From: Greg Kroah-Hartman Date: Wed, 19 Nov 2014 01:58:56 +0000 (-0800) Subject: 3.17-stable patches X-Git-Tag: v3.10.61~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d8cf0df1bfca46eb3c40b8a076b8a06aa69df2f6;p=thirdparty%2Fkernel%2Fstable-queue.git 3.17-stable patches added patches: builddeb-put-the-dbg-files-into-the-correct-directory.patch checkpatch-remove-unnecessary-after-8-8.patch clocksource-remove-weak-from-clocksource_default_clock-declaration.patch dell-wmi-fix-access-out-of-memory.patch gfs2-make-rename-not-save-dirent-location.patch ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch ipc-always-handle-a-new-value-of-auto_msgmni.patch kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch mm-thp-fix-collapsing-of-hugepages-on-madvise.patch net-systemport-enable-rx-interrupts-after-napi.patch net-systemport-reset-unimac-coming-out-of-a-suspend-cycle.patch netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch netfilter-nf_tables-check-for-null-in-nf_tables_newchain-pcpu-stats-allocation.patch netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch pwm-fix-uninitialized-warnings-in-pwm_get.patch rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch vmcore-remove-weak-from-function-declarations.patch --- diff --git a/queue-3.17/builddeb-put-the-dbg-files-into-the-correct-directory.patch b/queue-3.17/builddeb-put-the-dbg-files-into-the-correct-directory.patch new file mode 100644 index 00000000000..29eefe1eb2a --- /dev/null +++ b/queue-3.17/builddeb-put-the-dbg-files-into-the-correct-directory.patch @@ -0,0 +1,56 @@ +From 2d0871396995139b37f9ceb153c8b07589148343 Mon Sep 17 00:00:00 2001 +From: Michal Marek +Date: Fri, 22 Aug 2014 15:51:03 +0200 +Subject: builddeb: put the dbg files into the correct directory + +From: Michal Marek + +commit 2d0871396995139b37f9ceb153c8b07589148343 upstream. + +Since the conversion of objtree to use relative pathnames (commit +7e1c04779e, "kbuild: Use relative path for $(objtree)"), the debug +info files have been ending up in /debian/dbgtmp/ in the regular +linux-image package instead of the debug files package. Fix up the +paths so that the debug files end up in the -dbg package. + +This is based on a similar patch by Darrick. + +Reported-and-tested-by: "Darrick J. Wong" +Signed-off-by: Michal Marek +Signed-off-by: Greg Kroah-Hartman + +--- + scripts/package/builddeb | 22 ++++++++++------------ + 1 file changed, 10 insertions(+), 12 deletions(-) + +--- a/scripts/package/builddeb ++++ b/scripts/package/builddeb +@@ -152,18 +152,16 @@ if grep -q '^CONFIG_MODULES=y' $KCONFIG_ + rmdir "$tmpdir/lib/modules/$version" + fi + if [ -n "$BUILD_DEBUG" ] ; then +- ( +- cd $tmpdir +- for module in $(find lib/modules/ -name *.ko); do +- mkdir -p $(dirname $dbg_dir/usr/lib/debug/$module) +- # only keep debug symbols in the debug file +- $OBJCOPY --only-keep-debug $module $dbg_dir/usr/lib/debug/$module +- # strip original module from debug symbols +- $OBJCOPY --strip-debug $module +- # then add a link to those +- $OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $module +- done +- ) ++ for module in $(find $tmpdir/lib/modules/ -name *.ko -printf '%P\n'); do ++ module=lib/modules/$module ++ mkdir -p $(dirname $dbg_dir/usr/lib/debug/$module) ++ # only keep debug symbols in the debug file ++ $OBJCOPY --only-keep-debug $tmpdir/$module $dbg_dir/usr/lib/debug/$module ++ # strip original module from debug symbols ++ $OBJCOPY --strip-debug $tmpdir/$module ++ # then add a link to those ++ $OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $tmpdir/$module ++ done + fi + fi + diff --git a/queue-3.17/checkpatch-remove-unnecessary-after-8-8.patch b/queue-3.17/checkpatch-remove-unnecessary-after-8-8.patch new file mode 100644 index 00000000000..f13db49f009 --- /dev/null +++ b/queue-3.17/checkpatch-remove-unnecessary-after-8-8.patch @@ -0,0 +1,33 @@ +From d2207ccbc59900311c88bb9150b24253cd4ddd49 Mon Sep 17 00:00:00 2001 +From: Joe Perches +Date: Mon, 13 Oct 2014 15:51:53 -0700 +Subject: checkpatch: remove unnecessary + after {8,8} + +From: Joe Perches + +commit d2207ccbc59900311c88bb9150b24253cd4ddd49 upstream. + +There's a useless "+" use that needs to be removed as perl 5.20 emits a +"Useless use of greediness modifier '+'" message each time it's hit. + +Signed-off-by: Joe Perches +Reported-by: Greg KH +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + scripts/checkpatch.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/scripts/checkpatch.pl ++++ b/scripts/checkpatch.pl +@@ -2424,7 +2424,7 @@ sub process { + "please, no space before tabs\n" . $herevet) && + $fix) { + while ($fixed[$fixlinenr] =~ +- s/(^\+.*) {8,8}+\t/$1\t\t/) {} ++ s/(^\+.*) {8,8}\t/$1\t\t/) {} + while ($fixed[$fixlinenr] =~ + s/(^\+.*) +\t/$1\t/) {} + } diff --git a/queue-3.17/clocksource-remove-weak-from-clocksource_default_clock-declaration.patch b/queue-3.17/clocksource-remove-weak-from-clocksource_default_clock-declaration.patch new file mode 100644 index 00000000000..4185e4b8d27 --- /dev/null +++ b/queue-3.17/clocksource-remove-weak-from-clocksource_default_clock-declaration.patch @@ -0,0 +1,43 @@ +From 96a2adbc6f501996418da9f7afe39bf0e4d006a9 Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 18:59:09 -0600 +Subject: clocksource: Remove "weak" from clocksource_default_clock() declaration + +From: Bjorn Helgaas + +commit 96a2adbc6f501996418da9f7afe39bf0e4d006a9 upstream. + +kernel/time/jiffies.c provides a default clocksource_default_clock() +definition explicitly marked "weak". arch/s390 provides its own definition +intended to override the default, but the "weak" attribute on the +declaration applied to the s390 definition as well, so the linker chose one +based on link order (see 10629d711ed7 ("PCI: Remove __weak annotation from +pcibios_get_phb_of_node decl")). + +Remove the "weak" attribute from the clocksource_default_clock() +declaration so we always prefer a non-weak definition over the weak one, +independent of link order. + +Fixes: f1b82746c1e9 ("clocksource: Cleanup clocksource selection") +Signed-off-by: Bjorn Helgaas +Acked-by: John Stultz +Acked-by: Ingo Molnar +CC: Daniel Lezcano +CC: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/clocksource.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/clocksource.h ++++ b/include/linux/clocksource.h +@@ -287,7 +287,7 @@ extern struct clocksource* clocksource_g + extern void clocksource_change_rating(struct clocksource *cs, int rating); + extern void clocksource_suspend(void); + extern void clocksource_resume(void); +-extern struct clocksource * __init __weak clocksource_default_clock(void); ++extern struct clocksource * __init clocksource_default_clock(void); + extern void clocksource_mark_unstable(struct clocksource *cs); + + extern u64 diff --git a/queue-3.17/dell-wmi-fix-access-out-of-memory.patch b/queue-3.17/dell-wmi-fix-access-out-of-memory.patch new file mode 100644 index 00000000000..1ac2a439ad7 --- /dev/null +++ b/queue-3.17/dell-wmi-fix-access-out-of-memory.patch @@ -0,0 +1,55 @@ +From a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= +Date: Mon, 29 Sep 2014 15:10:51 +0200 +Subject: dell-wmi: Fix access out of memory +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= + +commit a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 upstream. + +Without this patch, dell-wmi is trying to access elements of dynamically +allocated array without checking the array size. This can lead to memory +corruption or a kernel panic. This patch adds the missing checks for +array size. + +Signed-off-by: Pali Rohár +Signed-off-by: Darren Hart +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/platform/x86/dell-wmi.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/drivers/platform/x86/dell-wmi.c ++++ b/drivers/platform/x86/dell-wmi.c +@@ -163,18 +163,24 @@ static void dell_wmi_notify(u32 value, v + const struct key_entry *key; + int reported_key; + u16 *buffer_entry = (u16 *)obj->buffer.pointer; ++ int buffer_size = obj->buffer.length/2; + +- if (dell_new_hk_type && (buffer_entry[1] != 0x10)) { ++ if (buffer_size >= 2 && dell_new_hk_type && buffer_entry[1] != 0x10) { + pr_info("Received unknown WMI event (0x%x)\n", + buffer_entry[1]); + kfree(obj); + return; + } + +- if (dell_new_hk_type || buffer_entry[1] == 0x0) ++ if (buffer_size >= 3 && (dell_new_hk_type || buffer_entry[1] == 0x0)) + reported_key = (int)buffer_entry[2]; +- else ++ else if (buffer_size >= 2) + reported_key = (int)buffer_entry[1] & 0xffff; ++ else { ++ pr_info("Received unknown WMI event\n"); ++ kfree(obj); ++ return; ++ } + + key = sparse_keymap_entry_from_scancode(dell_wmi_input_dev, + reported_key); diff --git a/queue-3.17/gfs2-make-rename-not-save-dirent-location.patch b/queue-3.17/gfs2-make-rename-not-save-dirent-location.patch new file mode 100644 index 00000000000..af95001bc33 --- /dev/null +++ b/queue-3.17/gfs2-make-rename-not-save-dirent-location.patch @@ -0,0 +1,88 @@ +From 19aeb5a65f1a6504fc665466c188241e7393d66f Mon Sep 17 00:00:00 2001 +From: Bob Peterson +Date: Mon, 29 Sep 2014 08:52:04 -0400 +Subject: GFS2: Make rename not save dirent location + +From: Bob Peterson + +commit 19aeb5a65f1a6504fc665466c188241e7393d66f upstream. + +This patch fixes a regression in the patch "GFS2: Remember directory +insert point", commit 2b47dad866d04f14c328f888ba5406057b8c7d33. +The problem had to do with the rename function: The function found +space for the new dirent, and remembered that location. But then the +old dirent was removed, which often moved the eligible location for +the renamed dirent. Putting the new dirent at the saved location +caused file system corruption. + +This patch adds a new "save_loc" variable to struct gfs2_diradd. +If 1, the dirent location is saved. If 0, the dirent location is not +saved and the buffer_head is released as per previous behavior. + +Signed-off-by: Bob Peterson +Signed-off-by: Steven Whitehouse +Signed-off-by: Greg Kroah-Hartman + +--- + fs/gfs2/dir.c | 9 +++++++-- + fs/gfs2/dir.h | 1 + + fs/gfs2/inode.c | 6 +++--- + 3 files changed, 11 insertions(+), 5 deletions(-) + +--- a/fs/gfs2/dir.c ++++ b/fs/gfs2/dir.c +@@ -2100,8 +2100,13 @@ int gfs2_diradd_alloc_required(struct in + } + if (IS_ERR(dent)) + return PTR_ERR(dent); +- da->bh = bh; +- da->dent = dent; ++ ++ if (da->save_loc) { ++ da->bh = bh; ++ da->dent = dent; ++ } else { ++ brelse(bh); ++ } + return 0; + } + +--- a/fs/gfs2/dir.h ++++ b/fs/gfs2/dir.h +@@ -23,6 +23,7 @@ struct gfs2_diradd { + unsigned nr_blocks; + struct gfs2_dirent *dent; + struct buffer_head *bh; ++ int save_loc; + }; + + extern struct inode *gfs2_dir_search(struct inode *dir, +--- a/fs/gfs2/inode.c ++++ b/fs/gfs2/inode.c +@@ -600,7 +600,7 @@ static int gfs2_create_inode(struct inod + int error, free_vfs_inode = 0; + u32 aflags = 0; + unsigned blocks = 1; +- struct gfs2_diradd da = { .bh = NULL, }; ++ struct gfs2_diradd da = { .bh = NULL, .save_loc = 1, }; + + if (!name->len || name->len > GFS2_FNAMESIZE) + return -ENAMETOOLONG; +@@ -899,7 +899,7 @@ static int gfs2_link(struct dentry *old_ + struct gfs2_inode *ip = GFS2_I(inode); + struct gfs2_holder ghs[2]; + struct buffer_head *dibh; +- struct gfs2_diradd da = { .bh = NULL, }; ++ struct gfs2_diradd da = { .bh = NULL, .save_loc = 1, }; + int error; + + if (S_ISDIR(inode->i_mode)) +@@ -1337,7 +1337,7 @@ static int gfs2_rename(struct inode *odi + struct gfs2_rgrpd *nrgd; + unsigned int num_gh; + int dir_rename = 0; +- struct gfs2_diradd da = { .nr_blocks = 0, }; ++ struct gfs2_diradd da = { .nr_blocks = 0, .save_loc = 0, }; + unsigned int x; + int error; + diff --git a/queue-3.17/ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch b/queue-3.17/ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch new file mode 100644 index 00000000000..c2222c87360 --- /dev/null +++ b/queue-3.17/ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch @@ -0,0 +1,33 @@ +From 8b0f93d9490653a7b9fc91f3570089132faed1c0 Mon Sep 17 00:00:00 2001 +From: Devesh Sharma +Date: Fri, 26 Sep 2014 20:45:32 +0530 +Subject: IB/core: Clear AH attr variable to prevent garbage data + +From: Devesh Sharma + +commit 8b0f93d9490653a7b9fc91f3570089132faed1c0 upstream. + +During create-ah from userspace, uverbs is sending garbage data in +attr.dmac and attr.vlan_id. This patch sets attr.dmac and +attr.vlan_id to zero. + +Fixes: dd5f03beb4f7 ("IB/core: Ethernet L2 attributes in verbs/cm structures") +Signed-off-by: Devesh Sharma +Signed-off-by: Roland Dreier +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/uverbs_cmd.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/infiniband/core/uverbs_cmd.c ++++ b/drivers/infiniband/core/uverbs_cmd.c +@@ -2518,6 +2518,8 @@ ssize_t ib_uverbs_create_ah(struct ib_uv + attr.grh.sgid_index = cmd.attr.grh.sgid_index; + attr.grh.hop_limit = cmd.attr.grh.hop_limit; + attr.grh.traffic_class = cmd.attr.grh.traffic_class; ++ attr.vlan_id = 0; ++ memset(&attr.dmac, 0, sizeof(attr.dmac)); + memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16); + + ah = ib_create_ah(pd, &attr); diff --git a/queue-3.17/ipc-always-handle-a-new-value-of-auto_msgmni.patch b/queue-3.17/ipc-always-handle-a-new-value-of-auto_msgmni.patch new file mode 100644 index 00000000000..cc078c6ab89 --- /dev/null +++ b/queue-3.17/ipc-always-handle-a-new-value-of-auto_msgmni.patch @@ -0,0 +1,63 @@ +From 1195d94e006b23c6292e78857e154872e33b6d7e Mon Sep 17 00:00:00 2001 +From: Andrey Vagin +Date: Mon, 13 Oct 2014 15:54:10 -0700 +Subject: ipc: always handle a new value of auto_msgmni + +From: Andrey Vagin + +commit 1195d94e006b23c6292e78857e154872e33b6d7e upstream. + +proc_dointvec_minmax() returns zero if a new value has been set. So we +don't need to check all charecters have been handled. + +Below you can find two examples. In the new value has not been handled +properly. + +$ strace ./a.out +open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3 +write(3, "0\n\0", 3) = 2 +close(3) = 0 +exit_group(0) +$ cat /sys/kernel/debug/tracing/trace + +$strace ./a.out +open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3 +write(3, "0\n", 2) = 2 +close(3) = 0 + +$ cat /sys/kernel/debug/tracing/trace +a.out-697 [000] .... 3280.998235: unregister_ipcns_notifier <-proc_ipcauto_dointvec_minmax + +Fixes: 9eefe520c814 ("ipc: do not use a negative value to re-enable msgmni automatic recomputin") +Signed-off-by: Andrey Vagin +Cc: Mathias Krause +Cc: Manfred Spraul +Cc: Joe Perches +Cc: Davidlohr Bueso +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + ipc/ipc_sysctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/ipc/ipc_sysctl.c ++++ b/ipc/ipc_sysctl.c +@@ -123,7 +123,6 @@ static int proc_ipcauto_dointvec_minmax( + void __user *buffer, size_t *lenp, loff_t *ppos) + { + struct ctl_table ipc_table; +- size_t lenp_bef = *lenp; + int oldval; + int rc; + +@@ -133,7 +132,7 @@ static int proc_ipcauto_dointvec_minmax( + + rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos); + +- if (write && !rc && lenp_bef == *lenp) { ++ if (write && !rc) { + int newval = *((int *)(ipc_table.data)); + /* + * The file "auto_msgmni" has correctly been set. diff --git a/queue-3.17/kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch b/queue-3.17/kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch new file mode 100644 index 00000000000..c9993efe153 --- /dev/null +++ b/queue-3.17/kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch @@ -0,0 +1,40 @@ +From 107bcc6d566cb40184068d888637f9aefe6252dd Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 19:00:25 -0600 +Subject: kgdb: Remove "weak" from kgdb_arch_pc() declaration + +From: Bjorn Helgaas + +commit 107bcc6d566cb40184068d888637f9aefe6252dd upstream. + +kernel/debug/debug_core.c provides a default kgdb_arch_pc() definition +explicitly marked "weak". Several architectures provide their own +definitions intended to override the default, but the "weak" attribute on +the declaration applied to the arch definitions as well, so the linker +chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak +annotation from pcibios_get_phb_of_node decl")). + +Remove the "weak" attribute from the declaration so we always prefer a +non-weak definition over the weak one, independent of link order. + +Fixes: 688b744d8bc8 ("kgdb: fix signedness mixmatches, add statics, add declaration to header") +Tested-by: Vineet Gupta # for ARC build +Signed-off-by: Bjorn Helgaas +Reviewed-by: Harvey Harrison +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/kgdb.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/kgdb.h ++++ b/include/linux/kgdb.h +@@ -283,7 +283,7 @@ struct kgdb_io { + + extern struct kgdb_arch arch_kgdb_ops; + +-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); ++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs); + + #ifdef CONFIG_SERIAL_KGDB_NMI + extern int kgdb_register_nmi_console(void); diff --git a/queue-3.17/memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch b/queue-3.17/memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch new file mode 100644 index 00000000000..cd85370437f --- /dev/null +++ b/queue-3.17/memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch @@ -0,0 +1,44 @@ +From e0a8400c6923a163265d52798cdd4c33f3f8ab5a Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 19:00:47 -0600 +Subject: memory-hotplug: Remove "weak" from memory_block_size_bytes() declaration + +From: Bjorn Helgaas + +commit e0a8400c6923a163265d52798cdd4c33f3f8ab5a upstream. + +drivers/base/memory.c provides a default memory_block_size_bytes() +definition explicitly marked "weak". Several architectures provide their +own definitions intended to override the default, but the "weak" attribute +on the declaration applied to the arch definitions as well, so the linker +chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak +annotation from pcibios_get_phb_of_node decl")). + +Remove the "weak" attribute from the declaration so we always prefer a +non-weak definition over the weak one, independent of link order. + +Fixes: 41f107266b19 ("drivers: base: Add prototype declaration to the header file") +Signed-off-by: Bjorn Helgaas +Acked-by: Andrew Morton +CC: Rashika Kheria +CC: Nathan Fontenot +CC: Anton Blanchard +CC: Heiko Carstens +CC: Yinghai Lu +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/memory.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/memory.h ++++ b/include/linux/memory.h +@@ -35,7 +35,7 @@ struct memory_block { + }; + + int arch_get_memory_phys_device(unsigned long start_pfn); +-unsigned long __weak memory_block_size_bytes(void); ++unsigned long memory_block_size_bytes(void); + + /* These states are exposed to userspace as text strings in sysfs */ + #define MEM_ONLINE (1<<0) /* exposed to userspace */ diff --git a/queue-3.17/mm-thp-fix-collapsing-of-hugepages-on-madvise.patch b/queue-3.17/mm-thp-fix-collapsing-of-hugepages-on-madvise.patch new file mode 100644 index 00000000000..8174d888f2e --- /dev/null +++ b/queue-3.17/mm-thp-fix-collapsing-of-hugepages-on-madvise.patch @@ -0,0 +1,171 @@ +From 6d50e60cd2edb5a57154db5a6f64eef5aa59b751 Mon Sep 17 00:00:00 2001 +From: David Rientjes +Date: Wed, 29 Oct 2014 14:50:31 -0700 +Subject: mm, thp: fix collapsing of hugepages on madvise + +From: David Rientjes + +commit 6d50e60cd2edb5a57154db5a6f64eef5aa59b751 upstream. + +If an anonymous mapping is not allowed to fault thp memory and then +madvise(MADV_HUGEPAGE) is used after fault, khugepaged will never +collapse this memory into thp memory. + +This occurs because the madvise(2) handler for thp, hugepage_madvise(), +clears VM_NOHUGEPAGE on the stack and it isn't stored in vma->vm_flags +until the final action of madvise_behavior(). This causes the +khugepaged_enter_vma_merge() to be a no-op in hugepage_madvise() when +the vma had previously had VM_NOHUGEPAGE set. + +Fix this by passing the correct vma flags to the khugepaged mm slot +handler. There's no chance khugepaged can run on this vma until after +madvise_behavior() returns since we hold mm->mmap_sem. + +It would be possible to clear VM_NOHUGEPAGE directly from vma->vm_flags +in hugepage_advise(), but I didn't want to introduce special case +behavior into madvise_behavior(). I think it's best to just let it +always set vma->vm_flags itself. + +Signed-off-by: David Rientjes +Reported-by: Suleiman Souhlal +Cc: "Kirill A. Shutemov" +Cc: Andrea Arcangeli +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/khugepaged.h | 17 ++++++++++------- + mm/huge_memory.c | 11 ++++++----- + mm/mmap.c | 8 ++++---- + 3 files changed, 20 insertions(+), 16 deletions(-) + +--- a/include/linux/khugepaged.h ++++ b/include/linux/khugepaged.h +@@ -6,7 +6,8 @@ + #ifdef CONFIG_TRANSPARENT_HUGEPAGE + extern int __khugepaged_enter(struct mm_struct *mm); + extern void __khugepaged_exit(struct mm_struct *mm); +-extern int khugepaged_enter_vma_merge(struct vm_area_struct *vma); ++extern int khugepaged_enter_vma_merge(struct vm_area_struct *vma, ++ unsigned long vm_flags); + + #define khugepaged_enabled() \ + (transparent_hugepage_flags & \ +@@ -35,13 +36,13 @@ static inline void khugepaged_exit(struc + __khugepaged_exit(mm); + } + +-static inline int khugepaged_enter(struct vm_area_struct *vma) ++static inline int khugepaged_enter(struct vm_area_struct *vma, ++ unsigned long vm_flags) + { + if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags)) + if ((khugepaged_always() || +- (khugepaged_req_madv() && +- vma->vm_flags & VM_HUGEPAGE)) && +- !(vma->vm_flags & VM_NOHUGEPAGE)) ++ (khugepaged_req_madv() && (vm_flags & VM_HUGEPAGE))) && ++ !(vm_flags & VM_NOHUGEPAGE)) + if (__khugepaged_enter(vma->vm_mm)) + return -ENOMEM; + return 0; +@@ -54,11 +55,13 @@ static inline int khugepaged_fork(struct + static inline void khugepaged_exit(struct mm_struct *mm) + { + } +-static inline int khugepaged_enter(struct vm_area_struct *vma) ++static inline int khugepaged_enter(struct vm_area_struct *vma, ++ unsigned long vm_flags) + { + return 0; + } +-static inline int khugepaged_enter_vma_merge(struct vm_area_struct *vma) ++static inline int khugepaged_enter_vma_merge(struct vm_area_struct *vma, ++ unsigned long vm_flags) + { + return 0; + } +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -803,7 +803,7 @@ int do_huge_pmd_anonymous_page(struct mm + return VM_FAULT_FALLBACK; + if (unlikely(anon_vma_prepare(vma))) + return VM_FAULT_OOM; +- if (unlikely(khugepaged_enter(vma))) ++ if (unlikely(khugepaged_enter(vma, vma->vm_flags))) + return VM_FAULT_OOM; + if (!(flags & FAULT_FLAG_WRITE) && + transparent_hugepage_use_zero_page()) { +@@ -1970,7 +1970,7 @@ int hugepage_madvise(struct vm_area_stru + * register it here without waiting a page fault that + * may not happen any time soon. + */ +- if (unlikely(khugepaged_enter_vma_merge(vma))) ++ if (unlikely(khugepaged_enter_vma_merge(vma, *vm_flags))) + return -ENOMEM; + break; + case MADV_NOHUGEPAGE: +@@ -2071,7 +2071,8 @@ int __khugepaged_enter(struct mm_struct + return 0; + } + +-int khugepaged_enter_vma_merge(struct vm_area_struct *vma) ++int khugepaged_enter_vma_merge(struct vm_area_struct *vma, ++ unsigned long vm_flags) + { + unsigned long hstart, hend; + if (!vma->anon_vma) +@@ -2083,11 +2084,11 @@ int khugepaged_enter_vma_merge(struct vm + if (vma->vm_ops) + /* khugepaged not yet working on file or special mappings */ + return 0; +- VM_BUG_ON(vma->vm_flags & VM_NO_THP); ++ VM_BUG_ON(vm_flags & VM_NO_THP); + hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; + hend = vma->vm_end & HPAGE_PMD_MASK; + if (hstart < hend) +- return khugepaged_enter(vma); ++ return khugepaged_enter(vma, vm_flags); + return 0; + } + +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -1056,7 +1056,7 @@ struct vm_area_struct *vma_merge(struct + end, prev->vm_pgoff, NULL); + if (err) + return NULL; +- khugepaged_enter_vma_merge(prev); ++ khugepaged_enter_vma_merge(prev, vm_flags); + return prev; + } + +@@ -1075,7 +1075,7 @@ struct vm_area_struct *vma_merge(struct + next->vm_pgoff - pglen, NULL); + if (err) + return NULL; +- khugepaged_enter_vma_merge(area); ++ khugepaged_enter_vma_merge(area, vm_flags); + return area; + } + +@@ -2192,7 +2192,7 @@ int expand_upwards(struct vm_area_struct + } + } + vma_unlock_anon_vma(vma); +- khugepaged_enter_vma_merge(vma); ++ khugepaged_enter_vma_merge(vma, vma->vm_flags); + validate_mm(vma->vm_mm); + return error; + } +@@ -2261,7 +2261,7 @@ int expand_downwards(struct vm_area_stru + } + } + vma_unlock_anon_vma(vma); +- khugepaged_enter_vma_merge(vma); ++ khugepaged_enter_vma_merge(vma, vma->vm_flags); + validate_mm(vma->vm_mm); + return error; + } diff --git a/queue-3.17/net-systemport-enable-rx-interrupts-after-napi.patch b/queue-3.17/net-systemport-enable-rx-interrupts-after-napi.patch new file mode 100644 index 00000000000..7435e15fe38 --- /dev/null +++ b/queue-3.17/net-systemport-enable-rx-interrupts-after-napi.patch @@ -0,0 +1,63 @@ +From 8edf0047f4b8e03d94ef88f5a7dec146cce03a06 Mon Sep 17 00:00:00 2001 +From: Florian Fainelli +Date: Tue, 28 Oct 2014 11:12:00 -0700 +Subject: net: systemport: enable RX interrupts after NAPI + +From: Florian Fainelli + +commit 8edf0047f4b8e03d94ef88f5a7dec146cce03a06 upstream. + +There is currently a small window during which the SYSTEMPORT adapter +enables its RX interrupts without having enabled its NAPI handler, which +can result in packets to be discarded during interface bringup. + +A similar but more serious window exists in bcm_sysport_resume() during +which we can have the RDMA engine not fully prepared to receive packets +and yet having RX interrupts enabled. + +Fix this my moving the RX interrupt enable down to +bcm_sysport_netif_start() after napi_enable() for the RX path is called, +which fixes both call sites: bcm_sysport_open() and +bcm_sysport_resume(). + +Fixes: b02e6d9ba7ad ("net: systemport: add bcm_sysport_netif_{enable,stop}") +Signed-off-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/broadcom/bcmsysport.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +--- a/drivers/net/ethernet/broadcom/bcmsysport.c ++++ b/drivers/net/ethernet/broadcom/bcmsysport.c +@@ -1384,6 +1384,9 @@ static void bcm_sysport_netif_start(stru + /* Enable NAPI */ + napi_enable(&priv->napi); + ++ /* Enable RX interrupt and TX ring full interrupt */ ++ intrl2_0_mask_clear(priv, INTRL2_0_RDMA_MBDONE | INTRL2_0_TX_RING_FULL); ++ + phy_start(priv->phydev); + + /* Enable TX interrupts for the 32 TXQs */ +@@ -1486,9 +1489,6 @@ static int bcm_sysport_open(struct net_d + if (ret) + goto out_free_rx_ring; + +- /* Enable RX interrupt and TX ring full interrupt */ +- intrl2_0_mask_clear(priv, INTRL2_0_RDMA_MBDONE | INTRL2_0_TX_RING_FULL); +- + /* Turn on TDMA */ + ret = tdma_enable_set(priv, 1); + if (ret) +@@ -1872,9 +1872,6 @@ static int bcm_sysport_resume(struct dev + + netif_device_attach(dev); + +- /* Enable RX interrupt and TX ring full interrupt */ +- intrl2_0_mask_clear(priv, INTRL2_0_RDMA_MBDONE | INTRL2_0_TX_RING_FULL); +- + /* RX pipe enable */ + topctrl_writel(priv, 0, RX_FLUSH_CNTL); + diff --git a/queue-3.17/net-systemport-reset-unimac-coming-out-of-a-suspend-cycle.patch b/queue-3.17/net-systemport-reset-unimac-coming-out-of-a-suspend-cycle.patch new file mode 100644 index 00000000000..628386856c4 --- /dev/null +++ b/queue-3.17/net-systemport-reset-unimac-coming-out-of-a-suspend-cycle.patch @@ -0,0 +1,45 @@ +From 704d33e7006f20f9b4fa7d24a0f08c4b5919b131 Mon Sep 17 00:00:00 2001 +From: Florian Fainelli +Date: Tue, 28 Oct 2014 11:12:01 -0700 +Subject: net: systemport: reset UniMAC coming out of a suspend cycle + +From: Florian Fainelli + +commit 704d33e7006f20f9b4fa7d24a0f08c4b5919b131 upstream. + +bcm_sysport_resume() was missing an UniMAC reset which can lead to +various receive FIFO corruptions coming out of a suspend cycle. If the +RX FIFO is stuck, it will deliver corrupted/duplicate packets towards +the host CPU interface. + +This could be reproduced on crowded network and when Wake-on-LAN is +enabled for this particular interface because the switch still forwards +packets towards the host CPU interface (SYSTEMPORT), and we had to leave +the UniMAC RX enable bit on to allow matching MagicPackets. + +Once we re-enter the resume function, there is a small window during +which the UniMAC receive is still enabled, and we start queueing +packets, but the RDMA and RBUF engines are not ready, which leads to +having packets stuck in the UniMAC RX FIFO, ultimately delivered towards +the host CPU as corrupted. + +Fixes: 40755a0fce17 ("net: systemport: add suspend and resume support") +Signed-off-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/broadcom/bcmsysport.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/ethernet/broadcom/bcmsysport.c ++++ b/drivers/net/ethernet/broadcom/bcmsysport.c +@@ -1845,6 +1845,8 @@ static int bcm_sysport_resume(struct dev + if (!netif_running(dev)) + return 0; + ++ umac_reset(priv); ++ + /* We may have been suspended and never received a WOL event that + * would turn off MPD detection, take care of that now + */ diff --git a/queue-3.17/netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch b/queue-3.17/netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch new file mode 100644 index 00000000000..b0982f84e7b --- /dev/null +++ b/queue-3.17/netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch @@ -0,0 +1,33 @@ +From 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 21 Oct 2014 11:28:12 +0300 +Subject: netfilter: ipset: off by one in ip_set_nfnl_get_byindex() + +From: Dan Carpenter + +commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 upstream. + +The ->ip_set_list[] array is initialized in ip_set_net_init() and it +has ->ip_set_max elements so this check should be >= instead of > +otherwise we are off by one. + +Signed-off-by: Dan Carpenter +Acked-by: Jozsef Kadlecsik +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/ipset/ip_set_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/ipset/ip_set_core.c ++++ b/net/netfilter/ipset/ip_set_core.c +@@ -635,7 +635,7 @@ ip_set_nfnl_get_byindex(struct net *net, + struct ip_set *set; + struct ip_set_net *inst = ip_set_pernet(net); + +- if (index > inst->ip_set_max) ++ if (index >= inst->ip_set_max) + return IPSET_INVALID_ID; + + nfnl_lock(NFNL_SUBSYS_IPSET); diff --git a/queue-3.17/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch b/queue-3.17/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch new file mode 100644 index 00000000000..a59971c4f53 --- /dev/null +++ b/queue-3.17/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch @@ -0,0 +1,47 @@ +From 9dfa1dfe4d5e5e66a991321ab08afe69759d797a Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Thu, 23 Oct 2014 10:36:06 +0200 +Subject: netfilter: nf_log: account for size of NLMSG_DONE attribute + +From: Florian Westphal + +commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a upstream. + +We currently neither account for the nlattr size, nor do we consider +the size of the trailing NLMSG_DONE when allocating nlmsg skb. + +This can result in nflog to stop working, as __nfulnl_send() re-tries +sending forever if it failed to append NLMSG_DONE (which will never +work if buffer is not large enough). + +Reported-by: Houcheng Lin +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_log.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/net/netfilter/nfnetlink_log.c ++++ b/net/netfilter/nfnetlink_log.c +@@ -649,7 +649,8 @@ nfulnl_log_packet(struct net *net, + + nla_total_size(sizeof(u_int32_t)) /* gid */ + + nla_total_size(plen) /* prefix */ + + nla_total_size(sizeof(struct nfulnl_msg_packet_hw)) +- + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)); ++ + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)) ++ + nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */ + + if (in && skb_mac_header_was_set(skb)) { + size += nla_total_size(skb->dev->hard_header_len) +@@ -692,8 +693,7 @@ nfulnl_log_packet(struct net *net, + goto unlock_and_release; + } + +- if (inst->skb && +- size > skb_tailroom(inst->skb) - sizeof(struct nfgenmsg)) { ++ if (inst->skb && size > skb_tailroom(inst->skb)) { + /* either the queue len is too high or we don't have + * enough room in the skb left. flush to userspace. */ + __nfulnl_flush(inst); diff --git a/queue-3.17/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch b/queue-3.17/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch new file mode 100644 index 00000000000..e320cdd1fe1 --- /dev/null +++ b/queue-3.17/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch @@ -0,0 +1,66 @@ +From b51d3fa364885a2c1e1668f88776c67c95291820 Mon Sep 17 00:00:00 2001 +From: Houcheng Lin +Date: Thu, 23 Oct 2014 10:36:08 +0200 +Subject: netfilter: nf_log: release skbuff on nlmsg put failure + +From: Houcheng Lin + +commit b51d3fa364885a2c1e1668f88776c67c95291820 upstream. + +The kernel should reserve enough room in the skb so that the DONE +message can always be appended. However, in case of e.g. new attribute +erronously not being size-accounted for, __nfulnl_send() will still +try to put next nlmsg into this full skbuf, causing the skb to be stuck +forever and blocking delivery of further messages. + +Fix issue by releasing skb immediately after nlmsg_put error and +WARN() so we can track down the cause of such size mismatch. + +[ fw@strlen.de: add tailroom/len info to WARN ] + +Signed-off-by: Houcheng Lin +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_log.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +--- a/net/netfilter/nfnetlink_log.c ++++ b/net/netfilter/nfnetlink_log.c +@@ -346,26 +346,25 @@ nfulnl_alloc_skb(struct net *net, u32 pe + return skb; + } + +-static int ++static void + __nfulnl_send(struct nfulnl_instance *inst) + { +- int status = -1; +- + if (inst->qlen > 1) { + struct nlmsghdr *nlh = nlmsg_put(inst->skb, 0, 0, + NLMSG_DONE, + sizeof(struct nfgenmsg), + 0); +- if (!nlh) ++ if (WARN_ONCE(!nlh, "bad nlskb size: %u, tailroom %d\n", ++ inst->skb->len, skb_tailroom(inst->skb))) { ++ kfree_skb(inst->skb); + goto out; ++ } + } +- status = nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, +- MSG_DONTWAIT); +- ++ nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, ++ MSG_DONTWAIT); ++out: + inst->qlen = 0; + inst->skb = NULL; +-out: +- return status; + } + + static void diff --git a/queue-3.17/netfilter-nf_tables-check-for-null-in-nf_tables_newchain-pcpu-stats-allocation.patch b/queue-3.17/netfilter-nf_tables-check-for-null-in-nf_tables_newchain-pcpu-stats-allocation.patch new file mode 100644 index 00000000000..a6d95090694 --- /dev/null +++ b/queue-3.17/netfilter-nf_tables-check-for-null-in-nf_tables_newchain-pcpu-stats-allocation.patch @@ -0,0 +1,35 @@ +From c123bb7163043bb8f33858cf8e45b01c17dbd171 Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca +Date: Tue, 21 Oct 2014 11:08:21 +0200 +Subject: netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats allocation + +From: Sabrina Dubroca + +commit c123bb7163043bb8f33858cf8e45b01c17dbd171 upstream. + +alloc_percpu returns NULL on failure, not a negative error code. + +Fixes: ff3cd7b3c922 ("netfilter: nf_tables: refactor chain statistic routines") +Signed-off-by: Sabrina Dubroca +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_tables_api.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -1102,10 +1102,10 @@ static int nf_tables_newchain(struct soc + basechain->stats = stats; + } else { + stats = netdev_alloc_pcpu_stats(struct nft_stats); +- if (IS_ERR(stats)) { ++ if (stats == NULL) { + module_put(type->owner); + kfree(basechain); +- return PTR_ERR(stats); ++ return -ENOMEM; + } + rcu_assign_pointer(basechain->stats, stats); + } diff --git a/queue-3.17/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch b/queue-3.17/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch new file mode 100644 index 00000000000..9a24139139e --- /dev/null +++ b/queue-3.17/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch @@ -0,0 +1,55 @@ +From c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Thu, 23 Oct 2014 10:36:07 +0200 +Subject: netfilter: nfnetlink_log: fix maximum packet length logged to userspace + +From: Florian Westphal + +commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 upstream. + +don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work. +The nla length includes the size of the nla struct, so anything larger +results in u16 integer overflow. + +This patch is similar to +9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage). + +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_log.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/net/netfilter/nfnetlink_log.c ++++ b/net/netfilter/nfnetlink_log.c +@@ -43,7 +43,8 @@ + #define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE + #define NFULNL_TIMEOUT_DEFAULT 100 /* every second */ + #define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */ +-#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */ ++/* max packet size is limited by 16-bit struct nfattr nfa_len field */ ++#define NFULNL_COPY_RANGE_MAX (0xFFFF - NLA_HDRLEN) + + #define PRINTR(x, args...) do { if (net_ratelimit()) \ + printk(x, ## args); } while (0); +@@ -252,6 +253,8 @@ nfulnl_set_mode(struct nfulnl_instance * + + case NFULNL_COPY_PACKET: + inst->copy_mode = mode; ++ if (range == 0) ++ range = NFULNL_COPY_RANGE_MAX; + inst->copy_range = min_t(unsigned int, + range, NFULNL_COPY_RANGE_MAX); + break; +@@ -679,8 +682,7 @@ nfulnl_log_packet(struct net *net, + break; + + case NFULNL_COPY_PACKET: +- if (inst->copy_range == 0 +- || inst->copy_range > skb->len) ++ if (inst->copy_range > skb->len) + data_len = skb->len; + else + data_len = inst->copy_range; diff --git a/queue-3.17/netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch b/queue-3.17/netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch new file mode 100644 index 00000000000..20829ec80ee --- /dev/null +++ b/queue-3.17/netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch @@ -0,0 +1,31 @@ +From 7965ee93719921ea5978f331da653dfa2d7b99f5 Mon Sep 17 00:00:00 2001 +From: Arturo Borrero +Date: Sun, 26 Oct 2014 12:22:40 +0100 +Subject: netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops() + +From: Arturo Borrero + +commit 7965ee93719921ea5978f331da653dfa2d7b99f5 upstream. + +The code looks for an already loaded target, and the correct list to search +is nft_target_list, not nft_match_list. + +Signed-off-by: Arturo Borrero Gonzalez +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nft_compat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nft_compat.c ++++ b/net/netfilter/nft_compat.c +@@ -696,7 +696,7 @@ nft_target_select_ops(const struct nft_c + family = ctx->afi->family; + + /* Re-use the existing target if it's already loaded. */ +- list_for_each_entry(nft_target, &nft_match_list, head) { ++ list_for_each_entry(nft_target, &nft_target_list, head) { + struct xt_target *target = nft_target->ops.data; + + if (strcmp(target->name, tg_name) == 0 && diff --git a/queue-3.17/netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch b/queue-3.17/netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch new file mode 100644 index 00000000000..3ac472358d7 --- /dev/null +++ b/queue-3.17/netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch @@ -0,0 +1,34 @@ +From e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 Mon Sep 17 00:00:00 2001 +From: Pablo Neira +Date: Tue, 29 Jul 2014 18:12:15 +0200 +Subject: netfilter: xt_bpf: add mising opaque struct sk_filter definition + +From: Pablo Neira + +commit e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 upstream. + +This structure is not exposed to userspace, so fix this by defining +struct sk_filter; so we skip the casting in kernelspace. This is safe +since userspace has no way to lurk with that internal pointer. + +Fixes: e6f30c7 ("netfilter: x_tables: add xt_bpf match") +Signed-off-by: Pablo Neira Ayuso +Acked-by: Willem de Bruijn +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + include/uapi/linux/netfilter/xt_bpf.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/include/uapi/linux/netfilter/xt_bpf.h ++++ b/include/uapi/linux/netfilter/xt_bpf.h +@@ -8,6 +8,8 @@ + + struct bpf_prog; + ++struct sk_filter; ++ + struct xt_bpf_info { + __u16 bpf_program_num_elem; + struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; diff --git a/queue-3.17/pwm-fix-uninitialized-warnings-in-pwm_get.patch b/queue-3.17/pwm-fix-uninitialized-warnings-in-pwm_get.patch new file mode 100644 index 00000000000..baee9fd93cb --- /dev/null +++ b/queue-3.17/pwm-fix-uninitialized-warnings-in-pwm_get.patch @@ -0,0 +1,89 @@ +From 70145f87139fbc43b726f873813cd91dce371899 Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Thu, 28 Aug 2014 11:03:14 +0200 +Subject: pwm: Fix uninitialized warnings in pwm_get() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Geert Uytterhoeven + +commit 70145f87139fbc43b726f873813cd91dce371899 upstream. + +With some versions of gcc (e.g. 4.1.2): + +drivers/pwm/core.c: In function ‘pwm_get’: +drivers/pwm/core.c:610: warning: ‘polarity’ may be used uninitialized in this function +drivers/pwm/core.c:609: warning: ‘period’ may be used uninitialized in this function + +While these are false positives, we can get rid of them by refactoring +the code to store a pointer to the best match, as suggested before by +Thierry Reding. This does require moving the mutex_unlock() down. + +Fixes: d717ea73e36dd565 ("pwm: Fix period and polarity in pwm_get() for non-perfect matches") +Signed-off-by: Geert Uytterhoeven +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pwm/core.c | 29 ++++++++++++++--------------- + 1 file changed, 14 insertions(+), 15 deletions(-) + +--- a/drivers/pwm/core.c ++++ b/drivers/pwm/core.c +@@ -602,12 +602,9 @@ struct pwm_device *pwm_get(struct device + struct pwm_device *pwm = ERR_PTR(-EPROBE_DEFER); + const char *dev_id = dev ? dev_name(dev) : NULL; + struct pwm_chip *chip = NULL; +- unsigned int index = 0; + unsigned int best = 0; +- struct pwm_lookup *p; ++ struct pwm_lookup *p, *chosen = NULL; + unsigned int match; +- unsigned int period; +- enum pwm_polarity polarity; + + /* look up via DT first */ + if (IS_ENABLED(CONFIG_OF) && dev && dev->of_node) +@@ -653,10 +650,7 @@ struct pwm_device *pwm_get(struct device + } + + if (match > best) { +- chip = pwmchip_find_by_name(p->provider); +- index = p->index; +- period = p->period; +- polarity = p->polarity; ++ chosen = p; + + if (match != 3) + best = match; +@@ -665,17 +659,22 @@ struct pwm_device *pwm_get(struct device + } + } + +- mutex_unlock(&pwm_lookup_lock); ++ if (!chosen) ++ goto out; + +- if (chip) +- pwm = pwm_request_from_chip(chip, index, con_id ?: dev_id); +- if (IS_ERR(pwm)) +- return pwm; ++ chip = pwmchip_find_by_name(chosen->provider); ++ if (!chip) ++ goto out; + +- pwm_set_period(pwm, period); +- pwm_set_polarity(pwm, polarity); ++ pwm = pwm_request_from_chip(chip, chosen->index, con_id ?: dev_id); ++ if (IS_ERR(pwm)) ++ goto out; + ++ pwm_set_period(pwm, chosen->period); ++ pwm_set_polarity(pwm, chosen->polarity); + ++out: ++ mutex_unlock(&pwm_lookup_lock); + return pwm; + } + EXPORT_SYMBOL_GPL(pwm_get); diff --git a/queue-3.17/rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch b/queue-3.17/rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch new file mode 100644 index 00000000000..e71933758b3 --- /dev/null +++ b/queue-3.17/rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch @@ -0,0 +1,73 @@ +From 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd Mon Sep 17 00:00:00 2001 +From: Pranith Kumar +Date: Tue, 12 Aug 2014 13:07:47 -0400 +Subject: rcu: Use rcu_gp_kthread_wake() to wake up grace period kthreads + +From: Pranith Kumar + +commit 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd upstream. + +The rcu_gp_kthread_wake() function checks for three conditions before +waking up grace period kthreads: + +* Is the thread we are trying to wake up the current thread? +* Are the gp_flags zero? (all threads wait on non-zero gp_flags condition) +* Is there no thread created for this flavour, hence nothing to wake up? + +If any one of these condition is true, we do not call wake_up(). +It was found that there are quite a few avoidable wake ups both during +idle time and under stress induced by rcutorture. + +Idle: + +Total:66000, unnecessary:66000, case1:61827, case2:66000, case3:0 +Total:68000, unnecessary:68000, case1:63696, case2:68000, case3:0 + +rcutorture: + +Total:254000, unnecessary:254000, case1:199913, case2:254000, case3:0 +Total:256000, unnecessary:256000, case1:201784, case2:256000, case3:0 + +Here case{1-3} are the cases listed above. We can avoid these wake +ups by using rcu_gp_kthread_wake() to conditionally wake up the grace +period kthreads. + +There is a comment about an implied barrier supplied by the wake_up() +logic. This barrier is necessary for the awakened thread to see the +updated ->gp_flags. This flag is always being updated with the root node +lock held. Also, the awakened thread tries to acquire the root node lock +before reading ->gp_flags because of which there is proper ordering. + +Hence this commit tries to avoid calling wake_up() whenever we can by +using rcu_gp_kthread_wake() function. + +Signed-off-by: Pranith Kumar +CC: Mathieu Desnoyers +Signed-off-by: Paul E. McKenney +Cc: Kamal Mostafa +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/rcu/tree.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -1928,7 +1928,7 @@ static void rcu_report_qs_rsp(struct rcu + { + WARN_ON_ONCE(!rcu_gp_in_progress(rsp)); + raw_spin_unlock_irqrestore(&rcu_get_root(rsp)->lock, flags); +- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */ ++ rcu_gp_kthread_wake(rsp); + } + + /* +@@ -2507,7 +2507,7 @@ static void force_quiescent_state(struct + } + ACCESS_ONCE(rsp->gp_flags) |= RCU_GP_FLAG_FQS; + raw_spin_unlock_irqrestore(&rnp_old->lock, flags); +- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */ ++ rcu_gp_kthread_wake(rsp); + } + + /* diff --git a/queue-3.17/series b/queue-3.17/series index bb90cd002d1..6bcc99dfe9d 100644 --- a/queue-3.17/series +++ b/queue-3.17/series @@ -109,3 +109,25 @@ nfsv4-fix-races-between-nfs_remove_bad_delegation-and-delegation-return.patch nfsv4.1-nfs41_clear_delegation_stateid-shouldn-t-trust-nfs_delegated_state.patch media-ttusb-dec-buffer-overflow-in-ioctl.patch cxgb4-handle-dcb-enable-correctly.patch +net-systemport-enable-rx-interrupts-after-napi.patch +net-systemport-reset-unimac-coming-out-of-a-suspend-cycle.patch +memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch +vmcore-remove-weak-from-function-declarations.patch +kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch +clocksource-remove-weak-from-clocksource_default_clock-declaration.patch +pwm-fix-uninitialized-warnings-in-pwm_get.patch +ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch +ipc-always-handle-a-new-value-of-auto_msgmni.patch +netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch +netfilter-nf_tables-check-for-null-in-nf_tables_newchain-pcpu-stats-allocation.patch +netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch +netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch +netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch +netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch +netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch +gfs2-make-rename-not-save-dirent-location.patch +rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch +dell-wmi-fix-access-out-of-memory.patch +builddeb-put-the-dbg-files-into-the-correct-directory.patch +checkpatch-remove-unnecessary-after-8-8.patch +mm-thp-fix-collapsing-of-hugepages-on-madvise.patch diff --git a/queue-3.17/vmcore-remove-weak-from-function-declarations.patch b/queue-3.17/vmcore-remove-weak-from-function-declarations.patch new file mode 100644 index 00000000000..e75952da185 --- /dev/null +++ b/queue-3.17/vmcore-remove-weak-from-function-declarations.patch @@ -0,0 +1,63 @@ +From 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 18:59:41 -0600 +Subject: vmcore: Remove "weak" from function declarations + +From: Bjorn Helgaas + +commit 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 upstream. + +For the following functions: + + elfcorehdr_alloc() + elfcorehdr_free() + elfcorehdr_read() + elfcorehdr_read_notes() + remap_oldmem_pfn_range() + +fs/proc/vmcore.c provides default definitions explicitly marked "weak". +arch/s390 provides its own definitions intended to override the default +ones, but the "weak" attribute on the declarations applied to the s390 +definitions as well, so the linker chose one based on link order (see +10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node +decl")). + +Remove the "weak" attribute from the declarations so we always prefer a +non-weak definition over the weak one, independent of link order. + +Fixes: be8a8d069e50 ("vmcore: introduce ELF header in new memory feature") +Fixes: 9cb218131de1 ("vmcore: introduce remap_oldmem_pfn_range()") +Signed-off-by: Bjorn Helgaas +Acked-by: Andrew Morton +Acked-by: Vivek Goyal +CC: Michael Holzheu +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/crash_dump.h | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/include/linux/crash_dump.h ++++ b/include/linux/crash_dump.h +@@ -14,14 +14,13 @@ + extern unsigned long long elfcorehdr_addr; + extern unsigned long long elfcorehdr_size; + +-extern int __weak elfcorehdr_alloc(unsigned long long *addr, +- unsigned long long *size); +-extern void __weak elfcorehdr_free(unsigned long long addr); +-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos); +-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); +-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma, +- unsigned long from, unsigned long pfn, +- unsigned long size, pgprot_t prot); ++extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); ++extern void elfcorehdr_free(unsigned long long addr); ++extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos); ++extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); ++extern int remap_oldmem_pfn_range(struct vm_area_struct *vma, ++ unsigned long from, unsigned long pfn, ++ unsigned long size, pgprot_t prot); + + extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, + unsigned long, int);