From b8f36f10cc089dd9c634f94e6bb7bec28f8055f6 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 29 Mar 2012 16:53:57 -0700 Subject: [PATCH] 3.0-stable patches added patches: fix-pppol2tp-getsockname.patch net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch net-fix-napi_reuse_skb-skb-reserve.patch remove-printk-from-rds_sendmsg.patch sky2-override-for-pci-legacy-power-management.patch xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch --- queue-3.0/fix-pppol2tp-getsockname.patch | 35 +++++++++++ ..._jit-fix-bpf_s_ldx_b_msh-compilation.patch | 60 +++++++++++++++++++ ...read_lock-imbalance-in-rt6_fill_node.patch | 47 +++++++++++++++ .../net-fix-napi_reuse_skb-skb-reserve.patch | 37 ++++++++++++ .../remove-printk-from-rds_sendmsg.patch | 29 +++++++++ queue-3.0/series | 7 +++ ...ride-for-pci-legacy-power-management.patch | 50 ++++++++++++++++ ...nctions-via-the-registered-callbacks.patch | 51 ++++++++++++++++ 8 files changed, 316 insertions(+) create mode 100644 queue-3.0/fix-pppol2tp-getsockname.patch create mode 100644 queue-3.0/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch create mode 100644 queue-3.0/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch create mode 100644 queue-3.0/net-fix-napi_reuse_skb-skb-reserve.patch create mode 100644 queue-3.0/remove-printk-from-rds_sendmsg.patch create mode 100644 queue-3.0/sky2-override-for-pci-legacy-power-management.patch create mode 100644 queue-3.0/xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch diff --git a/queue-3.0/fix-pppol2tp-getsockname.patch b/queue-3.0/fix-pppol2tp-getsockname.patch new file mode 100644 index 00000000000..058076a50bb --- /dev/null +++ b/queue-3.0/fix-pppol2tp-getsockname.patch @@ -0,0 +1,35 @@ +From 614a1a267155150b202ba82f459555f2dfd56e0c Mon Sep 17 00:00:00 2001 +From: Benjamin LaHaise +Date: Tue, 20 Mar 2012 03:57:54 +0000 +Subject: Fix pppol2tp getsockname() + + +From: Benjamin LaHaise + +[ Upstream commit bbdb32cb5b73597386913d052165423b9d736145 ] + +While testing L2TP functionality, I came across a bug in getsockname(). The +IP address returned within the pppol2tp_addr's addr memember was not being +set to the IP address in use. This bug is caused by using inet_sk() on the +wrong socket (the L2TP socket rather than the underlying UDP socket), and was +likely introduced during the addition of L2TPv3 support. + +Signed-off-by: Benjamin LaHaise +Signed-off-by: James Chapman +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/l2tp/l2tp_ppp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -908,7 +908,7 @@ static int pppol2tp_getname(struct socke + goto end_put_sess; + } + +- inet = inet_sk(sk); ++ inet = inet_sk(tunnel->sock); + if (tunnel->version == 2) { + struct sockaddr_pppol2tp sp; + len = sizeof(sp); diff --git a/queue-3.0/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch b/queue-3.0/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch new file mode 100644 index 00000000000..2fa3eb83216 --- /dev/null +++ b/queue-3.0/net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch @@ -0,0 +1,60 @@ +From 8d30d6420b637b29fc84471bb4c6a857e472fa2e Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Sun, 18 Mar 2012 02:40:48 +0000 +Subject: net: bpf_jit: fix BPF_S_LDX_B_MSH compilation + + +From: Eric Dumazet + +[ Upstream commit dc72d99dabb870ca5bd6d9fff674be853bb4a88d ] + +Matt Evans spotted that x86 bpf_jit was incorrectly handling negative +constant offsets in BPF_S_LDX_B_MSH instruction. + +We need to abort JIT compilation like we do in common_load so that +filter uses the interpreter code and can call __load_pointer() + +Reference: http://lists.openwall.net/netdev/2011/07/19/11 + +Thanks to Indan Zupancic to bring back this issue. + +Reported-by: Matt Evans +Reported-by: Indan Zupancic +Signed-off-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/net/bpf_jit_comp.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +--- a/arch/x86/net/bpf_jit_comp.c ++++ b/arch/x86/net/bpf_jit_comp.c +@@ -475,8 +475,10 @@ void bpf_jit_compile(struct sk_filter *f + case BPF_S_LD_W_ABS: + func = sk_load_word; + common_load: seen |= SEEN_DATAREF; +- if ((int)K < 0) ++ if ((int)K < 0) { ++ /* Abort the JIT because __load_pointer() is needed. */ + goto out; ++ } + t_offset = func - (image + addrs[i]); + EMIT1_off32(0xbe, K); /* mov imm32,%esi */ + EMIT1_off32(0xe8, t_offset); /* call */ +@@ -489,14 +491,8 @@ common_load: seen |= SEEN_DATAREF; + goto common_load; + case BPF_S_LDX_B_MSH: + if ((int)K < 0) { +- if (pc_ret0 > 0) { +- /* addrs[pc_ret0 - 1] is the start address */ +- EMIT_JMP(addrs[pc_ret0 - 1] - addrs[i]); +- break; +- } +- CLEAR_A(); +- EMIT_JMP(cleanup_addr - addrs[i]); +- break; ++ /* Abort the JIT because __load_pointer() is needed. */ ++ goto out; + } + seen |= SEEN_DATAREF | SEEN_XREG; + t_offset = sk_load_byte_msh - (image + addrs[i]); diff --git a/queue-3.0/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch b/queue-3.0/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch new file mode 100644 index 00000000000..27f25cc8457 --- /dev/null +++ b/queue-3.0/net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch @@ -0,0 +1,47 @@ +From 6c81e086f3da5ab72801dda2d7d8fc756219e7b9 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Tue, 27 Mar 2012 09:53:52 +0000 +Subject: net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() + + +From: Eric Dumazet + +[ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ] + +Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() ) +added a regression in rt6_fill_node(), leading to rcu_read_lock() +imbalance. + +Thats because NLA_PUT() can make a jump to nla_put_failure label. + +Fix this by using nla_put() + +Many thanks to Ben Greear for his help + +Reported-by: Ben Greear +Reported-by: Dave Jones +Signed-off-by: Eric Dumazet +Tested-by: Ben Greear +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/route.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -2411,8 +2411,12 @@ static int rt6_fill_node(struct net *net + + rcu_read_lock(); + n = dst_get_neighbour(&rt->dst); +- if (n) +- NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key); ++ if (n) { ++ if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) { ++ rcu_read_unlock(); ++ goto nla_put_failure; ++ } ++ } + rcu_read_unlock(); + + if (rt->dst.dev) diff --git a/queue-3.0/net-fix-napi_reuse_skb-skb-reserve.patch b/queue-3.0/net-fix-napi_reuse_skb-skb-reserve.patch new file mode 100644 index 00000000000..309e8cd152e --- /dev/null +++ b/queue-3.0/net-fix-napi_reuse_skb-skb-reserve.patch @@ -0,0 +1,37 @@ +From 0fc09f4e0703bfb90c461a23120d5ab7bf019118 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Wed, 21 Mar 2012 06:58:03 +0000 +Subject: net: fix napi_reuse_skb() skb reserve + + +From: Eric Dumazet + +[ Upstream commit 2a2a459eeeff48640dc557548ce576d666ab06ed ] + +napi->skb is allocated in napi_get_frags() using +netdev_alloc_skb_ip_align(), with a reserve of NET_SKB_PAD + +NET_IP_ALIGN bytes. + +However, when such skb is recycled in napi_reuse_skb(), it ends with a +reserve of NET_IP_ALIGN which is suboptimal. + +Signed-off-by: Eric Dumazet +Cc: Herbert Xu +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/core/dev.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -3504,7 +3504,8 @@ EXPORT_SYMBOL(napi_gro_receive); + static void napi_reuse_skb(struct napi_struct *napi, struct sk_buff *skb) + { + __skb_pull(skb, skb_headlen(skb)); +- skb_reserve(skb, NET_IP_ALIGN - skb_headroom(skb)); ++ /* restore the reserve we had after netdev_alloc_skb_ip_align() */ ++ skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN - skb_headroom(skb)); + skb->vlan_tci = 0; + skb->dev = napi->dev; + skb->skb_iif = 0; diff --git a/queue-3.0/remove-printk-from-rds_sendmsg.patch b/queue-3.0/remove-printk-from-rds_sendmsg.patch new file mode 100644 index 00000000000..e9e1e62cf8f --- /dev/null +++ b/queue-3.0/remove-printk-from-rds_sendmsg.patch @@ -0,0 +1,29 @@ +From ea2a58435da894993683e3ad6e350fef1685403f Mon Sep 17 00:00:00 2001 +From: Dave Jones +Date: Mon, 19 Mar 2012 13:01:07 +0000 +Subject: Remove printk from rds_sendmsg + + +From: Dave Jones + +[ Upstream commit a6506e1486181975d318344143aca722b2b91621 ] + +no socket layer outputs a message for this error and neither should rds. + +Signed-off-by: Dave Jones +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/rds/send.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/net/rds/send.c ++++ b/net/rds/send.c +@@ -932,7 +932,6 @@ int rds_sendmsg(struct kiocb *iocb, stru + /* Mirror Linux UDP mirror of BSD error message compatibility */ + /* XXX: Perhaps MSG_MORE someday */ + if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_CMSG_COMPAT)) { +- printk(KERN_INFO "msg_flags 0x%08X\n", msg->msg_flags); + ret = -EOPNOTSUPP; + goto out; + } diff --git a/queue-3.0/series b/queue-3.0/series index 8a53a70b69d..42441e1ea5f 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -93,3 +93,10 @@ slub-do-not-hold-slub_lock-when-calling-sysfs_slab_add.patch module-remove-module-size-limit.patch bluetooth-btusb-fix-binterval-for-high-super-speed-isochronous-endpoints.patch drm-i915-suspend-fbdev-device-around-suspend-hibernate.patch +fix-pppol2tp-getsockname.patch +net-bpf_jit-fix-bpf_s_ldx_b_msh-compilation.patch +net-fix-a-potential-rcu_read_lock-imbalance-in-rt6_fill_node.patch +net-fix-napi_reuse_skb-skb-reserve.patch +remove-printk-from-rds_sendmsg.patch +sky2-override-for-pci-legacy-power-management.patch +xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch diff --git a/queue-3.0/sky2-override-for-pci-legacy-power-management.patch b/queue-3.0/sky2-override-for-pci-legacy-power-management.patch new file mode 100644 index 00000000000..5752d62cfd6 --- /dev/null +++ b/queue-3.0/sky2-override-for-pci-legacy-power-management.patch @@ -0,0 +1,50 @@ +From 2fcda11818b28ee2846c95855046686cdc0af4e7 Mon Sep 17 00:00:00 2001 +From: stephen hemminger +Date: Wed, 21 Mar 2012 05:32:05 +0000 +Subject: sky2: override for PCI legacy power management + + +From: stephen hemminger + +[ Upstream commit 5676cc7bfe1e388e87843f71daa229610385b41e ] + +Some BIOS's don't setup power management correctly (what else is +new) and don't allow use of PCI Express power control. Add a special +exception module parameter to allow working around this issue. +Based on slightly different patch by Knut Petersen. + +Reported-by: Arkadiusz Miskiewicz +Signed-off-by: Stephen Hemminger +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/sky2.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/net/sky2.c ++++ b/drivers/net/sky2.c +@@ -94,6 +94,10 @@ static int disable_msi = 0; + module_param(disable_msi, int, 0); + MODULE_PARM_DESC(disable_msi, "Disable Message Signaled Interrupt (MSI)"); + ++static int legacy_pme = 0; ++module_param(legacy_pme, int, 0); ++MODULE_PARM_DESC(legacy_pme, "Legacy power management"); ++ + static DEFINE_PCI_DEVICE_TABLE(sky2_id_table) = { + { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9000) }, /* SK-9Sxx */ + { PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, 0x9E00) }, /* SK-9Exx */ +@@ -794,6 +798,13 @@ static void sky2_wol_init(struct sky2_po + /* Disable PiG firmware */ + sky2_write16(hw, B0_CTST, Y2_HW_WOL_OFF); + ++ /* Needed by some broken BIOSes, use PCI rather than PCI-e for WOL */ ++ if (legacy_pme) { ++ u32 reg1 = sky2_pci_read32(hw, PCI_DEV_REG1); ++ reg1 |= PCI_Y2_PME_LEGACY; ++ sky2_pci_write32(hw, PCI_DEV_REG1, reg1); ++ } ++ + /* block receiver */ + sky2_write8(hw, SK_REG(port, RX_GMF_CTRL_T), GMF_RST_SET); + } diff --git a/queue-3.0/xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch b/queue-3.0/xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch new file mode 100644 index 00000000000..f66987c469b --- /dev/null +++ b/queue-3.0/xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch @@ -0,0 +1,51 @@ +From 5e80741a11459f91553c8ff1bd12eec21c1cc572 Mon Sep 17 00:00:00 2001 +From: Steffen Klassert +Date: Wed, 21 Mar 2012 23:36:13 +0000 +Subject: xfrm: Access the replay notify functions via the registered callbacks + + +From: Steffen Klassert + +[ Upstream commit 1265fd616782ef03b98fd19f65c2b47fcd4ea11f ] + +We call the wrong replay notify function when we use ESN replay +handling. This leads to the fact that we don't send notifications +if we use ESN. Fix this by calling the registered callbacks instead +of xfrm_replay_notify(). + +Signed-off-by: Steffen Klassert +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_replay.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/net/xfrm/xfrm_replay.c ++++ b/net/xfrm/xfrm_replay.c +@@ -166,7 +166,7 @@ static void xfrm_replay_advance(struct x + } + + if (xfrm_aevent_is_on(xs_net(x))) +- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); ++ x->repl->notify(x, XFRM_REPLAY_UPDATE); + } + + static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb) +@@ -293,7 +293,7 @@ static void xfrm_replay_advance_bmp(stru + } + + if (xfrm_aevent_is_on(xs_net(x))) +- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); ++ x->repl->notify(x, XFRM_REPLAY_UPDATE); + } + + static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event) +@@ -502,7 +502,7 @@ static void xfrm_replay_advance_esn(stru + } + + if (xfrm_aevent_is_on(xs_net(x))) +- xfrm_replay_notify(x, XFRM_REPLAY_UPDATE); ++ x->repl->notify(x, XFRM_REPLAY_UPDATE); + } + + static struct xfrm_replay xfrm_replay_legacy = { -- 2.47.3