From 6bcf00c683720a64307ae193b907e52cb96a9543 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 18 Nov 2014 11:00:38 -0800 Subject: [PATCH] 3.14-stable patches added patches: ahci-add-device-ids-for-intel-sunrise-point-pch.patch ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch libceph-do-not-crash-on-large-auth-tickets.patch macvtap-fix-csum_start-when-vlan-tags-are-present.patch xtensa-re-wire-umount-syscall-to-sys_oldumount.patch --- ...vice-ids-for-intel-sunrise-point-pch.patch | 33 ++ ...cq-on-samsung-pci-e-ssds-on-macbooks.patch | 63 +++ ...b-audio-fix-memory-leak-in-ftu-quirk.patch | 41 ++ ...h-do-not-crash-on-large-auth-tickets.patch | 381 ++++++++++++++++++ ...sum_start-when-vlan-tags-are-present.patch | 38 ++ queue-3.14/series | 6 + ...wire-umount-syscall-to-sys_oldumount.patch | 32 ++ 7 files changed, 594 insertions(+) create mode 100644 queue-3.14/ahci-add-device-ids-for-intel-sunrise-point-pch.patch create mode 100644 queue-3.14/ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch create mode 100644 queue-3.14/alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch create mode 100644 queue-3.14/libceph-do-not-crash-on-large-auth-tickets.patch create mode 100644 queue-3.14/macvtap-fix-csum_start-when-vlan-tags-are-present.patch create mode 100644 queue-3.14/xtensa-re-wire-umount-syscall-to-sys_oldumount.patch diff --git a/queue-3.14/ahci-add-device-ids-for-intel-sunrise-point-pch.patch b/queue-3.14/ahci-add-device-ids-for-intel-sunrise-point-pch.patch new file mode 100644 index 00000000000..6b379cec10a --- /dev/null +++ b/queue-3.14/ahci-add-device-ids-for-intel-sunrise-point-pch.patch @@ -0,0 +1,33 @@ +From 690000b930456a98663567d35dd5c54b688d1e3f Mon Sep 17 00:00:00 2001 +From: James Ralston +Date: Mon, 13 Oct 2014 15:16:38 -0700 +Subject: ahci: Add Device IDs for Intel Sunrise Point PCH + +From: James Ralston + +commit 690000b930456a98663567d35dd5c54b688d1e3f upstream. + +This patch adds the AHCI-mode SATA Device IDs for the Intel Sunrise Point PCH. + +Signed-off-by: James Ralston +Signed-off-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/ahci.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -314,6 +314,11 @@ static const struct pci_device_id ahci_p + { PCI_VDEVICE(INTEL, 0x8c87), board_ahci }, /* 9 Series RAID */ + { PCI_VDEVICE(INTEL, 0x8c8e), board_ahci }, /* 9 Series RAID */ + { PCI_VDEVICE(INTEL, 0x8c8f), board_ahci }, /* 9 Series RAID */ ++ { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H AHCI */ ++ { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H RAID */ ++ { PCI_VDEVICE(INTEL, 0xa105), board_ahci }, /* Sunrise Point-H RAID */ ++ { PCI_VDEVICE(INTEL, 0xa107), board_ahci }, /* Sunrise Point-H RAID */ ++ { PCI_VDEVICE(INTEL, 0xa10f), board_ahci }, /* Sunrise Point-H RAID */ + + /* JMicron 360/1/3/5/6, match class to avoid IDE function */ + { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, diff --git a/queue-3.14/ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch b/queue-3.14/ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch new file mode 100644 index 00000000000..0e913f224e0 --- /dev/null +++ b/queue-3.14/ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch @@ -0,0 +1,63 @@ +From 66a7cbc303f4d28f201529b06061944d51ab530c Mon Sep 17 00:00:00 2001 +From: Tejun Heo +Date: Mon, 27 Oct 2014 10:22:56 -0400 +Subject: ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks + +From: Tejun Heo + +commit 66a7cbc303f4d28f201529b06061944d51ab530c upstream. + +Samsung pci-e SSDs on macbooks failed miserably on NCQ commands, so +67809f85d31e ("ahci: disable NCQ on Samsung pci-e SSDs on macbooks") +disabled NCQ on them. It turns out that NCQ is fine as long as MSI is +not used, so let's turn off MSI and leave NCQ on. + +Signed-off-by: Tejun Heo +Link: https://bugzilla.kernel.org/show_bug.cgi?id=60731 +Tested-by: +Tested-by: Imre Kaloz +Fixes: 67809f85d31e ("ahci: disable NCQ on Samsung pci-e SSDs on macbooks") +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/ahci.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -61,6 +61,7 @@ enum board_ids { + /* board IDs by feature in alphabetical order */ + board_ahci, + board_ahci_ign_iferr, ++ board_ahci_nomsi, + board_ahci_noncq, + board_ahci_nosntf, + board_ahci_yes_fbs, +@@ -122,6 +123,13 @@ static const struct ata_port_info ahci_p + .udma_mask = ATA_UDMA6, + .port_ops = &ahci_ops, + }, ++ [board_ahci_nomsi] = { ++ AHCI_HFLAGS (AHCI_HFLAG_NO_MSI), ++ .flags = AHCI_FLAG_COMMON, ++ .pio_mask = ATA_PIO4, ++ .udma_mask = ATA_UDMA6, ++ .port_ops = &ahci_ops, ++ }, + [board_ahci_noncq] = { + AHCI_HFLAGS (AHCI_HFLAG_NO_NCQ), + .flags = AHCI_FLAG_COMMON, +@@ -481,10 +489,10 @@ static const struct pci_device_id ahci_p + { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ + + /* +- * Samsung SSDs found on some macbooks. NCQ times out. +- * https://bugzilla.kernel.org/show_bug.cgi?id=60731 ++ * Samsung SSDs found on some macbooks. NCQ times out if MSI is ++ * enabled. https://bugzilla.kernel.org/show_bug.cgi?id=60731 + */ +- { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_noncq }, ++ { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_nomsi }, + + /* Enmotus */ + { PCI_DEVICE(0x1c44, 0x8000), board_ahci }, diff --git a/queue-3.14/alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch b/queue-3.14/alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch new file mode 100644 index 00000000000..696494e601c --- /dev/null +++ b/queue-3.14/alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch @@ -0,0 +1,41 @@ +From 1a290581ded60e87276741f8ca97b161d2b226fc Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 11 Nov 2014 15:45:57 +0100 +Subject: ALSA: usb-audio: Fix memory leak in FTU quirk + +From: Takashi Iwai + +commit 1a290581ded60e87276741f8ca97b161d2b226fc upstream. + +M-audio FastTrack Ultra quirk doesn't release the kzalloc'ed memory. +This patch adds the private_free callback to release it properly. + +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer_quirks.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sound/usb/mixer_quirks.c ++++ b/sound/usb/mixer_quirks.c +@@ -885,6 +885,11 @@ static int snd_ftu_eff_switch_put(struct + return changed; + } + ++static void kctl_private_value_free(struct snd_kcontrol *kctl) ++{ ++ kfree((void *)kctl->private_value); ++} ++ + static int snd_ftu_create_effect_switch(struct usb_mixer_interface *mixer, + int validx, int bUnitID) + { +@@ -919,6 +924,7 @@ static int snd_ftu_create_effect_switch( + return -ENOMEM; + } + ++ kctl->private_free = kctl_private_value_free; + err = snd_ctl_add(mixer->chip->card, kctl); + if (err < 0) + return err; diff --git a/queue-3.14/libceph-do-not-crash-on-large-auth-tickets.patch b/queue-3.14/libceph-do-not-crash-on-large-auth-tickets.patch new file mode 100644 index 00000000000..992ae84e0ae --- /dev/null +++ b/queue-3.14/libceph-do-not-crash-on-large-auth-tickets.patch @@ -0,0 +1,381 @@ +From aaef31703a0cf6a733e651885bfb49edc3ac6774 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Thu, 23 Oct 2014 00:25:22 +0400 +Subject: libceph: do not crash on large auth tickets + +From: Ilya Dryomov + +commit aaef31703a0cf6a733e651885bfb49edc3ac6774 upstream. + +Large (greater than 32k, the value of PAGE_ALLOC_COSTLY_ORDER) auth +tickets will have their buffers vmalloc'ed, which leads to the +following crash in crypto: + +[ 28.685082] BUG: unable to handle kernel paging request at ffffeb04000032c0 +[ 28.686032] IP: [] scatterwalk_pagedone+0x22/0x80 +[ 28.686032] PGD 0 +[ 28.688088] Oops: 0000 [#1] PREEMPT SMP +[ 28.688088] Modules linked in: +[ 28.688088] CPU: 0 PID: 878 Comm: kworker/0:2 Not tainted 3.17.0-vm+ #305 +[ 28.688088] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 +[ 28.688088] Workqueue: ceph-msgr con_work +[ 28.688088] task: ffff88011a7f9030 ti: ffff8800d903c000 task.ti: ffff8800d903c000 +[ 28.688088] RIP: 0010:[] [] scatterwalk_pagedone+0x22/0x80 +[ 28.688088] RSP: 0018:ffff8800d903f688 EFLAGS: 00010286 +[ 28.688088] RAX: ffffeb04000032c0 RBX: ffff8800d903f718 RCX: ffffeb04000032c0 +[ 28.688088] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8800d903f750 +[ 28.688088] RBP: ffff8800d903f688 R08: 00000000000007de R09: ffff8800d903f880 +[ 28.688088] R10: 18df467c72d6257b R11: 0000000000000000 R12: 0000000000000010 +[ 28.688088] R13: ffff8800d903f750 R14: ffff8800d903f8a0 R15: 0000000000000000 +[ 28.688088] FS: 00007f50a41c7700(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000 +[ 28.688088] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +[ 28.688088] CR2: ffffeb04000032c0 CR3: 00000000da3f3000 CR4: 00000000000006b0 +[ 28.688088] Stack: +[ 28.688088] ffff8800d903f698 ffffffff81392ca8 ffff8800d903f6e8 ffffffff81395d32 +[ 28.688088] ffff8800dac96000 ffff880000000000 ffff8800d903f980 ffff880119b7e020 +[ 28.688088] ffff880119b7e010 0000000000000000 0000000000000010 0000000000000010 +[ 28.688088] Call Trace: +[ 28.688088] [] scatterwalk_done+0x38/0x40 +[ 28.688088] [] scatterwalk_done+0x38/0x40 +[ 28.688088] [] blkcipher_walk_done+0x182/0x220 +[ 28.688088] [] crypto_cbc_encrypt+0x15f/0x180 +[ 28.688088] [] ? crypto_aes_set_key+0x30/0x30 +[ 28.688088] [] ceph_aes_encrypt2+0x29c/0x2e0 +[ 28.688088] [] ceph_encrypt2+0x93/0xb0 +[ 28.688088] [] ceph_x_encrypt+0x4a/0x60 +[ 28.688088] [] ? ceph_buffer_new+0x5d/0xf0 +[ 28.688088] [] ceph_x_build_authorizer.isra.6+0x297/0x360 +[ 28.688088] [] ? kmem_cache_alloc_trace+0x11b/0x1c0 +[ 28.688088] [] ? ceph_auth_create_authorizer+0x36/0x80 +[ 28.688088] [] ceph_x_create_authorizer+0x63/0xd0 +[ 28.688088] [] ceph_auth_create_authorizer+0x54/0x80 +[ 28.688088] [] get_authorizer+0x80/0xd0 +[ 28.688088] [] prepare_write_connect+0x18b/0x2b0 +[ 28.688088] [] try_read+0x1e59/0x1f10 + +This is because we set up crypto scatterlists as if all buffers were +kmalloc'ed. Fix it. + +Signed-off-by: Ilya Dryomov +Reviewed-by: Sage Weil +Signed-off-by: Greg Kroah-Hartman + +--- + net/ceph/crypto.c | 169 ++++++++++++++++++++++++++++++++++++++++++------------ + 1 file changed, 132 insertions(+), 37 deletions(-) + +--- a/net/ceph/crypto.c ++++ b/net/ceph/crypto.c +@@ -89,11 +89,82 @@ static struct crypto_blkcipher *ceph_cry + + static const u8 *aes_iv = (u8 *)CEPH_AES_IV; + ++/* ++ * Should be used for buffers allocated with ceph_kvmalloc(). ++ * Currently these are encrypt out-buffer (ceph_buffer) and decrypt ++ * in-buffer (msg front). ++ * ++ * Dispose of @sgt with teardown_sgtable(). ++ * ++ * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() ++ * in cases where a single sg is sufficient. No attempt to reduce the ++ * number of sgs by squeezing physically contiguous pages together is ++ * made though, for simplicity. ++ */ ++static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, ++ const void *buf, unsigned int buf_len) ++{ ++ struct scatterlist *sg; ++ const bool is_vmalloc = is_vmalloc_addr(buf); ++ unsigned int off = offset_in_page(buf); ++ unsigned int chunk_cnt = 1; ++ unsigned int chunk_len = PAGE_ALIGN(off + buf_len); ++ int i; ++ int ret; ++ ++ if (buf_len == 0) { ++ memset(sgt, 0, sizeof(*sgt)); ++ return -EINVAL; ++ } ++ ++ if (is_vmalloc) { ++ chunk_cnt = chunk_len >> PAGE_SHIFT; ++ chunk_len = PAGE_SIZE; ++ } ++ ++ if (chunk_cnt > 1) { ++ ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); ++ if (ret) ++ return ret; ++ } else { ++ WARN_ON(chunk_cnt != 1); ++ sg_init_table(prealloc_sg, 1); ++ sgt->sgl = prealloc_sg; ++ sgt->nents = sgt->orig_nents = 1; ++ } ++ ++ for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { ++ struct page *page; ++ unsigned int len = min(chunk_len - off, buf_len); ++ ++ if (is_vmalloc) ++ page = vmalloc_to_page(buf); ++ else ++ page = virt_to_page(buf); ++ ++ sg_set_page(sg, page, len, off); ++ ++ off = 0; ++ buf += len; ++ buf_len -= len; ++ } ++ WARN_ON(buf_len != 0); ++ ++ return 0; ++} ++ ++static void teardown_sgtable(struct sg_table *sgt) ++{ ++ if (sgt->orig_nents > 1) ++ sg_free_table(sgt); ++} ++ + static int ceph_aes_encrypt(const void *key, int key_len, + void *dst, size_t *dst_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[2], sg_out[1]; ++ struct scatterlist sg_in[2], prealloc_sg; ++ struct sg_table sg_out; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; + int ret; +@@ -109,16 +180,18 @@ static int ceph_aes_encrypt(const void * + + *dst_len = src_len + zero_padding; + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); + sg_init_table(sg_in, 2); + sg_set_buf(&sg_in[0], src, src_len); + sg_set_buf(&sg_in[1], pad, zero_padding); +- sg_init_table(sg_out, 1); +- sg_set_buf(sg_out, dst, *dst_len); ++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); ++ if (ret) ++ goto out_tfm; ++ ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); ++ + /* + print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, + key, key_len, 1); +@@ -127,16 +200,22 @@ static int ceph_aes_encrypt(const void * + print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, + pad, zero_padding, 1); + */ +- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, ++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, + src_len + zero_padding); +- crypto_free_blkcipher(tfm); +- if (ret < 0) ++ if (ret < 0) { + pr_err("ceph_aes_crypt failed %d\n", ret); ++ goto out_sg; ++ } + /* + print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_out); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, +@@ -144,7 +223,8 @@ static int ceph_aes_encrypt2(const void + const void *src1, size_t src1_len, + const void *src2, size_t src2_len) + { +- struct scatterlist sg_in[3], sg_out[1]; ++ struct scatterlist sg_in[3], prealloc_sg; ++ struct sg_table sg_out; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; + int ret; +@@ -160,17 +240,19 @@ static int ceph_aes_encrypt2(const void + + *dst_len = src1_len + src2_len + zero_padding; + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); + sg_init_table(sg_in, 3); + sg_set_buf(&sg_in[0], src1, src1_len); + sg_set_buf(&sg_in[1], src2, src2_len); + sg_set_buf(&sg_in[2], pad, zero_padding); +- sg_init_table(sg_out, 1); +- sg_set_buf(sg_out, dst, *dst_len); ++ ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); ++ if (ret) ++ goto out_tfm; ++ ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); ++ + /* + print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, + key, key_len, 1); +@@ -181,23 +263,30 @@ static int ceph_aes_encrypt2(const void + print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, + pad, zero_padding, 1); + */ +- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, ++ ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, + src1_len + src2_len + zero_padding); +- crypto_free_blkcipher(tfm); +- if (ret < 0) ++ if (ret < 0) { + pr_err("ceph_aes_crypt2 failed %d\n", ret); ++ goto out_sg; ++ } + /* + print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_out); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_decrypt(const void *key, int key_len, + void *dst, size_t *dst_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[1], sg_out[2]; ++ struct sg_table sg_in; ++ struct scatterlist sg_out[2], prealloc_sg; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm }; + char pad[16]; +@@ -209,16 +298,16 @@ static int ceph_aes_decrypt(const void * + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + +- crypto_blkcipher_setkey((void *)tfm, key, key_len); +- sg_init_table(sg_in, 1); + sg_init_table(sg_out, 2); +- sg_set_buf(sg_in, src, src_len); + sg_set_buf(&sg_out[0], dst, *dst_len); + sg_set_buf(&sg_out[1], pad, sizeof(pad)); ++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); ++ if (ret) ++ goto out_tfm; + ++ crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); + + /* +@@ -227,12 +316,10 @@ static int ceph_aes_decrypt(const void * + print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, + src, src_len, 1); + */ +- +- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); +- crypto_free_blkcipher(tfm); ++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); + if (ret < 0) { + pr_err("ceph_aes_decrypt failed %d\n", ret); +- return ret; ++ goto out_sg; + } + + if (src_len <= *dst_len) +@@ -250,7 +337,12 @@ static int ceph_aes_decrypt(const void * + print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, + dst, *dst_len, 1); + */ +- return 0; ++ ++out_sg: ++ teardown_sgtable(&sg_in); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + static int ceph_aes_decrypt2(const void *key, int key_len, +@@ -258,7 +350,8 @@ static int ceph_aes_decrypt2(const void + void *dst2, size_t *dst2_len, + const void *src, size_t src_len) + { +- struct scatterlist sg_in[1], sg_out[3]; ++ struct sg_table sg_in; ++ struct scatterlist sg_out[3], prealloc_sg; + struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); + struct blkcipher_desc desc = { .tfm = tfm }; + char pad[16]; +@@ -270,17 +363,17 @@ static int ceph_aes_decrypt2(const void + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + +- sg_init_table(sg_in, 1); +- sg_set_buf(sg_in, src, src_len); + sg_init_table(sg_out, 3); + sg_set_buf(&sg_out[0], dst1, *dst1_len); + sg_set_buf(&sg_out[1], dst2, *dst2_len); + sg_set_buf(&sg_out[2], pad, sizeof(pad)); ++ ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); ++ if (ret) ++ goto out_tfm; + + crypto_blkcipher_setkey((void *)tfm, key, key_len); + iv = crypto_blkcipher_crt(tfm)->iv; + ivsize = crypto_blkcipher_ivsize(tfm); +- + memcpy(iv, aes_iv, ivsize); + + /* +@@ -289,12 +382,10 @@ static int ceph_aes_decrypt2(const void + print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, + src, src_len, 1); + */ +- +- ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); +- crypto_free_blkcipher(tfm); ++ ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); + if (ret < 0) { + pr_err("ceph_aes_decrypt failed %d\n", ret); +- return ret; ++ goto out_sg; + } + + if (src_len <= *dst1_len) +@@ -324,7 +415,11 @@ static int ceph_aes_decrypt2(const void + dst2, *dst2_len, 1); + */ + +- return 0; ++out_sg: ++ teardown_sgtable(&sg_in); ++out_tfm: ++ crypto_free_blkcipher(tfm); ++ return ret; + } + + diff --git a/queue-3.14/macvtap-fix-csum_start-when-vlan-tags-are-present.patch b/queue-3.14/macvtap-fix-csum_start-when-vlan-tags-are-present.patch new file mode 100644 index 00000000000..e6f0fd355c1 --- /dev/null +++ b/queue-3.14/macvtap-fix-csum_start-when-vlan-tags-are-present.patch @@ -0,0 +1,38 @@ +From 3ce9b20f1971690b8b3b620e735ec99431573b39 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Mon, 3 Nov 2014 14:01:25 +0800 +Subject: macvtap: Fix csum_start when VLAN tags are present + +From: Herbert Xu + +commit 3ce9b20f1971690b8b3b620e735ec99431573b39 upstream. + +When VLAN is in use in macvtap_put_user, we end up setting +csum_start to the wrong place. The result is that the whoever +ends up doing the checksum setting will corrupt the packet instead +of writing the checksum to the expected location, usually this +means writing the checksum with an offset of -4. + +This patch fixes this by adjusting csum_start when VLAN tags are +detected. + +Fixes: f09e2249c4f5 ("macvtap: restore vlan header on user read") +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: David S. Miller + +--- + drivers/net/macvtap.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -629,6 +629,8 @@ static void macvtap_skb_to_vnet_hdr(cons + if (skb->ip_summed == CHECKSUM_PARTIAL) { + vnet_hdr->flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; + vnet_hdr->csum_start = skb_checksum_start_offset(skb); ++ if (vlan_tx_tag_present(skb)) ++ vnet_hdr->csum_start += VLAN_HLEN; + vnet_hdr->csum_offset = skb->csum_offset; + } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { + vnet_hdr->flags = VIRTIO_NET_HDR_F_DATA_VALID; diff --git a/queue-3.14/series b/queue-3.14/series index e17059e8d10..59b35c31922 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -24,3 +24,9 @@ x86-x32-audit-fix-x32-s-audit_arch-wrt-audit.patch audit-correct-audit_get_feature-return-message-type.patch audit-audit_feature_change-message-format-missing-delimiting-space.patch audit-keep-inode-pinned.patch +ahci-add-device-ids-for-intel-sunrise-point-pch.patch +ahci-disable-msi-instead-of-ncq-on-samsung-pci-e-ssds-on-macbooks.patch +alsa-usb-audio-fix-memory-leak-in-ftu-quirk.patch +xtensa-re-wire-umount-syscall-to-sys_oldumount.patch +libceph-do-not-crash-on-large-auth-tickets.patch +macvtap-fix-csum_start-when-vlan-tags-are-present.patch diff --git a/queue-3.14/xtensa-re-wire-umount-syscall-to-sys_oldumount.patch b/queue-3.14/xtensa-re-wire-umount-syscall-to-sys_oldumount.patch new file mode 100644 index 00000000000..48e7523b6f8 --- /dev/null +++ b/queue-3.14/xtensa-re-wire-umount-syscall-to-sys_oldumount.patch @@ -0,0 +1,32 @@ +From 2651cc6974d47fc43bef1cd8cd26966e4f5ba306 Mon Sep 17 00:00:00 2001 +From: Max Filippov +Date: Mon, 6 Oct 2014 21:01:17 +0400 +Subject: xtensa: re-wire umount syscall to sys_oldumount + +From: Max Filippov + +commit 2651cc6974d47fc43bef1cd8cd26966e4f5ba306 upstream. + +Userspace actually passes single parameter (path name) to the umount +syscall, so new umount just fails. Fix it by requesting old umount +syscall implementation and re-wiring umount to it. + +Signed-off-by: Max Filippov +Signed-off-by: Greg Kroah-Hartman + +--- + arch/xtensa/include/uapi/asm/unistd.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/xtensa/include/uapi/asm/unistd.h ++++ b/arch/xtensa/include/uapi/asm/unistd.h +@@ -384,7 +384,8 @@ __SYSCALL(174, sys_chroot, 1) + #define __NR_pivot_root 175 + __SYSCALL(175, sys_pivot_root, 2) + #define __NR_umount 176 +-__SYSCALL(176, sys_umount, 2) ++__SYSCALL(176, sys_oldumount, 1) ++#define __ARCH_WANT_SYS_OLDUMOUNT + #define __NR_swapoff 177 + __SYSCALL(177, sys_swapoff, 1) + #define __NR_sync 178 -- 2.47.3