From: Greg Kroah-Hartman Date: Thu, 29 Mar 2012 23:54:09 +0000 (-0700) Subject: 3.3-stable patches X-Git-Tag: v3.0.27~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=beb8b2be224ebd6639f6629f86f2dc091867d787;p=thirdparty%2Fkernel%2Fstable-queue.git 3.3-stable patches added patches: fix-pppol2tp-getsockname.patch ipv6-fix-incorrent-ipv6-ipsec-packet-fragment.patch net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch net-fix-napi_reuse_skb-skb-reserve.patch remove-printk-from-rds_sendmsg.patch sky2-override-for-pci-legacy-power-management.patch xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch --- diff --git a/queue-3.3/fix-pppol2tp-getsockname.patch b/queue-3.3/fix-pppol2tp-getsockname.patch new file mode 100644 index 00000000000..a4ea3f0f1a7 --- /dev/null +++ b/queue-3.3/fix-pppol2tp-getsockname.patch @@ -0,0 +1,35 @@ +From e56b54c50e16fda9abf25ca8276e6d918d7b58b8 Mon Sep 17 00:00:00 2001 +From: Benjamin LaHaise +Date: Tue, 20 Mar 2012 03:57:54 +0000 +Subject: Fix pppol2tp getsockname() + + +From: Benjamin LaHaise + +[ Upstream commit bbdb32cb5b73597386913d052165423b9d736145 ] + +While testing L2TP functionality, I came across a bug in getsockname(). The +IP address returned within the pppol2tp_addr's addr memember was not being +set to the IP address in use. This bug is caused by using inet_sk() on the +wrong socket (the L2TP socket rather than the underlying UDP socket), and was +likely introduced during the addition of L2TPv3 support. + +Signed-off-by: Benjamin LaHaise +Signed-off-by: James Chapman +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/l2tp/l2tp_ppp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -915,7 +915,7 @@ static int pppol2tp_getname(struct socke + goto end_put_sess; + } + +- inet = inet_sk(sk); ++ inet = inet_sk(tunnel->sock); + if (tunnel->version == 2) { + struct sockaddr_pppol2tp sp; + len = sizeof(sp); diff --git a/queue-3.3/ipv6-fix-incorrent-ipv6-ipsec-packet-fragment.patch b/queue-3.3/ipv6-fix-incorrent-ipv6-ipsec-packet-fragment.patch new file mode 100644 index 00000000000..429f6ef0fa5 --- /dev/null +++ b/queue-3.3/ipv6-fix-incorrent-ipv6-ipsec-packet-fragment.patch @@ -0,0 +1,52 @@ +From d40850a8c9c0608fc486ad7f352702533898df28 Mon Sep 17 00:00:00 2001 +From: Gao feng +Date: Mon, 19 Mar 2012 22:36:10 +0000 +Subject: ipv6: fix incorrent ipv6 ipsec packet fragment + + +From: Gao feng + +[ Upstream commit 1f85851e17b64cabd089a8a8839dddebc627948c ] + +Since commit 299b0767(ipv6: Fix IPsec slowpath fragmentation problem) +In func ip6_append_data,after call skb_put(skb, fraglen + dst_exthdrlen) +the skb->len contains dst_exthdrlen,and we don't reduce dst_exthdrlen at last +This will make fraggap>0 in next "while cycle",and cause the size of skb incorrent + +Fix this by reserve headroom for dst_exthdrlen. + +Signed-off-by: Gao feng +Acked-by: Steffen Klassert +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/ip6_output.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1416,8 +1416,9 @@ alloc_new_skb: + */ + skb->ip_summed = csummode; + skb->csum = 0; +- /* reserve for fragmentation */ +- skb_reserve(skb, hh_len+sizeof(struct frag_hdr)); ++ /* reserve for fragmentation and ipsec header */ ++ skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + ++ dst_exthdrlen); + + if (sk->sk_type == SOCK_DGRAM) + skb_shinfo(skb)->tx_flags = tx_flags; +@@ -1425,9 +1426,9 @@ alloc_new_skb: + /* + * Find where to start putting bytes + */ +- data = skb_put(skb, fraglen + dst_exthdrlen); +- skb_set_network_header(skb, exthdrlen + dst_exthdrlen); +- data += fragheaderlen + dst_exthdrlen; ++ data = skb_put(skb, fraglen); ++ skb_set_network_header(skb, exthdrlen); ++ data += fragheaderlen; + skb->transport_header = (skb->network_header + + fragheaderlen); + if (fraggap) { diff --git a/queue-3.3/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch b/queue-3.3/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch new file mode 100644 index 00000000000..f5d7b71b995 --- /dev/null +++ b/queue-3.3/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch @@ -0,0 +1,60 @@ +From 997a695fc8a065c729ec228c0b87a7c22dc05e96 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Sun, 18 Mar 2012 02:40:48 +0000 +Subject: net: bpf_jit: fix BPF_S_LDX_B_MSH compilation + + +From: Eric Dumazet + +[ Upstream commit dc72d99dabb870ca5bd6d9fff674be853bb4a88d ] + +Matt Evans spotted that x86 bpf_jit was incorrectly handling negative +constant offsets in BPF_S_LDX_B_MSH instruction. + +We need to abort JIT compilation like we do in common_load so that +filter uses the interpreter code and can call __load_pointer() + +Reference: http://lists.openwall.net/netdev/2011/07/19/11 + +Thanks to Indan Zupancic to bring back this issue. + +Reported-by: Matt Evans +Reported-by: Indan Zupancic +Signed-off-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/net/bpf_jit_comp.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +--- a/arch/x86/net/bpf_jit_comp.c ++++ b/arch/x86/net/bpf_jit_comp.c +@@ -475,8 +475,10 @@ void bpf_jit_compile(struct sk_filter *f + case BPF_S_LD_W_ABS: + func = sk_load_word; + common_load: seen |= SEEN_DATAREF; +- if ((int)K < 0) ++ if ((int)K < 0) { ++ /* Abort the JIT because __load_pointer() is needed. */ + goto out; ++ } + t_offset = func - (image + addrs[i]); + EMIT1_off32(0xbe, K); /* mov imm32,%esi */ + EMIT1_off32(0xe8, t_offset); /* call */ +@@ -489,14 +491,8 @@ common_load: seen |= SEEN_DATAREF; + goto common_load; + case BPF_S_LDX_B_MSH: + if ((int)K < 0) { +- if (pc_ret0 > 0) { +- /* addrs[pc_ret0 - 1] is the start address */ +- EMIT_JMP(addrs[pc_ret0 - 1] - addrs[i]); +- break; +- } +- CLEAR_A(); +- EMIT_JMP(cleanup_addr - addrs[i]); +- break; ++ /* Abort the JIT because __load_pointer() is needed. */ ++ goto out; + } + seen |= SEEN_DATAREF | SEEN_XREG; + t_offset = sk_load_byte_msh - (image + addrs[i]); diff --git a/queue-3.3/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch b/queue-3.3/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch new file mode 100644 index 00000000000..cb382d7a472 --- /dev/null +++ b/queue-3.3/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch @@ -0,0 +1,47 @@ +From f096c1671ac2a2e0b0f9c87400b26edcc232a37e Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Tue, 27 Mar 2012 09:53:52 +0000 +Subject: net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() + + +From: Eric Dumazet + +[ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ] + +Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() ) +added a regression in rt6_fill_node(), leading to rcu_read_lock() +imbalance. + +Thats because NLA_PUT() can make a jump to nla_put_failure label. + +Fix this by using nla_put() + +Many thanks to Ben Greear for his help + +Reported-by: Ben Greear +Reported-by: Dave Jones +Signed-off-by: Eric Dumazet +Tested-by: Ben Greear +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/route.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -2461,8 +2461,12 @@ static int rt6_fill_node(struct net *net + + rcu_read_lock(); + n = dst_get_neighbour_noref(&rt->dst); +- if (n) +- NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key); ++ if (n) { ++ if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) { ++ rcu_read_unlock(); ++ goto nla_put_failure; ++ } ++ } + rcu_read_unlock(); + + if (rt->dst.dev) diff --git a/queue-3.3/net-fix-napi_reuse_skb-skb-reserve.patch b/queue-3.3/net-fix-napi_reuse_skb-skb-reserve.patch new file mode 100644 index 00000000000..c1b14b84964 --- /dev/null +++ b/queue-3.3/net-fix-napi_reuse_skb-skb-reserve.patch @@ -0,0 +1,37 @@ +From a6a871fb214995ea98fe5003ce9e3c4c55595004 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Wed, 21 Mar 2012 06:58:03 +0000 +Subject: net: fix napi_reuse_skb() skb reserve + + +From: Eric Dumazet + +[ Upstream commit 2a2a459eeeff48640dc557548ce576d666ab06ed ] + +napi->skb is allocated in napi_get_frags() using +netdev_alloc_skb_ip_align(), with a reserve of NET_SKB_PAD + +NET_IP_ALIGN bytes. + +However, when such skb is recycled in napi_reuse_skb(), it ends with a +reserve of NET_IP_ALIGN which is suboptimal. + +Signed-off-by: Eric Dumazet +Cc: Herbert Xu +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/core/dev.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -3569,7 +3569,8 @@ EXPORT_SYMBOL(napi_gro_receive); + static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb) + { + __skb_pull(skb, skb_headlen(skb)); +- skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb)); ++ /* restore the reserve we had after netdev_alloc_skb_ip_align() */ ++ skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN - skb_headroom(skb)); + skb->vlan_tci = 0; + skb->dev = napi->dev; + skb->skb_iif = 0; diff --git a/queue-3.3/remove-printk-from-rds_sendmsg.patch b/queue-3.3/remove-printk-from-rds_sendmsg.patch new file mode 100644 index 00000000000..b525ff5024e --- /dev/null +++ b/queue-3.3/remove-printk-from-rds_sendmsg.patch @@ -0,0 +1,29 @@ +From c40b8d23db77c1023ac8bbb2bf6fcce6db76c7a5 Mon Sep 17 00:00:00 2001 +From: Dave Jones +Date: Mon, 19 Mar 2012 13:01:07 +0000 +Subject: Remove printk from rds_sendmsg + + +From: Dave Jones + +[ Upstream commit a6506e1486181975d318344143aca722b2b91621 ] + +no socket layer outputs a message for this error and neither should rds. + +Signed-off-by: Dave Jones +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/rds/send.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/net/rds/send.c ++++ b/net/rds/send.c +@@ -935,7 +935,6 @@ int rds_sendmsg(struct kiocb *iocb, stru + /* Mirror Linux UDP mirror of BSD error message compatibility */ + /* XXX: Perhaps MSG_MORE someday */ + if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_CMSG_COMPAT)) { +- printk(KERN_INFO "msg_flags 0x%08X\n", msg->msg_flags); + ret = -EOPNOTSUPP; + goto out; + } diff --git a/queue-3.3/series b/queue-3.3/series index 1793df26ff0..591f12f59c4 100644 --- a/queue-3.3/series +++ b/queue-3.3/series @@ -157,3 +157,11 @@ nfsv4-fix-two-infinite-loops-in-the-mount-code.patch nfsv4.1-fix-layoutcommit-error-handling.patch module-remove-module-size-limit.patch drm-i915-suspend-fbdev-device-around-suspend-hibernate.patch +net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch +ipv6-fix-incorrent-ipv6-ipsec-packet-fragment.patch +remove-printk-from-rds_sendmsg.patch +fix-pppol2tp-getsockname.patch +net-fix-napi_reuse_skb-skb-reserve.patch +sky2-override-for-pci-legacy-power-management.patch +xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch +net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch diff --git a/queue-3.3/sky2-override-for-pci-legacy-power-management.patch b/queue-3.3/sky2-override-for-pci-legacy-power-management.patch new file mode 100644 index 00000000000..d6a682c2d49 --- /dev/null +++ b/queue-3.3/sky2-override-for-pci-legacy-power-management.patch @@ -0,0 +1,50 @@ +From ca717fa414d95a3fc575c646a516dad6381c03bc Mon Sep 17 00:00:00 2001 +From: stephen hemminger +Date: Wed, 21 Mar 2012 05:32:05 +0000 +Subject: sky2: override for PCI legacy power management + + +From: stephen hemminger + +[ Upstream commit 5676cc7bfe1e388e87843f71daa229610385b41e ] + +Some BIOS's don't setup power management correctly (what else is +new) and don't allow use of PCI Express power control. Add a special +exception module parameter to allow working around this issue. +Based on slightly different patch by Knut Petersen. + +Reported-by: Arkadiusz Miskiewicz +Signed-off-by: Stephen Hemminger +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/marvell/sky2.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/net/ethernet/marvell/sky2.c ++++ b/drivers/net/ethernet/marvell/sky2.c +@@ -95,6 +95,10 @@ static int disable_msi = 0; + module_param(disable_msi, int, 0); + MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)"); + ++static int legacy_pme = 0; ++module_param(legacy_pme, int, 0); ++MODULE_PARM_DESC(legacy_pme, "Legacy power management"); ++ + static DEFINE_PCI_DEVICE_TABLE(sky2_id_table) = { + { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */ + { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */ +@@ -867,6 +871,13 @@ static void sky2_wol_init(struct sky2_po + /* Disable PiG firmware */ + sky2_write16(hw, B0_CTST, Y2_HW_WOL_OFF); + ++ /* Needed by some broken BIOSes, use PCI rather than PCI-e for WOL */ ++ if (legacy_pme) { ++ u32 reg1 = sky2_pci_read32(hw, PCI_DEV_REG1); ++ reg1 |= PCI_Y2_PME_LEGACY; ++ sky2_pci_write32(hw, PCI_DEV_REG1, reg1); ++ } ++ + /* block receiver */ + sky2_write8(hw, SK_REG(port, RX_GMF_CTRL_T), GMF_RST_SET); + sky2_read32(hw, B0_CTST); diff --git a/queue-3.3/xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch b/queue-3.3/xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch new file mode 100644 index 00000000000..7df5e7851a1 --- /dev/null +++ b/queue-3.3/xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch @@ -0,0 +1,51 @@ +From 7de1ce54acd0914694178f7af2b63759b2f19131 Mon Sep 17 00:00:00 2001 +From: Steffen Klassert +Date: Wed, 21 Mar 2012 23:36:13 +0000 +Subject: xfrm: Access the replay notify functions via the registered callbacks + + +From: Steffen Klassert + +[ Upstream commit 1265fd616782ef03b98fd19f65c2b47fcd4ea11f ] + +We call the wrong replay notify function when we use ESN replay +handling. This leads to the fact that we don't send notifications +if we use ESN. Fix this by calling the registered callbacks instead +of xfrm_replay_notify(). + +Signed-off-by: Steffen Klassert +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_replay.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/net/xfrm/xfrm_replay.c ++++ b/net/xfrm/xfrm_replay.c +@@ -167,7 +167,7 @@ static void xfrm_replay_advance(struct x + } + + if (xfrm_aevent_is_on(xs_net(x))) +- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); ++ x->repl->notify(x, XFRM_REPLAY_UPDATE); + } + + static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb) +@@ -279,7 +279,7 @@ static void xfrm_replay_advance_bmp(stru + replay_esn->bmp[nr] |= (1U << bitnr); + + if (xfrm_aevent_is_on(xs_net(x))) +- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); ++ x->repl->notify(x, XFRM_REPLAY_UPDATE); + } + + static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event) +@@ -473,7 +473,7 @@ static void xfrm_replay_advance_esn(stru + replay_esn->bmp[nr] |= (1U << bitnr); + + if (xfrm_aevent_is_on(xs_net(x))) +- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); ++ x->repl->notify(x, XFRM_REPLAY_UPDATE); + } + + static struct xfrm_replay xfrm_replay_legacy = {