From: Greg Kroah-Hartman Date: Tue, 18 Nov 2014 19:00:46 +0000 (-0800) Subject: 3.10-stable patches X-Git-Tag: v3.10.61~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ae6f6ae34dacd1137d000c3c470096bbf2df1c07;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: ahci-add-device-ids-for-intel-sunrise-point-pch.patch ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch audit-keep-inode-pinned.patch iwlwifi-configure-the-ltr.patch libceph-do-not-crash-on-large-auth-tickets.patch macvtap-fix-csum_start-when-vlan-tags-are-present.patch x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch xtensa-re-wire-umount-syscall-to-sys_oldumount.patch --- diff --git a/queue-3.10/ahci-add-device-ids-for-intel-sunrise-point-pch.patch b/queue-3.10/ahci-add-device-ids-for-intel-sunrise-point-pch.patch new file mode 100644 index 00000000000..aa834e3a17b --- /dev/null +++ b/queue-3.10/ahci-add-device-ids-for-intel-sunrise-point-pch.patch @@ -0,0 +1,33 @@ +From 690000b930456a98663567d35dd5c54b688d1e3f Mon Sep 17 00:00:00 2001 +From: James Ralston +Date: Mon, 13 Oct 2014 15:16:38 -0700 +Subject: ahci: Add Device IDs for Intel Sunrise Point PCH + +From: James Ralston + +commit 690000b930456a98663567d35dd5c54b688d1e3f upstream. + +This patch adds the AHCI-mode SATA Device IDs for the Intel Sunrise Point PCH. + +Signed-off-by: James Ralston +Signed-off-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/ahci.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -312,6 +312,11 @@ static const struct pci_device_id ahci_p + { PCI_VDEVICE(INTEL, 0x8c87), board_ahci }, /* 9 Series RAID */ + { PCI_VDEVICE(INTEL, 0x8c8e), board_ahci }, /* 9 Series RAID */ + { PCI_VDEVICE(INTEL, 0x8c8f), board_ahci }, /* 9 Series RAID */ ++ { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H AHCI */ ++ { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H RAID */ ++ { PCI_VDEVICE(INTEL, 0xa105), board_ahci }, /* Sunrise Point-H RAID */ ++ { PCI_VDEVICE(INTEL, 0xa107), board_ahci }, /* Sunrise Point-H RAID */ ++ { PCI_VDEVICE(INTEL, 0xa10f), board_ahci }, /* Sunrise Point-H RAID */ + + /* JMicron 360/1/3/5/6, match class to avoid IDE function */ + { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, diff --git a/queue-3.10/ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch b/queue-3.10/ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch new file mode 100644 index 00000000000..5f9276217bb --- /dev/null +++ b/queue-3.10/ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch @@ -0,0 +1,63 @@ +From 66a7cbc303f4d28f201529b06061944d51ab530c Mon Sep 17 00:00:00 2001 +From: Tejun Heo +Date: Mon, 27 Oct 2014 10:22:56 -0400 +Subject: ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks + +From: Tejun Heo + +commit 66a7cbc303f4d28f201529b06061944d51ab530c upstream. + +Samsung pci-e SSDs on macbooks failed miserably on NCQ commands, so +67809f85d31e ("ahci: disable NCQ on Samsung pci-e SSDs on macbooks") +disabled NCQ on them. It turns out that NCQ is fine as long as MSI is +not used, so let's turn off MSI and leave NCQ on. + +Signed-off-by: Tejun Heo +Link: https://bugzilla.kernel.org/show_bug.cgi?id=60731 +Tested-by: +Tested-by: Imre Kaloz +Fixes: 67809f85d31e ("ahci: disable NCQ on Samsung pci-e SSDs on macbooks") +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/ahci.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -61,6 +61,7 @@ enum board_ids { + /* board IDs by feature in alphabetical order */ + board_ahci, + board_ahci_ign_iferr, ++ board_ahci_nomsi, + board_ahci_noncq, + board_ahci_nosntf, + board_ahci_yes_fbs, +@@ -120,6 +121,13 @@ static const struct ata_port_info ahci_p + .udma_mask = ATA_UDMA6, + .port_ops = &ahci_ops, + }, ++ [board_ahci_nomsi] = { ++ AHCI_HFLAGS (AHCI_HFLAG_NO_MSI), ++ .flags = AHCI_FLAG_COMMON, ++ .pio_mask = ATA_PIO4, ++ .udma_mask = ATA_UDMA6, ++ .port_ops = &ahci_ops, ++ }, + [board_ahci_noncq] = { + AHCI_HFLAGS (AHCI_HFLAG_NO_NCQ), + .flags = AHCI_FLAG_COMMON, +@@ -479,10 +487,10 @@ static const struct pci_device_id ahci_p + { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ + + /* +- * Samsung SSDs found on some macbooks. NCQ times out. +- * https://bugzilla.kernel.org/show_bug.cgi?id=60731 ++ * Samsung SSDs found on some macbooks. NCQ times out if MSI is ++ * enabled. https://bugzilla.kernel.org/show_bug.cgi?id=60731 + */ +- { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_noncq }, ++ { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_nomsi }, + + /* Enmotus */ + { PCI_DEVICE(0x1c44, 0x8000), board_ahci }, diff --git a/queue-3.10/alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch b/queue-3.10/alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch new file mode 100644 index 00000000000..23b14f80ab5 --- /dev/null +++ b/queue-3.10/alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch @@ -0,0 +1,41 @@ +From 1a290581ded60e87276741f8ca97b161d2b226fc Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 11 Nov 2014 15:45:57 +0100 +Subject: ALSA: usb-audio: Fix memory leak in FTU quirk + +From: Takashi Iwai + +commit 1a290581ded60e87276741f8ca97b161d2b226fc upstream. + +M-audio FastTrack Ultra quirk doesn't release the kzalloc'ed memory. +This patch adds the private_free callback to release it properly. + +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer_quirks.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sound/usb/mixer_quirks.c ++++ b/sound/usb/mixer_quirks.c +@@ -799,6 +799,11 @@ static int snd_ftu_eff_switch_put(struct + return changed; + } + ++static void kctl_private_value_free(struct snd_kcontrol *kctl) ++{ ++ kfree((void *)kctl->private_value); ++} ++ + static int snd_ftu_create_effect_switch(struct usb_mixer_interface *mixer, + int validx, int bUnitID) + { +@@ -833,6 +838,7 @@ static int snd_ftu_create_effect_switch( + return -ENOMEM; + } + ++ kctl->private_free = kctl_private_value_free; + err = snd_ctl_add(mixer->chip->card, kctl); + if (err < 0) + return err; diff --git a/queue-3.10/audit-keep-inode-pinned.patch b/queue-3.10/audit-keep-inode-pinned.patch new file mode 100644 index 00000000000..411ac2ebf80 --- /dev/null +++ b/queue-3.10/audit-keep-inode-pinned.patch @@ -0,0 +1,37 @@ +From 799b601451b21ebe7af0e6e8f6e2ccd4683c5064 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Tue, 4 Nov 2014 11:27:12 +0100 +Subject: audit: keep inode pinned + +From: Miklos Szeredi + +commit 799b601451b21ebe7af0e6e8f6e2ccd4683c5064 upstream. + +Audit rules disappear when an inode they watch is evicted from the cache. +This is likely not what we want. + +The guilty commit is "fsnotify: allow marks to not pin inodes in core", +which didn't take into account that audit_tree adds watches with a zero +mask. + +Adding any mask should fix this. + +Fixes: 90b1e7a57880 ("fsnotify: allow marks to not pin inodes in core") +Signed-off-by: Miklos Szeredi +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/audit_tree.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/audit_tree.c ++++ b/kernel/audit_tree.c +@@ -154,6 +154,7 @@ static struct audit_chunk *alloc_chunk(i + chunk->owners[i].index = i; + } + fsnotify_init_mark(&chunk->mark, audit_tree_destroy_watch); ++ chunk->mark.mask = FS_IN_IGNORED; + return chunk; + } + diff --git a/queue-3.10/iwlwifi-configure-the-ltr.patch b/queue-3.10/iwlwifi-configure-the-ltr.patch new file mode 100644 index 00000000000..0a5c5553c25 --- /dev/null +++ b/queue-3.10/iwlwifi-configure-the-ltr.patch @@ -0,0 +1,169 @@ +From 9180ac50716a097a407c6d7e7e4589754a922260 Mon Sep 17 00:00:00 2001 +From: Emmanuel Grumbach +Date: Tue, 23 Sep 2014 23:02:41 +0300 +Subject: iwlwifi: configure the LTR + +From: Emmanuel Grumbach + +commit 9180ac50716a097a407c6d7e7e4589754a922260 upstream. + +The LTR is the handshake between the device and the root +complex about the latency allowed when the bus exits power +save. This configuration was missing and this led to high +latency in the link power up. The end user could experience +high latency in the network because of this. + +Signed-off-by: Emmanuel Grumbach +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/net/wireless/iwlwifi/iwl-trans.h | 2 + + drivers/net/wireless/iwlwifi/mvm/fw-api-power.h | 35 +++++++++++++++++++++++- + drivers/net/wireless/iwlwifi/mvm/fw-api.h | 1 + drivers/net/wireless/iwlwifi/mvm/fw.c | 9 ++++++ + drivers/net/wireless/iwlwifi/mvm/ops.c | 1 + drivers/net/wireless/iwlwifi/pcie/trans.c | 17 ++++++----- + 6 files changed, 57 insertions(+), 8 deletions(-) + +--- a/drivers/net/wireless/iwlwifi/iwl-trans.h ++++ b/drivers/net/wireless/iwlwifi/iwl-trans.h +@@ -489,6 +489,7 @@ enum iwl_trans_state { + * Set during transport allocation. + * @hw_id_str: a string with info about HW ID. Set during transport allocation. + * @pm_support: set to true in start_hw if link pm is supported ++ * @ltr_enabled: set to true if the LTR is enabled + * @dev_cmd_pool: pool for Tx cmd allocation - for internal use only. + * The user should use iwl_trans_{alloc,free}_tx_cmd. + * @dev_cmd_headroom: room needed for the transport's private use before the +@@ -513,6 +514,7 @@ struct iwl_trans { + u8 rx_mpdu_cmd, rx_mpdu_cmd_hdr_size; + + bool pm_support; ++ bool ltr_enabled; + + /* The following fields are internal only */ + struct kmem_cache *dev_cmd_pool; +--- a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h ++++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h +@@ -67,7 +67,40 @@ + /* Power Management Commands, Responses, Notifications */ + + /** +- * enum iwl_scan_flags - masks for power table command flags ++ * enum iwl_ltr_config_flags - masks for LTR config command flags ++ * @LTR_CFG_FLAG_FEATURE_ENABLE: Feature operational status ++ * @LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS: allow LTR change on shadow ++ * memory access ++ * @LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH: allow LTR msg send on ANY LTR ++ * reg change ++ * @LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3: allow LTR msg send on transition from ++ * D0 to D3 ++ * @LTR_CFG_FLAG_SW_SET_SHORT: fixed static short LTR register ++ * @LTR_CFG_FLAG_SW_SET_LONG: fixed static short LONG register ++ * @LTR_CFG_FLAG_DENIE_C10_ON_PD: allow going into C10 on PD ++ */ ++enum iwl_ltr_config_flags { ++ LTR_CFG_FLAG_FEATURE_ENABLE = BIT(0), ++ LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS = BIT(1), ++ LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH = BIT(2), ++ LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3 = BIT(3), ++ LTR_CFG_FLAG_SW_SET_SHORT = BIT(4), ++ LTR_CFG_FLAG_SW_SET_LONG = BIT(5), ++ LTR_CFG_FLAG_DENIE_C10_ON_PD = BIT(6), ++}; ++ ++/** ++ * struct iwl_ltr_config_cmd - configures the LTR ++ * @flags: See %enum iwl_ltr_config_flags ++ */ ++struct iwl_ltr_config_cmd { ++ __le32 flags; ++ __le32 static_long; ++ __le32 static_short; ++} __packed; ++ ++/** ++ * enum iwl_power_flags - masks for power table command flags + * @POWER_FLAGS_POWER_SAVE_ENA_MSK: '1' Allow to save power by turning off + * receiver and transmitter. '0' - does not allow. + * @POWER_FLAGS_POWER_MANAGEMENT_ENA_MSK: '0' Driver disables power management, +--- a/drivers/net/wireless/iwlwifi/mvm/fw-api.h ++++ b/drivers/net/wireless/iwlwifi/mvm/fw-api.h +@@ -138,6 +138,7 @@ enum { + + /* Power */ + POWER_TABLE_CMD = 0x77, ++ LTR_CONFIG = 0xee, + + /* Scanning */ + SCAN_REQUEST_CMD = 0x80, +--- a/drivers/net/wireless/iwlwifi/mvm/fw.c ++++ b/drivers/net/wireless/iwlwifi/mvm/fw.c +@@ -443,6 +443,15 @@ int iwl_mvm_up(struct iwl_mvm *mvm) + if (ret) + goto error; + ++ if (mvm->trans->ltr_enabled) { ++ struct iwl_ltr_config_cmd cmd = { ++ .flags = cpu_to_le32(LTR_CFG_FLAG_FEATURE_ENABLE), ++ }; ++ ++ WARN_ON(iwl_mvm_send_cmd_pdu(mvm, LTR_CONFIG, 0, ++ sizeof(cmd), &cmd)); ++ } ++ + IWL_DEBUG_INFO(mvm, "RT uCode started.\n"); + + return 0; +--- a/drivers/net/wireless/iwlwifi/mvm/ops.c ++++ b/drivers/net/wireless/iwlwifi/mvm/ops.c +@@ -293,6 +293,7 @@ static const char *iwl_mvm_cmd_strings[R + CMD(BT_PROFILE_NOTIFICATION), + CMD(BT_CONFIG), + CMD(MCAST_FILTER_CMD), ++ CMD(LTR_CONFIG), + }; + #undef CMD + +--- a/drivers/net/wireless/iwlwifi/pcie/trans.c ++++ b/drivers/net/wireless/iwlwifi/pcie/trans.c +@@ -116,11 +116,13 @@ static void iwl_pcie_set_pwr(struct iwl_ + + /* PCI registers */ + #define PCI_CFG_RETRY_TIMEOUT 0x041 ++#define PCI_EXP_DEVCTL2_LTR_EN 0x0400 + + static void iwl_pcie_apm_config(struct iwl_trans *trans) + { + struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); + u16 lctl; ++ u16 cap; + + /* + * HW bug W/A for instability in PCIe bus L0S->L1 transition. +@@ -131,16 +133,17 @@ static void iwl_pcie_apm_config(struct i + * power savings, even without L1. + */ + pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_LNKCTL, &lctl); +- if (lctl & PCI_EXP_LNKCTL_ASPM_L1) { +- /* L1-ASPM enabled; disable(!) L0S */ ++ if (lctl & PCI_EXP_LNKCTL_ASPM_L1) + iwl_set_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED); +- dev_info(trans->dev, "L1 Enabled; Disabling L0S\n"); +- } else { +- /* L1-ASPM disabled; enable(!) L0S */ ++ else + iwl_clear_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED); +- dev_info(trans->dev, "L1 Disabled; Enabling L0S\n"); +- } + trans->pm_support = !(lctl & PCI_EXP_LNKCTL_ASPM_L0S); ++ ++ pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_DEVCTL2, &cap); ++ trans->ltr_enabled = cap & PCI_EXP_DEVCTL2_LTR_EN; ++ dev_info(trans->dev, "L1 %sabled - LTR %sabled\n", ++ (lctl & PCI_EXP_LNKCTL_ASPM_L1) ? "En" : "Dis", ++ trans->ltr_enabled ? "En" : "Dis"); + } + + /* diff --git a/queue-3.10/libceph-do-not-crash-on-large-auth-tickets.patch b/queue-3.10/libceph-do-not-crash-on-large-auth-tickets.patch new file mode 100644 index 00000000000..992ae84e0ae --- /dev/null +++ b/queue-3.10/libceph-do-not-crash-on-large-auth-tickets.patch @@ -0,0 +1,381 @@ +From aaef31703a0cf6a733e651885bfb49edc3ac6774 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Thu, 23 Oct 2014 00:25:22 +0400 +Subject: libceph: do not crash on large auth tickets + +From: Ilya Dryomov + +commit aaef31703a0cf6a733e651885bfb49edc3ac6774 upstream. + +Large (greater than 32k, the value of PAGE_ALLOC_COSTLY_ORDER) auth +tickets will have their buffers vmalloc'ed, which leads to the +following crash in crypto: + +[ 28.685082] BUG: unable to handle kernel paging request at ffffeb04000032c0 +[ 28.686032] IP: [] scatterwalk_pagedone+0x22/0x80 +[ 28.686032] PGD 0 +[ 28.688088] Oops: 0000 [#1] PREEMPT SMP +[ 28.688088] Modules linked in: +[ 28.688088] CPU: 0 PID: 878 Comm: kworker/0:2 Not tainted 3.17.0-vm+ #305 +[ 28.688088] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 +[ 28.688088] Workqueue: ceph-msgr con_work +[ 28.688088] task: ffff88011a7f9030 ti: ffff8800d903c000 task.ti: ffff8800d903c000 +[ 28.688088] RIP: 0010:[] [] scatterwalk_pagedone+0x22/0x80 +[ 28.688088] RSP: 0018:ffff8800d903f688 EFLAGS: 00010286 +[ 28.688088] RAX: ffffeb04000032c0 RBX: ffff8800d903f718 RCX: ffffeb04000032c0 +[ 28.688088] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8800d903f750 +[ 28.688088] RBP: ffff8800d903f688 R08: 00000000000007de R09: ffff8800d903f880 +[ 28.688088] R10: 18df467c72d6257b R11: 0000000000000000 R12: 0000000000000010 +[ 28.688088] R13: ffff8800d903f750 R14: ffff8800d903f8a0 R15: 0000000000000000 +[ 28.688088] FS: 00007f50a41c7700(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000 +[ 28.688088] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +[ 28.688088] CR2: ffffeb04000032c0 CR3: 00000000da3f3000 CR4: 00000000000006b0 +[ 28.688088] Stack: +[ 28.688088] ffff8800d903f698 ffffffff81392ca8 ffff8800d903f6e8 ffffffff81395d32 +[ 28.688088] ffff8800dac96000 ffff880000000000 ffff8800d903f980 ffff880119b7e020 +[ 28.688088] ffff880119b7e010 0000000000000000 0000000000000010 0000000000000010 +[ 28.688088] Call Trace: +[ 28.688088] [] scatterwalk_done+0x38/0x40 +[ 28.688088] [] scatterwalk_done+0x38/0x40 +[ 28.688088] [] blkcipher_walk_done+0x182/0x220 +[ 28.688088] [] crypto_cbc_encrypt+0x15f/0x180 +[ 28.688088] [] ? crypto_aes_set_key+0x30/0x30 +[ 28.688088] [] ceph_aes_encrypt2+0x29c/0x2e0 +[ 28.688088] [] ceph_encrypt2+0x93/0xb0 +[ 28.688088] [] ceph_x_encrypt+0x4a/0x60 +[ 28.688088] [] ? ceph_buffer_new+0x5d/0xf0 +[ 28.688088] [] ceph_x_build_authorizer.isra.6+0x297/0x360 +[ 28.688088] [] ? kmem_cache_alloc_trace+0x11b/0x1c0 +[ 28.688088] [] ? ceph_auth_create_authorizer+0x36/0x80 +[ 28.688088] [] ceph_x_create_authorizer+0x63/0xd0 +[ 28.688088] [] ceph_auth_create_authorizer+0x54/0x80 +[ 28.688088] [] get_authorizer+0x80/0xd0 +[ 28.688088] [] prepare_write_connect+0x18b/0x2b0 +[ 28.688088] [] try_read+0x1e59/0x1f10 + +This is because we set up crypto scatterlists as if all buffers were +kmalloc'ed. Fix it. + +Signed-off-by: Ilya Dryomov +Reviewed-by: Sage Weil +Signed-off-by: Greg Kroah-Hartman + +--- + net/ceph/crypto.c | 169 ++++++++++++++++++++++++++++++++++++++++++------------ + 1 file changed, 132 insertions(+), 37 deletions(-) + +--- a/net/ceph/crypto.c ++++ b/net/ceph/crypto.c +@@ -89,11 +89,82 @@ static struct crypto_blkcipher *ceph_cry + + static const u8 *aes_iv = (u8 *)CEPH_AES_IV; + ++/* ++ * Should be used for buffers allocated with ceph_kvmalloc(). ++ * Currently these are encrypt out-buffer (ceph_buffer) and decrypt ++ * in-buffer (msg front). ++ * ++ * Dispose of @sgt with teardown_sgtable(). ++ * ++ * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() ++ * in cases where a single sg is sufficient. No attempt to reduce the ++ * number of sgs by squeezing physically contiguous pages together is ++ * made though, for simplicity. ++ */ ++static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, ++ const void *buf, unsigned int buf_len) ++{ ++ struct scatterlist *sg; ++ const bool is_vmalloc = is_vmalloc_addr(buf); ++ unsigned int off = offset_in_page(buf); ++ unsigned int chunk_cnt = 1; ++ unsigned int chunk_len = PAGE_ALIGN(off + buf_len); ++ int i; ++ int ret; ++ ++ if (buf_len == 0) { ++ memset(sgt, 0, sizeof(*sgt)); ++ return -EINVAL; ++ } ++ ++ if (is_vmalloc) { ++ chunk_cnt = chunk_len >> PAGE_SHIFT; ++ chunk_len = PAGE_SIZE; ++ } ++ ++ if (chunk_cnt > 1) { ++ ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); ++ if (ret) ++ return ret; ++ } else { ++ WARN_ON(chunk_cnt != 1); ++ sg_init_table(prealloc_sg, 1); ++ sgt->sgl = prealloc_sg; ++ sgt->nents = sgt->orig_nents = 1; ++ } ++ ++ for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { ++ struct page *page; ++ unsigned int len = min(chunk_len - off, buf_len); ++ ++ if (is_vmalloc) ++ page = vmalloc_to_page(buf); ++ else ++ page = virt_to_page(buf); ++ ++ sg_set_page(sg, page, len, off); ++ ++ off = 0; ++ buf += len; ++ buf_len -= len; ++ } ++ WARN_ON(buf_len != 0); ++ ++ return 0; ++} ++ ++static void teardown_sgtable(struct sg_table *sgt) ++{ ++ if (sgt->orig_nents > 1) ++ sg_free_table(sgt); ++} ++ + static int ceph_aes_encrypt(const void *key, int key_len, + void *dst, size_t *dst_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[2], sg_out[1]; ++ struct scatterlist sg_in[2], prealloc_sg; ++ struct sg_table sg_out; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; + int ret; +@@ -109,16 +180,18 @@ static int ceph_aes_encrypt(const void * + + *dst_len = src_len + zero_padding; + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); + sg_init_table(sg_in, 2); + sg_set_buf(&sg_in[0], src, src_len); + sg_set_buf(&sg_in[1], pad, zero_padding); +- sg_init_table(sg_out, 1); +- sg_set_buf(sg_out, dst, *dst_len); ++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); ++ if (ret) ++ goto out_tfm; ++ ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); ++ + /* + print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, + key, key_len, 1); +@@ -127,16 +200,22 @@ static int ceph_aes_encrypt(const void * + print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, + pad, zero_padding, 1); + */ +- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, ++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, + src_len + zero_padding); +- crypto_free_blkcipher(tfm); +- if (ret < 0) ++ if (ret < 0) { + pr_err("ceph_aes_crypt failed %d\n", ret); ++ goto out_sg; ++ } + /* + print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_out); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, +@@ -144,7 +223,8 @@ static int ceph_aes_encrypt2(const void + const void *src1, size_t src1_len, + const void *src2, size_t src2_len) + { +- struct scatterlist sg_in[3], sg_out[1]; ++ struct scatterlist sg_in[3], prealloc_sg; ++ struct sg_table sg_out; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; + int ret; +@@ -160,17 +240,19 @@ static int ceph_aes_encrypt2(const void + + *dst_len = src1_len + src2_len + zero_padding; + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); + sg_init_table(sg_in, 3); + sg_set_buf(&sg_in[0], src1, src1_len); + sg_set_buf(&sg_in[1], src2, src2_len); + sg_set_buf(&sg_in[2], pad, zero_padding); +- sg_init_table(sg_out, 1); +- sg_set_buf(sg_out, dst, *dst_len); ++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); ++ if (ret) ++ goto out_tfm; ++ ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); ++ + /* + print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, + key, key_len, 1); +@@ -181,23 +263,30 @@ static int ceph_aes_encrypt2(const void + print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, + pad, zero_padding, 1); + */ +- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, ++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, + src1_len + src2_len + zero_padding); +- crypto_free_blkcipher(tfm); +- if (ret < 0) ++ if (ret < 0) { + pr_err("ceph_aes_crypt2 failed %d\n", ret); ++ goto out_sg; ++ } + /* + print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_out); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_decrypt(const void *key, int key_len, + void *dst, size_t *dst_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[1], sg_out[2]; ++ struct sg_table sg_in; ++ struct scatterlist sg_out[2], prealloc_sg; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm }; + char pad[16]; +@@ -209,16 +298,16 @@ static int ceph_aes_decrypt(const void * + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); +- sg_init_table(sg_in, 1); + sg_init_table(sg_out, 2); +- sg_set_buf(sg_in, src, src_len); + sg_set_buf(&sg_out[0], dst, *dst_len); + sg_set_buf(&sg_out[1], pad, sizeof(pad)); ++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); ++ if (ret) ++ goto out_tfm; + ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); + + /* +@@ -227,12 +316,10 @@ static int ceph_aes_decrypt(const void * + print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, + src, src_len, 1); + */ +- +- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); +- crypto_free_blkcipher(tfm); ++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); + if (ret < 0) { + pr_err("ceph_aes_decrypt failed %d\n", ret); +- return ret; ++ goto out_sg; + } + + if (src_len <= *dst_len) +@@ -250,7 +337,12 @@ static int ceph_aes_decrypt(const void * + print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_in); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_decrypt2(const void *key, int key_len, +@@ -258,7 +350,8 @@ static int ceph_aes_decrypt2(const void + void *dst2, size_t *dst2_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[1], sg_out[3]; ++ struct sg_table sg_in; ++ struct scatterlist sg_out[3], prealloc_sg; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm }; + char pad[16]; +@@ -270,17 +363,17 @@ static int ceph_aes_decrypt2(const void + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + +- sg_init_table(sg_in, 1); +- sg_set_buf(sg_in, src, src_len); + sg_init_table(sg_out, 3); + sg_set_buf(&sg_out[0], dst1, *dst1_len); + sg_set_buf(&sg_out[1], dst2, *dst2_len); + sg_set_buf(&sg_out[2], pad, sizeof(pad)); ++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); ++ if (ret) ++ goto out_tfm; + + crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); + + /* +@@ -289,12 +382,10 @@ static int ceph_aes_decrypt2(const void + print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, + src, src_len, 1); + */ +- +- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); +- crypto_free_blkcipher(tfm); ++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); + if (ret < 0) { + pr_err("ceph_aes_decrypt failed %d\n", ret); +- return ret; ++ goto out_sg; + } + + if (src_len <= *dst1_len) +@@ -324,7 +415,11 @@ static int ceph_aes_decrypt2(const void + dst2, *dst2_len, 1); + */ + +- return 0; ++out_sg: ++ teardown_sgtable(&sg_in); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + diff --git a/queue-3.10/macvtap-fix-csum_start-when-vlan-tags-are-present.patch b/queue-3.10/macvtap-fix-csum_start-when-vlan-tags-are-present.patch new file mode 100644 index 00000000000..cc1fd55eafd --- /dev/null +++ b/queue-3.10/macvtap-fix-csum_start-when-vlan-tags-are-present.patch @@ -0,0 +1,38 @@ +From 3ce9b20f1971690b8b3b620e735ec99431573b39 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Mon, 3 Nov 2014 14:01:25 +0800 +Subject: macvtap: Fix csum_start when VLAN tags are present + +From: Herbert Xu + +commit 3ce9b20f1971690b8b3b620e735ec99431573b39 upstream. + +When VLAN is in use in macvtap_put_user, we end up setting +csum_start to the wrong place. The result is that the whoever +ends up doing the checksum setting will corrupt the packet instead +of writing the checksum to the expected location, usually this +means writing the checksum with an offset of -4. + +This patch fixes this by adjusting csum_start when VLAN tags are +detected. + +Fixes: f09e2249c4f5 ("macvtap: restore vlan header on user read") +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: David S. Miller + +--- + drivers/net/macvtap.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -625,6 +625,8 @@ static int macvtap_skb_to_vnet_hdr(const + if (skb->ip_summed == CHECKSUM_PARTIAL) { + vnet_hdr->flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; + vnet_hdr->csum_start = skb_checksum_start_offset(skb); ++ if (vlan_tx_tag_present(skb)) ++ vnet_hdr->csum_start += VLAN_HLEN; + vnet_hdr->csum_offset = skb->csum_offset; + } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { + vnet_hdr->flags = VIRTIO_NET_HDR_F_DATA_VALID; diff --git a/queue-3.10/series b/queue-3.10/series index 03a724589d1..fc2c12f6cc5 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -10,3 +10,12 @@ sunvdc-don-t-call-vd_op_get_vtoc.patch sparc64-fix-crashes-in-schizo_pcierr_intr_other.patch sparc64-do-irq_-enter-exit-around-generic_smp_call_function.patch sparc32-implement-xchg-and-atomic_xchg-using-atomic_hash-locks.patch +x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch +audit-keep-inode-pinned.patch +ahci-add-device-ids-for-intel-sunrise-point-pch.patch +ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch +alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch +xtensa-re-wire-umount-syscall-to-sys_oldumount.patch +libceph-do-not-crash-on-large-auth-tickets.patch +iwlwifi-configure-the-ltr.patch +macvtap-fix-csum_start-when-vlan-tags-are-present.patch diff --git a/queue-3.10/x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch b/queue-3.10/x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch new file mode 100644 index 00000000000..33d123d4da7 --- /dev/null +++ b/queue-3.10/x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch @@ -0,0 +1,52 @@ +From 81f49a8fd7088cfcb588d182eeede862c0e3303e Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Fri, 5 Sep 2014 15:13:52 -0700 +Subject: x86, x32, audit: Fix x32's AUDIT_ARCH wrt audit + +From: Andy Lutomirski + +commit 81f49a8fd7088cfcb588d182eeede862c0e3303e upstream. + +is_compat_task() is the wrong check for audit arch; the check should +be is_ia32_task(): x32 syscalls should be AUDIT_ARCH_X86_64, not +AUDIT_ARCH_I386. + +CONFIG_AUDITSYSCALL is currently incompatible with x32, so this has +no visible effect. + +Signed-off-by: Andy Lutomirski +Link: http://lkml.kernel.org/r/a0138ed8c709882aec06e4acc30bfa9b623b8717.1409954077.git.luto@amacapital.net +Signed-off-by: H. Peter Anvin +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/ptrace.c | 11 +---------- + 1 file changed, 1 insertion(+), 10 deletions(-) + +--- a/arch/x86/kernel/ptrace.c ++++ b/arch/x86/kernel/ptrace.c +@@ -1475,15 +1475,6 @@ void send_sigtrap(struct task_struct *ts + force_sig_info(SIGTRAP, &info, tsk); + } + +- +-#ifdef CONFIG_X86_32 +-# define IS_IA32 1 +-#elif defined CONFIG_IA32_EMULATION +-# define IS_IA32 is_compat_task() +-#else +-# define IS_IA32 0 +-#endif +- + /* + * We must return the syscall number to actually look up in the table. + * This can be -1L to skip running any syscall at all. +@@ -1521,7 +1512,7 @@ long syscall_trace_enter(struct pt_regs + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) + trace_sys_enter(regs, regs->orig_ax); + +- if (IS_IA32) ++ if (is_ia32_task()) + audit_syscall_entry(AUDIT_ARCH_I386, + regs->orig_ax, + regs->bx, regs->cx, diff --git a/queue-3.10/xtensa-re-wire-umount-syscall-to-sys_oldumount.patch b/queue-3.10/xtensa-re-wire-umount-syscall-to-sys_oldumount.patch new file mode 100644 index 00000000000..48e7523b6f8 --- /dev/null +++ b/queue-3.10/xtensa-re-wire-umount-syscall-to-sys_oldumount.patch @@ -0,0 +1,32 @@ +From 2651cc6974d47fc43bef1cd8cd26966e4f5ba306 Mon Sep 17 00:00:00 2001 +From: Max Filippov +Date: Mon, 6 Oct 2014 21:01:17 +0400 +Subject: xtensa: re-wire umount syscall to sys_oldumount + +From: Max Filippov + +commit 2651cc6974d47fc43bef1cd8cd26966e4f5ba306 upstream. + +Userspace actually passes single parameter (path name) to the umount +syscall, so new umount just fails. Fix it by requesting old umount +syscall implementation and re-wiring umount to it. + +Signed-off-by: Max Filippov +Signed-off-by: Greg Kroah-Hartman + +--- + arch/xtensa/include/uapi/asm/unistd.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/xtensa/include/uapi/asm/unistd.h ++++ b/arch/xtensa/include/uapi/asm/unistd.h +@@ -384,7 +384,8 @@ __SYSCALL(174, sys_chroot, 1) + #define __NR_pivot_root 175 + __SYSCALL(175, sys_pivot_root, 2) + #define __NR_umount 176 +-__SYSCALL(176, sys_umount, 2) ++__SYSCALL(176, sys_oldumount, 1) ++#define __ARCH_WANT_SYS_OLDUMOUNT + #define __NR_swapoff 177 + __SYSCALL(177, sys_swapoff, 1) + #define __NR_sync 178