@@ -339,6 +342,8 @@ static void intel_pmu_setup_sw_lbr_filte + * be used by fixup code for some CPU + */ + event->hw.branch_reg.reg = mask; ++ ++ return 0; + } + + /* +@@ -386,7 +391,9 @@ int intel_pmu_setup_lbr_filter(struct pe + /* + * setup SW LBR filter + */ +- intel_pmu_setup_sw_lbr_filter(event); ++ ret = intel_pmu_setup_sw_lbr_filter(event); ++ if (ret) ++ return ret; + + /* + * setup HW LBR filter, if any diff --git a/queue-3.8/perf-x86-intel-lbr-fix-lbr-filter.patch b/queue-3.8/perf-x86-intel-lbr-fix-lbr-filter.patch new file mode 100644 index 00000000000..f00eb7b0c9e --- /dev/null +++ b/queue-3.8/perf-x86-intel-lbr-fix-lbr-filter.patch @@ -0,0 +1,51 @@ +From 6e15eb3ba6c0249c9e8c783517d131b47db995ca Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Fri, 3 May 2013 14:11:24 +0200 +Subject: perf/x86/intel/lbr: Fix LBR filter + +From: Peter Zijlstra + +commit 6e15eb3ba6c0249c9e8c783517d131b47db995ca upstream. + +The LBR 'from' adddress is under full userspace control; ensure +we validate it before reading from it. + +Note: is_module_text_address() can potentially be quite +expensive; for those running into that with high overhead +in modules optimize it using an RCU backed rb-tree. + +Reported-by: Andi Kleen +Signed-off-by: Peter Zijlstra +Cc: eranian@google.com +Link: http://lkml.kernel.org/r/20130503121256.158211806@chello.nl +Signed-off-by: Ingo Molnar +Link: http://lkml.kernel.org/n/tip-mk8i82ffzax01cnqo829iy1q@git.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/perf_event_intel_lbr.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c +@@ -442,8 +442,18 @@ static int branch_type(unsigned long fro + return X86_BR_NONE; + + addr = buf; +- } else +- addr = (void *)from; ++ } else { ++ /* ++ * The LBR logs any address in the IP, even if the IP just ++ * faulted. This means userspace can control the from address. ++ * Ensure we don't blindy read any address by validating it is ++ * a known text address. ++ */ ++ if (kernel_text_address(from)) ++ addr = (void *)from; ++ else ++ return X86_BR_NONE; ++ } + + /* + * decoder needs to know the ABI especially diff --git a/queue-3.8/series b/queue-3.8/series index a37066f8b49..af5a88e93e4 100644 --- a/queue-3.8/series +++ b/queue-3.8/series @@ -4,3 +4,23 @@ powerpc-fix-numa-distance-for-form0-device-tree.patch pwm-spear-fix-checking-return-value-of-clk_enable-and-clk_prepare.patch autofs-remove-autofs-dentry-mount-check.patch hugetlbfs-fix-mmap-failure-in-unaligned-size-request.patch +iommu-amd-properly-initialize-irq-table-lock.patch +net-eth-ibmveth-fixup-retrieval-of-mac-address.patch +perf-x86-intel-add-support-for-ivybridge-model-58-uncore.patch +perf-x86-intel-fix-unintended-variable-name-reuse.patch +perf-x86-intel-lbr-fix-lbr-filter.patch +perf-x86-intel-lbr-demand-proper-privileges-for-perf_sample_branch_kernel.patch +pci-pm-clear-state_saved-during-suspend.patch +e1000e-fix-runtime-power-management-transitions.patch +e1000e-fix-accessing-to-suspended-device.patch +xhci-don-t-warn-on-empty-ring-for-suspended-devices.patch +ipvs-ip_vs_sip_fill_param-bug-bad-check-of-return-value.patch +netfilter-nf_nat-fix-race-when-unloading-protocol-modules.patch +netfilter-ipset-list-set-fix-reference-counter-update.patch +netfilter-nf_ct_sip-don-t-drop-packets-with-offsets.patch +netfilter-ipset-directory-not-empty-error-message.patch +netfilter-nf_ct_helper-don-t-discard-helper-if-it-is-actually-the-same.patch +netfilter-ctnetlink-don-t-permit-ct-creation-with-random-tuple.patch +netfilter-xt_rpfilter-skip-locally-generated-broadcast-multicast-too.patch +netfilter-ip6t_npt-fix-translation-for-non-multiple-of-32-prefix-lengths.patch +ext4-add-check-for-inodes_count-overflow-in-new-resize-ioctl.patch diff --git a/queue-3.8/xhci-don-t-warn-on-empty-ring-for-suspended-devices.patch b/queue-3.8/xhci-don-t-warn-on-empty-ring-for-suspended-devices.patch new file mode 100644 index 00000000000..7b5a3a60862 --- /dev/null +++ b/queue-3.8/xhci-don-t-warn-on-empty-ring-for-suspended-devices.patch @@ -0,0 +1,58 @@ +From a83d6755814e4614ba77e15d82796af0f695c6b8 Mon Sep 17 00:00:00 2001 +From: Sarah Sharp +Date: Mon, 18 Mar 2013 10:19:51 -0700 +Subject: xhci: Don't warn on empty ring for suspended devices. + +From: Sarah Sharp + +commit a83d6755814e4614ba77e15d82796af0f695c6b8 upstream. + +When a device attached to the roothub is suspended, the endpoint rings +are stopped. The host may generate a completion event with the +completion code set to 'Stopped' or 'Stopped Invalid' when the ring is +halted. The current xHCI code prints a warning in that case, which can +be really annoying if the USB device is coming into and out of suspend. + +Remove the unnecessary warning. + +Signed-off-by: Sarah Sharp +Tested-by: Stephen Hemminger +Cc: Luis Henriques +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/xhci-ring.c | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) + +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -2461,14 +2461,21 @@ static int handle_tx_event(struct xhci_h + * TD list. + */ + if (list_empty(&ep_ring->td_list)) { +- xhci_warn(xhci, "WARN Event TRB for slot %d ep %d " +- "with no TDs queued?\n", +- TRB_TO_SLOT_ID(le32_to_cpu(event->flags)), +- ep_index); +- xhci_dbg(xhci, "Event TRB with TRB type ID %u\n", +- (le32_to_cpu(event->flags) & +- TRB_TYPE_BITMASK)>>10); +- xhci_print_trb_offsets(xhci, (union xhci_trb *) event); ++ /* ++ * A stopped endpoint may generate an extra completion ++ * event if the device was suspended. Don't print ++ * warnings. ++ */ ++ if (!(trb_comp_code == COMP_STOP || ++ trb_comp_code == COMP_STOP_INVAL)) { ++ xhci_warn(xhci, "WARN Event TRB for slot %d ep %d with no TDs queued?\n", ++ TRB_TO_SLOT_ID(le32_to_cpu(event->flags)), ++ ep_index); ++ xhci_dbg(xhci, "Event TRB with TRB type ID %u\n", ++ (le32_to_cpu(event->flags) & ++ TRB_TYPE_BITMASK)>>10); ++ xhci_print_trb_offsets(xhci, (union xhci_trb *) event); ++ } + if (ep->skip) { + ep->skip = false; + xhci_dbg(xhci, "td_list is empty while skip "