From be3a75e0ffdea4e031df519504df993cd4ef7bbd Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 18 Nov 2014 17:49:06 -0800 Subject: [PATCH] 3.14-stable patches added patches: arm-probes-fix-instruction-fetch-order-with-asm-opcodes.h.patch clocksource-remove-weak-from-clocksource_default_clock-declaration.patch dell-wmi-fix-access-out-of-memory.patch gfs2-fix-address-space-from-page-function.patch ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch ipc-always-handle-a-new-value-of-auto_msgmni.patch kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch perf-handle-compat-ioctl.patch perf-x86-intel-use-proper-dtlb-load-misses-event-on-ivybridge.patch rcu-make-callers-awaken-grace-period-kthread.patch rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch vmcore-remove-weak-from-function-declarations.patch --- ...ction-fetch-order-with-asm-opcodes.h.patch | 180 ++++++++++++++++++ ...locksource_default_clock-declaration.patch | 43 +++++ .../dell-wmi-fix-access-out-of-memory.patch | 55 ++++++ ...fix-address-space-from-page-function.patch | 68 +++++++ ...ttr-variable-to-prevent-garbage-data.patch | 33 ++++ ...ys-handle-a-new-value-of-auto_msgmni.patch | 63 ++++++ ...e-weak-from-kgdb_arch_pc-declaration.patch | 40 ++++ ...-memory_block_size_bytes-declaration.patch | 44 +++++ ...ff-by-one-in-ip_set_nfnl_get_byindex.patch | 33 ++++ ...unt-for-size-of-nlmsg_done-attribute.patch | 47 +++++ ...-release-skbuff-on-nlmsg-put-failure.patch | 66 +++++++ ...um-packet-length-logged-to-userspace.patch | 55 ++++++ ...rget-lookup-in-nft_target_select_ops.patch | 31 +++ ...g-opaque-struct-sk_filter-definition.patch | 34 ++++ queue-3.14/perf-handle-compat-ioctl.patch | 80 ++++++++ ...-dtlb-load-misses-event-on-ivybridge.patch | 44 +++++ ...-callers-awaken-grace-period-kthread.patch | 99 ++++++++++ ...ake-to-wake-up-grace-period-kthreads.patch | 73 +++++++ queue-3.14/series | 19 ++ ...move-weak-from-function-declarations.patch | 63 ++++++ 20 files changed, 1170 insertions(+) create mode 100644 queue-3.14/arm-probes-fix-instruction-fetch-order-with-asm-opcodes.h.patch create mode 100644 queue-3.14/clocksource-remove-weak-from-clocksource_default_clock-declaration.patch create mode 100644 queue-3.14/dell-wmi-fix-access-out-of-memory.patch create mode 100644 queue-3.14/gfs2-fix-address-space-from-page-function.patch create mode 100644 queue-3.14/ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch create mode 100644 queue-3.14/ipc-always-handle-a-new-value-of-auto_msgmni.patch create mode 100644 queue-3.14/kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch create mode 100644 queue-3.14/memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch create mode 100644 queue-3.14/netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch create mode 100644 queue-3.14/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch create mode 100644 queue-3.14/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch create mode 100644 queue-3.14/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch create mode 100644 queue-3.14/netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch create mode 100644 queue-3.14/netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch create mode 100644 queue-3.14/perf-handle-compat-ioctl.patch create mode 100644 queue-3.14/perf-x86-intel-use-proper-dtlb-load-misses-event-on-ivybridge.patch create mode 100644 queue-3.14/rcu-make-callers-awaken-grace-period-kthread.patch create mode 100644 queue-3.14/rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch create mode 100644 queue-3.14/vmcore-remove-weak-from-function-declarations.patch diff --git a/queue-3.14/arm-probes-fix-instruction-fetch-order-with-asm-opcodes.h.patch b/queue-3.14/arm-probes-fix-instruction-fetch-order-with-asm-opcodes.h.patch new file mode 100644 index 00000000000..73edf5beac3 --- /dev/null +++ b/queue-3.14/arm-probes-fix-instruction-fetch-order-with-asm-opcodes.h.patch @@ -0,0 +1,180 @@ +From 888be25402021a425da3e85e2d5a954d7509286e Mon Sep 17 00:00:00 2001 +From: Ben Dooks +Date: Fri, 8 Nov 2013 18:29:25 +0000 +Subject: ARM: probes: fix instruction fetch order with + +From: Ben Dooks + +commit 888be25402021a425da3e85e2d5a954d7509286e upstream. + +If we are running BE8, the data and instruction endianness do not +match, so use to correctly translate memory accesses +into ARM instructions. + +Acked-by: Jon Medhurst +Signed-off-by: Ben Dooks +[taras.kondratiuk@linaro.org: fixed Thumb instruction fetch order] +Signed-off-by: Taras Kondratiuk +[wangnan: backport to 3.10 and 3.14: + - adjust context + - backport all changes on arch/arm/kernel/probes.c to + arch/arm/kernel/kprobes-common.c since we don't have + commit c18377c303787ded44b7decd7dee694db0f205e9. + - After the above adjustments, becomes same to Taras Kondratiuk's + original patch: + http://lists.linaro.org/pipermail/linaro-kernel/2014-January/010346.html +] +Signed-off-by: Wang Nan +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/kernel/kprobes-common.c | 19 +++++++++++-------- + arch/arm/kernel/kprobes-thumb.c | 21 +++++++++++++-------- + arch/arm/kernel/kprobes.c | 9 +++++---- + 3 files changed, 29 insertions(+), 20 deletions(-) + +--- a/arch/arm/kernel/kprobes-common.c ++++ b/arch/arm/kernel/kprobes-common.c +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + + #include "kprobes.h" + +@@ -305,7 +306,8 @@ kprobe_decode_ldmstm(kprobe_opcode_t ins + + if (handler) { + /* We can emulate the instruction in (possibly) modified form */ +- asi->insn[0] = (insn & 0xfff00000) | (rn << 16) | reglist; ++ asi->insn[0] = __opcode_to_mem_arm((insn & 0xfff00000) | ++ (rn << 16) | reglist); + asi->insn_handler = handler; + return INSN_GOOD; + } +@@ -334,13 +336,14 @@ prepare_emulated_insn(kprobe_opcode_t in + #ifdef CONFIG_THUMB2_KERNEL + if (thumb) { + u16 *thumb_insn = (u16 *)asi->insn; +- thumb_insn[1] = 0x4770; /* Thumb bx lr */ +- thumb_insn[2] = 0x4770; /* Thumb bx lr */ ++ /* Thumb bx lr */ ++ thumb_insn[1] = __opcode_to_mem_thumb16(0x4770); ++ thumb_insn[2] = __opcode_to_mem_thumb16(0x4770); + return insn; + } +- asi->insn[1] = 0xe12fff1e; /* ARM bx lr */ ++ asi->insn[1] = __opcode_to_mem_arm(0xe12fff1e); /* ARM bx lr */ + #else +- asi->insn[1] = 0xe1a0f00e; /* mov pc, lr */ ++ asi->insn[1] = __opcode_to_mem_arm(0xe1a0f00e); /* mov pc, lr */ + #endif + /* Make an ARM instruction unconditional */ + if (insn < 0xe0000000) +@@ -360,12 +363,12 @@ set_emulated_insn(kprobe_opcode_t insn, + if (thumb) { + u16 *ip = (u16 *)asi->insn; + if (is_wide_instruction(insn)) +- *ip++ = insn >> 16; +- *ip++ = insn; ++ *ip++ = __opcode_to_mem_thumb16(insn >> 16); ++ *ip++ = __opcode_to_mem_thumb16(insn); + return; + } + #endif +- asi->insn[0] = insn; ++ asi->insn[0] = __opcode_to_mem_arm(insn); + } + + /* +--- a/arch/arm/kernel/kprobes-thumb.c ++++ b/arch/arm/kernel/kprobes-thumb.c +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + + #include "kprobes.h" + +@@ -163,9 +164,9 @@ t32_decode_ldmstm(kprobe_opcode_t insn, + enum kprobe_insn ret = kprobe_decode_ldmstm(insn, asi); + + /* Fixup modified instruction to have halfwords in correct order...*/ +- insn = asi->insn[0]; +- ((u16 *)asi->insn)[0] = insn >> 16; +- ((u16 *)asi->insn)[1] = insn & 0xffff; ++ insn = __mem_to_opcode_arm(asi->insn[0]); ++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn >> 16); ++ ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0xffff); + + return ret; + } +@@ -1153,7 +1154,7 @@ t16_decode_hiregs(kprobe_opcode_t insn, + { + insn &= ~0x00ff; + insn |= 0x001; /* Set Rdn = R1 and Rm = R0 */ +- ((u16 *)asi->insn)[0] = insn; ++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn); + asi->insn_handler = t16_emulate_hiregs; + return INSN_GOOD; + } +@@ -1182,8 +1183,10 @@ t16_decode_push(kprobe_opcode_t insn, st + * and call it with R9=SP and LR in the register list represented + * by R8. + */ +- ((u16 *)asi->insn)[0] = 0xe929; /* 1st half STMDB R9!,{} */ +- ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */ ++ /* 1st half STMDB R9!,{} */ ++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe929); ++ /* 2nd half (register list) */ ++ ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff); + asi->insn_handler = t16_emulate_push; + return INSN_GOOD; + } +@@ -1232,8 +1235,10 @@ t16_decode_pop(kprobe_opcode_t insn, str + * and call it with R9=SP and PC in the register list represented + * by R8. + */ +- ((u16 *)asi->insn)[0] = 0xe8b9; /* 1st half LDMIA R9!,{} */ +- ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */ ++ /* 1st half LDMIA R9!,{} */ ++ ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe8b9); ++ /* 2nd half (register list) */ ++ ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff); + asi->insn_handler = insn & 0x100 ? t16_emulate_pop_pc + : t16_emulate_pop_nopc; + return INSN_GOOD; +--- a/arch/arm/kernel/kprobes.c ++++ b/arch/arm/kernel/kprobes.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + + #include "kprobes.h" +@@ -62,10 +63,10 @@ int __kprobes arch_prepare_kprobe(struct + #ifdef CONFIG_THUMB2_KERNEL + thumb = true; + addr &= ~1; /* Bit 0 would normally be set to indicate Thumb code */ +- insn = ((u16 *)addr)[0]; ++ insn = __mem_to_opcode_thumb16(((u16 *)addr)[0]); + if (is_wide_instruction(insn)) { +- insn <<= 16; +- insn |= ((u16 *)addr)[1]; ++ u16 inst2 = __mem_to_opcode_thumb16(((u16 *)addr)[1]); ++ insn = __opcode_thumb32_compose(insn, inst2); + decode_insn = thumb32_kprobe_decode_insn; + } else + decode_insn = thumb16_kprobe_decode_insn; +@@ -73,7 +74,7 @@ int __kprobes arch_prepare_kprobe(struct + thumb = false; + if (addr & 0x3) + return -EINVAL; +- insn = *p->addr; ++ insn = __mem_to_opcode_arm(*p->addr); + decode_insn = arm_kprobe_decode_insn; + #endif + diff --git a/queue-3.14/clocksource-remove-weak-from-clocksource_default_clock-declaration.patch b/queue-3.14/clocksource-remove-weak-from-clocksource_default_clock-declaration.patch new file mode 100644 index 00000000000..bd166df865a --- /dev/null +++ b/queue-3.14/clocksource-remove-weak-from-clocksource_default_clock-declaration.patch @@ -0,0 +1,43 @@ +From 96a2adbc6f501996418da9f7afe39bf0e4d006a9 Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 18:59:09 -0600 +Subject: clocksource: Remove "weak" from clocksource_default_clock() declaration + +From: Bjorn Helgaas + +commit 96a2adbc6f501996418da9f7afe39bf0e4d006a9 upstream. + +kernel/time/jiffies.c provides a default clocksource_default_clock() +definition explicitly marked "weak". arch/s390 provides its own definition +intended to override the default, but the "weak" attribute on the +declaration applied to the s390 definition as well, so the linker chose one +based on link order (see 10629d711ed7 ("PCI: Remove __weak annotation from +pcibios_get_phb_of_node decl")). + +Remove the "weak" attribute from the clocksource_default_clock() +declaration so we always prefer a non-weak definition over the weak one, +independent of link order. + +Fixes: f1b82746c1e9 ("clocksource: Cleanup clocksource selection") +Signed-off-by: Bjorn Helgaas +Acked-by: John Stultz +Acked-by: Ingo Molnar +CC: Daniel Lezcano +CC: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/clocksource.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/clocksource.h ++++ b/include/linux/clocksource.h +@@ -289,7 +289,7 @@ extern struct clocksource* clocksource_g + extern void clocksource_change_rating(struct clocksource *cs, int rating); + extern void clocksource_suspend(void); + extern void clocksource_resume(void); +-extern struct clocksource * __init __weak clocksource_default_clock(void); ++extern struct clocksource * __init clocksource_default_clock(void); + extern void clocksource_mark_unstable(struct clocksource *cs); + + extern u64 diff --git a/queue-3.14/dell-wmi-fix-access-out-of-memory.patch b/queue-3.14/dell-wmi-fix-access-out-of-memory.patch new file mode 100644 index 00000000000..1ac2a439ad7 --- /dev/null +++ b/queue-3.14/dell-wmi-fix-access-out-of-memory.patch @@ -0,0 +1,55 @@ +From a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= +Date: Mon, 29 Sep 2014 15:10:51 +0200 +Subject: dell-wmi: Fix access out of memory +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= + +commit a666b6ffbc9b6705a3ced704f52c3fe9ea8bf959 upstream. + +Without this patch, dell-wmi is trying to access elements of dynamically +allocated array without checking the array size. This can lead to memory +corruption or a kernel panic. This patch adds the missing checks for +array size. + +Signed-off-by: Pali Rohár +Signed-off-by: Darren Hart +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/platform/x86/dell-wmi.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/drivers/platform/x86/dell-wmi.c ++++ b/drivers/platform/x86/dell-wmi.c +@@ -163,18 +163,24 @@ static void dell_wmi_notify(u32 value, v + const struct key_entry *key; + int reported_key; + u16 *buffer_entry = (u16 *)obj->buffer.pointer; ++ int buffer_size = obj->buffer.length/2; + +- if (dell_new_hk_type && (buffer_entry[1] != 0x10)) { ++ if (buffer_size >= 2 && dell_new_hk_type && buffer_entry[1] != 0x10) { + pr_info("Received unknown WMI event (0x%x)\n", + buffer_entry[1]); + kfree(obj); + return; + } + +- if (dell_new_hk_type || buffer_entry[1] == 0x0) ++ if (buffer_size >= 3 && (dell_new_hk_type || buffer_entry[1] == 0x0)) + reported_key = (int)buffer_entry[2]; +- else ++ else if (buffer_size >= 2) + reported_key = (int)buffer_entry[1] & 0xffff; ++ else { ++ pr_info("Received unknown WMI event\n"); ++ kfree(obj); ++ return; ++ } + + key = sparse_keymap_entry_from_scancode(dell_wmi_input_dev, + reported_key); diff --git a/queue-3.14/gfs2-fix-address-space-from-page-function.patch b/queue-3.14/gfs2-fix-address-space-from-page-function.patch new file mode 100644 index 00000000000..f33829ba539 --- /dev/null +++ b/queue-3.14/gfs2-fix-address-space-from-page-function.patch @@ -0,0 +1,68 @@ +From 1b2ad41214c9bf6e8befa000f0522629194bf540 Mon Sep 17 00:00:00 2001 +From: Steven Whitehouse +Date: Mon, 31 Mar 2014 17:48:27 +0100 +Subject: GFS2: Fix address space from page function + +From: Steven Whitehouse + +commit 1b2ad41214c9bf6e8befa000f0522629194bf540 upstream. + +Now that rgrps use the address space which is part of the super +block, we need to update gfs2_mapping2sbd() to take account of +that. The only way to do that easily is to use a different set +of address_space_operations for rgrps. + +Reported-by: Abhi Das +Tested-by: Abhi Das +Signed-off-by: Steven Whitehouse +Signed-off-by: Greg Kroah-Hartman + +--- + fs/gfs2/meta_io.c | 5 +++++ + fs/gfs2/meta_io.h | 3 +++ + fs/gfs2/ops_fstype.c | 2 +- + 3 files changed, 9 insertions(+), 1 deletion(-) + +--- a/fs/gfs2/meta_io.c ++++ b/fs/gfs2/meta_io.c +@@ -97,6 +97,11 @@ const struct address_space_operations gf + .releasepage = gfs2_releasepage, + }; + ++const struct address_space_operations gfs2_rgrp_aops = { ++ .writepage = gfs2_aspace_writepage, ++ .releasepage = gfs2_releasepage, ++}; ++ + /** + * gfs2_getbuf - Get a buffer with a given address space + * @gl: the glock +--- a/fs/gfs2/meta_io.h ++++ b/fs/gfs2/meta_io.h +@@ -38,12 +38,15 @@ static inline void gfs2_buffer_copy_tail + } + + extern const struct address_space_operations gfs2_meta_aops; ++extern const struct address_space_operations gfs2_rgrp_aops; + + static inline struct gfs2_sbd *gfs2_mapping2sbd(struct address_space *mapping) + { + struct inode *inode = mapping->host; + if (mapping->a_ops == &gfs2_meta_aops) + return (((struct gfs2_glock *)mapping) - 1)->gl_sbd; ++ else if (mapping->a_ops == &gfs2_rgrp_aops) ++ return container_of(mapping, struct gfs2_sbd, sd_aspace); + else + return inode->i_sb->s_fs_info; + } +--- a/fs/gfs2/ops_fstype.c ++++ b/fs/gfs2/ops_fstype.c +@@ -104,7 +104,7 @@ static struct gfs2_sbd *init_sbd(struct + mapping = &sdp->sd_aspace; + + address_space_init_once(mapping); +- mapping->a_ops = &gfs2_meta_aops; ++ mapping->a_ops = &gfs2_rgrp_aops; + mapping->host = sb->s_bdev->bd_inode; + mapping->flags = 0; + mapping_set_gfp_mask(mapping, GFP_NOFS); diff --git a/queue-3.14/ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch b/queue-3.14/ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch new file mode 100644 index 00000000000..18d1478d0e0 --- /dev/null +++ b/queue-3.14/ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch @@ -0,0 +1,33 @@ +From 8b0f93d9490653a7b9fc91f3570089132faed1c0 Mon Sep 17 00:00:00 2001 +From: Devesh Sharma +Date: Fri, 26 Sep 2014 20:45:32 +0530 +Subject: IB/core: Clear AH attr variable to prevent garbage data + +From: Devesh Sharma + +commit 8b0f93d9490653a7b9fc91f3570089132faed1c0 upstream. + +During create-ah from userspace, uverbs is sending garbage data in +attr.dmac and attr.vlan_id. This patch sets attr.dmac and +attr.vlan_id to zero. + +Fixes: dd5f03beb4f7 ("IB/core: Ethernet L2 attributes in verbs/cm structures") +Signed-off-by: Devesh Sharma +Signed-off-by: Roland Dreier +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/uverbs_cmd.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/infiniband/core/uverbs_cmd.c ++++ b/drivers/infiniband/core/uverbs_cmd.c +@@ -2425,6 +2425,8 @@ ssize_t ib_uverbs_create_ah(struct ib_uv + attr.grh.sgid_index = cmd.attr.grh.sgid_index; + attr.grh.hop_limit = cmd.attr.grh.hop_limit; + attr.grh.traffic_class = cmd.attr.grh.traffic_class; ++ attr.vlan_id = 0; ++ memset(&attr.dmac, 0, sizeof(attr.dmac)); + memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16); + + ah = ib_create_ah(pd, &attr); diff --git a/queue-3.14/ipc-always-handle-a-new-value-of-auto_msgmni.patch b/queue-3.14/ipc-always-handle-a-new-value-of-auto_msgmni.patch new file mode 100644 index 00000000000..cc078c6ab89 --- /dev/null +++ b/queue-3.14/ipc-always-handle-a-new-value-of-auto_msgmni.patch @@ -0,0 +1,63 @@ +From 1195d94e006b23c6292e78857e154872e33b6d7e Mon Sep 17 00:00:00 2001 +From: Andrey Vagin +Date: Mon, 13 Oct 2014 15:54:10 -0700 +Subject: ipc: always handle a new value of auto_msgmni + +From: Andrey Vagin + +commit 1195d94e006b23c6292e78857e154872e33b6d7e upstream. + +proc_dointvec_minmax() returns zero if a new value has been set. So we +don't need to check all charecters have been handled. + +Below you can find two examples. In the new value has not been handled +properly. + +$ strace ./a.out +open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3 +write(3, "0\n\0", 3) = 2 +close(3) = 0 +exit_group(0) +$ cat /sys/kernel/debug/tracing/trace + +$strace ./a.out +open("/proc/sys/kernel/auto_msgmni", O_WRONLY) = 3 +write(3, "0\n", 2) = 2 +close(3) = 0 + +$ cat /sys/kernel/debug/tracing/trace +a.out-697 [000] .... 3280.998235: unregister_ipcns_notifier <-proc_ipcauto_dointvec_minmax + +Fixes: 9eefe520c814 ("ipc: do not use a negative value to re-enable msgmni automatic recomputin") +Signed-off-by: Andrey Vagin +Cc: Mathias Krause +Cc: Manfred Spraul +Cc: Joe Perches +Cc: Davidlohr Bueso +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + ipc/ipc_sysctl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/ipc/ipc_sysctl.c ++++ b/ipc/ipc_sysctl.c +@@ -123,7 +123,6 @@ static int proc_ipcauto_dointvec_minmax( + void __user *buffer, size_t *lenp, loff_t *ppos) + { + struct ctl_table ipc_table; +- size_t lenp_bef = *lenp; + int oldval; + int rc; + +@@ -133,7 +132,7 @@ static int proc_ipcauto_dointvec_minmax( + + rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos); + +- if (write && !rc && lenp_bef == *lenp) { ++ if (write && !rc) { + int newval = *((int *)(ipc_table.data)); + /* + * The file "auto_msgmni" has correctly been set. diff --git a/queue-3.14/kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch b/queue-3.14/kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch new file mode 100644 index 00000000000..c9993efe153 --- /dev/null +++ b/queue-3.14/kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch @@ -0,0 +1,40 @@ +From 107bcc6d566cb40184068d888637f9aefe6252dd Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 19:00:25 -0600 +Subject: kgdb: Remove "weak" from kgdb_arch_pc() declaration + +From: Bjorn Helgaas + +commit 107bcc6d566cb40184068d888637f9aefe6252dd upstream. + +kernel/debug/debug_core.c provides a default kgdb_arch_pc() definition +explicitly marked "weak". Several architectures provide their own +definitions intended to override the default, but the "weak" attribute on +the declaration applied to the arch definitions as well, so the linker +chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak +annotation from pcibios_get_phb_of_node decl")). + +Remove the "weak" attribute from the declaration so we always prefer a +non-weak definition over the weak one, independent of link order. + +Fixes: 688b744d8bc8 ("kgdb: fix signedness mixmatches, add statics, add declaration to header") +Tested-by: Vineet Gupta # for ARC build +Signed-off-by: Bjorn Helgaas +Reviewed-by: Harvey Harrison +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/kgdb.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/kgdb.h ++++ b/include/linux/kgdb.h +@@ -283,7 +283,7 @@ struct kgdb_io { + + extern struct kgdb_arch arch_kgdb_ops; + +-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); ++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs); + + #ifdef CONFIG_SERIAL_KGDB_NMI + extern int kgdb_register_nmi_console(void); diff --git a/queue-3.14/memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch b/queue-3.14/memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch new file mode 100644 index 00000000000..cd85370437f --- /dev/null +++ b/queue-3.14/memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch @@ -0,0 +1,44 @@ +From e0a8400c6923a163265d52798cdd4c33f3f8ab5a Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 19:00:47 -0600 +Subject: memory-hotplug: Remove "weak" from memory_block_size_bytes() declaration + +From: Bjorn Helgaas + +commit e0a8400c6923a163265d52798cdd4c33f3f8ab5a upstream. + +drivers/base/memory.c provides a default memory_block_size_bytes() +definition explicitly marked "weak". Several architectures provide their +own definitions intended to override the default, but the "weak" attribute +on the declaration applied to the arch definitions as well, so the linker +chose one based on link order (see 10629d711ed7 ("PCI: Remove __weak +annotation from pcibios_get_phb_of_node decl")). + +Remove the "weak" attribute from the declaration so we always prefer a +non-weak definition over the weak one, independent of link order. + +Fixes: 41f107266b19 ("drivers: base: Add prototype declaration to the header file") +Signed-off-by: Bjorn Helgaas +Acked-by: Andrew Morton +CC: Rashika Kheria +CC: Nathan Fontenot +CC: Anton Blanchard +CC: Heiko Carstens +CC: Yinghai Lu +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/memory.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/memory.h ++++ b/include/linux/memory.h +@@ -35,7 +35,7 @@ struct memory_block { + }; + + int arch_get_memory_phys_device(unsigned long start_pfn); +-unsigned long __weak memory_block_size_bytes(void); ++unsigned long memory_block_size_bytes(void); + + /* These states are exposed to userspace as text strings in sysfs */ + #define MEM_ONLINE (1<<0) /* exposed to userspace */ diff --git a/queue-3.14/netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch b/queue-3.14/netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch new file mode 100644 index 00000000000..101c174fdfe --- /dev/null +++ b/queue-3.14/netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch @@ -0,0 +1,33 @@ +From 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 21 Oct 2014 11:28:12 +0300 +Subject: netfilter: ipset: off by one in ip_set_nfnl_get_byindex() + +From: Dan Carpenter + +commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 upstream. + +The ->ip_set_list[] array is initialized in ip_set_net_init() and it +has ->ip_set_max elements so this check should be >= instead of > +otherwise we are off by one. + +Signed-off-by: Dan Carpenter +Acked-by: Jozsef Kadlecsik +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/ipset/ip_set_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/ipset/ip_set_core.c ++++ b/net/netfilter/ipset/ip_set_core.c +@@ -636,7 +636,7 @@ ip_set_nfnl_get_byindex(struct net *net, + struct ip_set *set; + struct ip_set_net *inst = ip_set_pernet(net); + +- if (index > inst->ip_set_max) ++ if (index >= inst->ip_set_max) + return IPSET_INVALID_ID; + + nfnl_lock(NFNL_SUBSYS_IPSET); diff --git a/queue-3.14/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch b/queue-3.14/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch new file mode 100644 index 00000000000..66e4c943401 --- /dev/null +++ b/queue-3.14/netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch @@ -0,0 +1,47 @@ +From 9dfa1dfe4d5e5e66a991321ab08afe69759d797a Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Thu, 23 Oct 2014 10:36:06 +0200 +Subject: netfilter: nf_log: account for size of NLMSG_DONE attribute + +From: Florian Westphal + +commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a upstream. + +We currently neither account for the nlattr size, nor do we consider +the size of the trailing NLMSG_DONE when allocating nlmsg skb. + +This can result in nflog to stop working, as __nfulnl_send() re-tries +sending forever if it failed to append NLMSG_DONE (which will never +work if buffer is not large enough). + +Reported-by: Houcheng Lin +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_log.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/net/netfilter/nfnetlink_log.c ++++ b/net/netfilter/nfnetlink_log.c +@@ -652,7 +652,8 @@ nfulnl_log_packet(struct net *net, + + nla_total_size(sizeof(u_int32_t)) /* gid */ + + nla_total_size(plen) /* prefix */ + + nla_total_size(sizeof(struct nfulnl_msg_packet_hw)) +- + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)); ++ + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)) ++ + nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */ + + if (in && skb_mac_header_was_set(skb)) { + size += nla_total_size(skb->dev->hard_header_len) +@@ -695,8 +696,7 @@ nfulnl_log_packet(struct net *net, + goto unlock_and_release; + } + +- if (inst->skb && +- size > skb_tailroom(inst->skb) - sizeof(struct nfgenmsg)) { ++ if (inst->skb && size > skb_tailroom(inst->skb)) { + /* either the queue len is too high or we don't have + * enough room in the skb left. flush to userspace. */ + __nfulnl_flush(inst); diff --git a/queue-3.14/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch b/queue-3.14/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch new file mode 100644 index 00000000000..953d78e3fc2 --- /dev/null +++ b/queue-3.14/netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch @@ -0,0 +1,66 @@ +From b51d3fa364885a2c1e1668f88776c67c95291820 Mon Sep 17 00:00:00 2001 +From: Houcheng Lin +Date: Thu, 23 Oct 2014 10:36:08 +0200 +Subject: netfilter: nf_log: release skbuff on nlmsg put failure + +From: Houcheng Lin + +commit b51d3fa364885a2c1e1668f88776c67c95291820 upstream. + +The kernel should reserve enough room in the skb so that the DONE +message can always be appended. However, in case of e.g. new attribute +erronously not being size-accounted for, __nfulnl_send() will still +try to put next nlmsg into this full skbuf, causing the skb to be stuck +forever and blocking delivery of further messages. + +Fix issue by releasing skb immediately after nlmsg_put error and +WARN() so we can track down the cause of such size mismatch. + +[ fw@strlen.de: add tailroom/len info to WARN ] + +Signed-off-by: Houcheng Lin +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_log.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +--- a/net/netfilter/nfnetlink_log.c ++++ b/net/netfilter/nfnetlink_log.c +@@ -349,26 +349,25 @@ nfulnl_alloc_skb(struct net *net, u32 pe + return skb; + } + +-static int ++static void + __nfulnl_send(struct nfulnl_instance *inst) + { +- int status = -1; +- + if (inst->qlen > 1) { + struct nlmsghdr *nlh = nlmsg_put(inst->skb, 0, 0, + NLMSG_DONE, + sizeof(struct nfgenmsg), + 0); +- if (!nlh) ++ if (WARN_ONCE(!nlh, "bad nlskb size: %u, tailroom %d\n", ++ inst->skb->len, skb_tailroom(inst->skb))) { ++ kfree_skb(inst->skb); + goto out; ++ } + } +- status = nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, +- MSG_DONTWAIT); +- ++ nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, ++ MSG_DONTWAIT); ++out: + inst->qlen = 0; + inst->skb = NULL; +-out: +- return status; + } + + static void diff --git a/queue-3.14/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch b/queue-3.14/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch new file mode 100644 index 00000000000..0b2cd4611ef --- /dev/null +++ b/queue-3.14/netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch @@ -0,0 +1,55 @@ +From c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Thu, 23 Oct 2014 10:36:07 +0200 +Subject: netfilter: nfnetlink_log: fix maximum packet length logged to userspace + +From: Florian Westphal + +commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 upstream. + +don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work. +The nla length includes the size of the nla struct, so anything larger +results in u16 integer overflow. + +This patch is similar to +9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage). + +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_log.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/net/netfilter/nfnetlink_log.c ++++ b/net/netfilter/nfnetlink_log.c +@@ -45,7 +45,8 @@ + #define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE + #define NFULNL_TIMEOUT_DEFAULT 100 /* every second */ + #define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */ +-#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */ ++/* max packet size is limited by 16-bit struct nfattr nfa_len field */ ++#define NFULNL_COPY_RANGE_MAX (0xFFFF - NLA_HDRLEN) + + #define PRINTR(x, args...) do { if (net_ratelimit()) \ + printk(x, ## args); } while (0); +@@ -255,6 +256,8 @@ nfulnl_set_mode(struct nfulnl_instance * + + case NFULNL_COPY_PACKET: + inst->copy_mode = mode; ++ if (range == 0) ++ range = NFULNL_COPY_RANGE_MAX; + inst->copy_range = min_t(unsigned int, + range, NFULNL_COPY_RANGE_MAX); + break; +@@ -682,8 +685,7 @@ nfulnl_log_packet(struct net *net, + break; + + case NFULNL_COPY_PACKET: +- if (inst->copy_range == 0 +- || inst->copy_range > skb->len) ++ if (inst->copy_range > skb->len) + data_len = skb->len; + else + data_len = inst->copy_range; diff --git a/queue-3.14/netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch b/queue-3.14/netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch new file mode 100644 index 00000000000..bf2fa90fc98 --- /dev/null +++ b/queue-3.14/netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch @@ -0,0 +1,31 @@ +From 7965ee93719921ea5978f331da653dfa2d7b99f5 Mon Sep 17 00:00:00 2001 +From: Arturo Borrero +Date: Sun, 26 Oct 2014 12:22:40 +0100 +Subject: netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops() + +From: Arturo Borrero + +commit 7965ee93719921ea5978f331da653dfa2d7b99f5 upstream. + +The code looks for an already loaded target, and the correct list to search +is nft_target_list, not nft_match_list. + +Signed-off-by: Arturo Borrero Gonzalez +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nft_compat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nft_compat.c ++++ b/net/netfilter/nft_compat.c +@@ -678,7 +678,7 @@ nft_target_select_ops(const struct nft_c + family = ctx->afi->family; + + /* Re-use the existing target if it's already loaded. */ +- list_for_each_entry(nft_target, &nft_match_list, head) { ++ list_for_each_entry(nft_target, &nft_target_list, head) { + struct xt_target *target = nft_target->ops.data; + + if (strcmp(target->name, tg_name) == 0 && diff --git a/queue-3.14/netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch b/queue-3.14/netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch new file mode 100644 index 00000000000..5521b94d457 --- /dev/null +++ b/queue-3.14/netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch @@ -0,0 +1,34 @@ +From e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 Mon Sep 17 00:00:00 2001 +From: Pablo Neira +Date: Tue, 29 Jul 2014 18:12:15 +0200 +Subject: netfilter: xt_bpf: add mising opaque struct sk_filter definition + +From: Pablo Neira + +commit e10038a8ec06ac819b7552bb67aaa6d2d6f850c1 upstream. + +This structure is not exposed to userspace, so fix this by defining +struct sk_filter; so we skip the casting in kernelspace. This is safe +since userspace has no way to lurk with that internal pointer. + +Fixes: e6f30c7 ("netfilter: x_tables: add xt_bpf match") +Signed-off-by: Pablo Neira Ayuso +Acked-by: Willem de Bruijn +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + include/uapi/linux/netfilter/xt_bpf.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/include/uapi/linux/netfilter/xt_bpf.h ++++ b/include/uapi/linux/netfilter/xt_bpf.h +@@ -6,6 +6,8 @@ + + #define XT_BPF_MAX_NUM_INSTR 64 + ++struct sk_filter; ++ + struct xt_bpf_info { + __u16 bpf_program_num_elem; + struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; diff --git a/queue-3.14/perf-handle-compat-ioctl.patch b/queue-3.14/perf-handle-compat-ioctl.patch new file mode 100644 index 00000000000..343ccd3c2e5 --- /dev/null +++ b/queue-3.14/perf-handle-compat-ioctl.patch @@ -0,0 +1,80 @@ +From b3f207855f57b9c8f43a547a801340bb5cbc59e5 Mon Sep 17 00:00:00 2001 +From: Pawel Moll +Date: Fri, 13 Jun 2014 16:03:32 +0100 +Subject: perf: Handle compat ioctl + +From: Pawel Moll + +commit b3f207855f57b9c8f43a547a801340bb5cbc59e5 upstream. + +When running a 32-bit userspace on a 64-bit kernel (eg. i386 +application on x86_64 kernel or 32-bit arm userspace on arm64 +kernel) some of the perf ioctls must be treated with special +care, as they have a pointer size encoded in the command. + +For example, PERF_EVENT_IOC_ID in 32-bit world will be encoded +as 0x80042407, but 64-bit kernel will expect 0x80082407. In +result the ioctl will fail returning -ENOTTY. + +This patch solves the problem by adding code fixing up the +size as compat_ioctl file operation. + +Reported-by: Drew Richardson +Signed-off-by: Pawel Moll +Signed-off-by: Peter Zijlstra +Cc: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Link: http://lkml.kernel.org/r/1402671812-9078-1-git-send-email-pawel.moll@arm.com +Signed-off-by: Ingo Molnar +Signed-off-by: David Ahern +Signed-off-by: Greg Kroah-Hartman +--- + kernel/events/core.c | 23 ++++++++++++++++++++++- + 1 file changed, 22 insertions(+), 1 deletion(-) + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -39,6 +39,7 @@ + #include + #include + #include ++#include + + #include "internal.h" + +@@ -3693,6 +3694,26 @@ static long perf_ioctl(struct file *file + return 0; + } + ++#ifdef CONFIG_COMPAT ++static long perf_compat_ioctl(struct file *file, unsigned int cmd, ++ unsigned long arg) ++{ ++ switch (_IOC_NR(cmd)) { ++ case _IOC_NR(PERF_EVENT_IOC_SET_FILTER): ++ case _IOC_NR(PERF_EVENT_IOC_ID): ++ /* Fix up pointer size (usually 4 -> 8 in 32-on-64-bit case */ ++ if (_IOC_SIZE(cmd) == sizeof(compat_uptr_t)) { ++ cmd &= ~IOCSIZE_MASK; ++ cmd |= sizeof(void *) << IOCSIZE_SHIFT; ++ } ++ break; ++ } ++ return perf_ioctl(file, cmd, arg); ++} ++#else ++# define perf_compat_ioctl NULL ++#endif ++ + int perf_event_task_enable(void) + { + struct perf_event *event; +@@ -4185,7 +4206,7 @@ static const struct file_operations perf + .read = perf_read, + .poll = perf_poll, + .unlocked_ioctl = perf_ioctl, +- .compat_ioctl = perf_ioctl, ++ .compat_ioctl = perf_compat_ioctl, + .mmap = perf_mmap, + .fasync = perf_fasync, + }; diff --git a/queue-3.14/perf-x86-intel-use-proper-dtlb-load-misses-event-on-ivybridge.patch b/queue-3.14/perf-x86-intel-use-proper-dtlb-load-misses-event-on-ivybridge.patch new file mode 100644 index 00000000000..bc822666a76 --- /dev/null +++ b/queue-3.14/perf-x86-intel-use-proper-dtlb-load-misses-event-on-ivybridge.patch @@ -0,0 +1,44 @@ +From 1996388e9f4e3444db8273bc08d25164d2967c21 Mon Sep 17 00:00:00 2001 +From: Vince Weaver +Date: Mon, 14 Jul 2014 15:33:25 -0400 +Subject: perf/x86/intel: Use proper dTLB-load-misses event on IvyBridge + +From: Vince Weaver + +commit 1996388e9f4e3444db8273bc08d25164d2967c21 upstream. + +This was discussed back in February: + + https://lkml.org/lkml/2014/2/18/956 + +But I never saw a patch come out of it. + +On IvyBridge we share the SandyBridge cache event tables, but the +dTLB-load-miss event is not compatible. Patch it up after +the fact to the proper DTLB_LOAD_MISSES.DEMAND_LD_MISS_CAUSES_A_WALK + +Signed-off-by: Vince Weaver +Signed-off-by: Peter Zijlstra +Cc: Arnaldo Carvalho de Melo +Cc: Linus Torvalds +Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1407141528200.17214@vincent-weaver-1.umelst.maine.edu +Signed-off-by: Ingo Molnar +Cc: Hou Pengyang +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/perf_event_intel.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/kernel/cpu/perf_event_intel.c ++++ b/arch/x86/kernel/cpu/perf_event_intel.c +@@ -2475,6 +2475,9 @@ __init int intel_pmu_init(void) + case 62: /* IvyBridge EP */ + memcpy(hw_cache_event_ids, snb_hw_cache_event_ids, + sizeof(hw_cache_event_ids)); ++ /* dTLB-load-misses on IVB is different than SNB */ ++ hw_cache_event_ids[C(DTLB)][C(OP_READ)][C(RESULT_MISS)] = 0x8108; /* DTLB_LOAD_MISSES.DEMAND_LD_MISS_CAUSES_A_WALK */ ++ + memcpy(hw_cache_extra_regs, snb_hw_cache_extra_regs, + sizeof(hw_cache_extra_regs)); + diff --git a/queue-3.14/rcu-make-callers-awaken-grace-period-kthread.patch b/queue-3.14/rcu-make-callers-awaken-grace-period-kthread.patch new file mode 100644 index 00000000000..d7bcbd1a5ca --- /dev/null +++ b/queue-3.14/rcu-make-callers-awaken-grace-period-kthread.patch @@ -0,0 +1,99 @@ +From b433a3686a2031d9de32d49249519a851688b54a Mon Sep 17 00:00:00 2001 +From: "Paul E. McKenney" +Date: Tue, 11 Mar 2014 13:02:16 -0700 +Subject: rcu: Make callers awaken grace-period kthread + +From: "Paul E. McKenney" + +commit 48a7639ce80cf279834d0d44865e49ecd714f37d upstream. + +The rcu_start_gp_advanced() function currently uses irq_work_queue() +to defer wakeups of the RCU grace-period kthread. This deferring +is necessary to avoid RCU-scheduler deadlocks involving the rcu_node +structure's lock, meaning that RCU cannot call any of the scheduler's +wake-up functions while holding one of these locks. + +Unfortunately, the second and subsequent calls to irq_work_queue() are +ignored, and the first call will be ignored (aside from queuing the work +item) if the scheduler-clock tick is turned off. This is OK for many +uses, especially those where irq_work_queue() is called from an interrupt +or softirq handler, because in those cases the scheduler-clock-tick state +will be re-evaluated, which will turn the scheduler-clock tick back on. +On the next tick, any deferred work will then be processed. + +However, this strategy does not always work for RCU, which can be invoked +at process level from idle CPUs. In this case, the tick might never +be turned back on, indefinitely defering a grace-period start request. +Note that the RCU CPU stall detector cannot see this condition, because +there is no RCU grace period in progress. Therefore, we can (and do!) +see long tens-of-seconds stalls in grace-period handling. In theory, +we could see a full grace-period hang, but rcutorture testing to date +has seen only the tens-of-seconds stalls. Event tracing demonstrates +that irq_work_queue() is being called repeatedly to no effect during +these stalls: The "newreq" event appears repeatedly from a task that is +not one of the grace-period kthreads. + +In theory, irq_work_queue() might be fixed to avoid this sort of issue, +but RCU's requirements are unusual and it is quite straightforward to pass +wake-up responsibility up through RCU's call chain, so that the wakeup +happens when the offending locks are released. + +This commit therefore makes this change. The rcu_start_gp_advanced(), +rcu_start_future_gp(), rcu_accelerate_cbs(), rcu_advance_cbs(), +__note_gp_changes(), and rcu_start_gp() functions now return a boolean +which indicates when a wake-up is needed. A new rcu_gp_kthread_wake() +does the wakeup when it is necessary and safe to do so: No self-wakes, +no wake-ups if the ->gp_flags field indicates there is no need (as in +someone else did the wake-up before we got around to it), and no wake-ups +before the grace-period kthread has been created. + +Signed-off-by: Paul E. McKenney +Cc: Peter Zijlstra +Cc: Steven Rostedt +Cc: Frederic Weisbecker +Reviewed-by: Josh Triplett +[ Pranith: backport to 3.13-stable: just rcu_gp_kthread_wake(), + prereq for 2aa792e "rcu: Use rcu_gp_kthread_wake() to wake up grace + period kthreads" ] +Signed-off-by: Pranith Kumar +Signed-off-by: Kamal Mostafa +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/rcu/tree.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -1228,6 +1228,22 @@ static int rcu_future_gp_cleanup(struct + } + + /* ++ * Awaken the grace-period kthread for the specified flavor of RCU. ++ * Don't do a self-awaken, and don't bother awakening when there is ++ * nothing for the grace-period kthread to do (as in several CPUs ++ * raced to awaken, and we lost), and finally don't try to awaken ++ * a kthread that has not yet been created. ++ */ ++static void rcu_gp_kthread_wake(struct rcu_state *rsp) ++{ ++ if (current == rsp->gp_kthread || ++ !ACCESS_ONCE(rsp->gp_flags) || ++ !rsp->gp_kthread) ++ return; ++ wake_up(&rsp->gp_wq); ++} ++ ++/* + * If there is room, assign a ->completed number to any callbacks on + * this CPU that have not already been assigned. Also accelerate any + * callbacks that were previously assigned a ->completed number that has +@@ -1670,7 +1686,7 @@ static void rsp_wakeup(struct irq_work * + struct rcu_state *rsp = container_of(work, struct rcu_state, wakeup_work); + + /* Wake up rcu_gp_kthread() to start the grace period. */ +- wake_up(&rsp->gp_wq); ++ rcu_gp_kthread_wake(rsp); + } + + /* diff --git a/queue-3.14/rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch b/queue-3.14/rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch new file mode 100644 index 00000000000..648c21f47d7 --- /dev/null +++ b/queue-3.14/rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch @@ -0,0 +1,73 @@ +From 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd Mon Sep 17 00:00:00 2001 +From: Pranith Kumar +Date: Tue, 12 Aug 2014 13:07:47 -0400 +Subject: rcu: Use rcu_gp_kthread_wake() to wake up grace period kthreads + +From: Pranith Kumar + +commit 2aa792e6faf1a00f5accf1f69e87e11a390ba2cd upstream. + +The rcu_gp_kthread_wake() function checks for three conditions before +waking up grace period kthreads: + +* Is the thread we are trying to wake up the current thread? +* Are the gp_flags zero? (all threads wait on non-zero gp_flags condition) +* Is there no thread created for this flavour, hence nothing to wake up? + +If any one of these condition is true, we do not call wake_up(). +It was found that there are quite a few avoidable wake ups both during +idle time and under stress induced by rcutorture. + +Idle: + +Total:66000, unnecessary:66000, case1:61827, case2:66000, case3:0 +Total:68000, unnecessary:68000, case1:63696, case2:68000, case3:0 + +rcutorture: + +Total:254000, unnecessary:254000, case1:199913, case2:254000, case3:0 +Total:256000, unnecessary:256000, case1:201784, case2:256000, case3:0 + +Here case{1-3} are the cases listed above. We can avoid these wake +ups by using rcu_gp_kthread_wake() to conditionally wake up the grace +period kthreads. + +There is a comment about an implied barrier supplied by the wake_up() +logic. This barrier is necessary for the awakened thread to see the +updated ->gp_flags. This flag is always being updated with the root node +lock held. Also, the awakened thread tries to acquire the root node lock +before reading ->gp_flags because of which there is proper ordering. + +Hence this commit tries to avoid calling wake_up() whenever we can by +using rcu_gp_kthread_wake() function. + +Signed-off-by: Pranith Kumar +CC: Mathieu Desnoyers +Signed-off-by: Paul E. McKenney +Cc: Kamal Mostafa +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/rcu/tree.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -1762,7 +1762,7 @@ static void rcu_report_qs_rsp(struct rcu + { + WARN_ON_ONCE(!rcu_gp_in_progress(rsp)); + raw_spin_unlock_irqrestore(&rcu_get_root(rsp)->lock, flags); +- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */ ++ rcu_gp_kthread_wake(rsp); + } + + /* +@@ -2338,7 +2338,7 @@ static void force_quiescent_state(struct + } + rsp->gp_flags |= RCU_GP_FLAG_FQS; + raw_spin_unlock_irqrestore(&rnp_old->lock, flags); +- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */ ++ rcu_gp_kthread_wake(rsp); + } + + /* diff --git a/queue-3.14/series b/queue-3.14/series index aca6bc6094d..68c6b1c1a7c 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -71,3 +71,22 @@ nfs-fix-use-of-uninitialized-variable-in-nfs_getattr.patch nfsv4-fix-races-between-nfs_remove_bad_delegation-and-delegation-return.patch nfsv4.1-nfs41_clear_delegation_stateid-shouldn-t-trust-nfs_delegated_state.patch media-ttusb-dec-buffer-overflow-in-ioctl.patch +memory-hotplug-remove-weak-from-memory_block_size_bytes-declaration.patch +vmcore-remove-weak-from-function-declarations.patch +kgdb-remove-weak-from-kgdb_arch_pc-declaration.patch +clocksource-remove-weak-from-clocksource_default_clock-declaration.patch +ib-core-clear-ah-attr-variable-to-prevent-garbage-data.patch +ipc-always-handle-a-new-value-of-auto_msgmni.patch +netfilter-ipset-off-by-one-in-ip_set_nfnl_get_byindex.patch +netfilter-nf_log-account-for-size-of-nlmsg_done-attribute.patch +netfilter-nfnetlink_log-fix-maximum-packet-length-logged-to-userspace.patch +netfilter-nf_log-release-skbuff-on-nlmsg-put-failure.patch +netfilter-nft_compat-fix-wrong-target-lookup-in-nft_target_select_ops.patch +netfilter-xt_bpf-add-mising-opaque-struct-sk_filter-definition.patch +arm-probes-fix-instruction-fetch-order-with-asm-opcodes.h.patch +gfs2-fix-address-space-from-page-function.patch +rcu-make-callers-awaken-grace-period-kthread.patch +rcu-use-rcu_gp_kthread_wake-to-wake-up-grace-period-kthreads.patch +dell-wmi-fix-access-out-of-memory.patch +perf-handle-compat-ioctl.patch +perf-x86-intel-use-proper-dtlb-load-misses-event-on-ivybridge.patch diff --git a/queue-3.14/vmcore-remove-weak-from-function-declarations.patch b/queue-3.14/vmcore-remove-weak-from-function-declarations.patch new file mode 100644 index 00000000000..e75952da185 --- /dev/null +++ b/queue-3.14/vmcore-remove-weak-from-function-declarations.patch @@ -0,0 +1,63 @@ +From 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 Mon Sep 17 00:00:00 2001 +From: Bjorn Helgaas +Date: Mon, 13 Oct 2014 18:59:41 -0600 +Subject: vmcore: Remove "weak" from function declarations + +From: Bjorn Helgaas + +commit 5ab03ac5aaa1f032e071f1b3dc433b7839359c03 upstream. + +For the following functions: + + elfcorehdr_alloc() + elfcorehdr_free() + elfcorehdr_read() + elfcorehdr_read_notes() + remap_oldmem_pfn_range() + +fs/proc/vmcore.c provides default definitions explicitly marked "weak". +arch/s390 provides its own definitions intended to override the default +ones, but the "weak" attribute on the declarations applied to the s390 +definitions as well, so the linker chose one based on link order (see +10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node +decl")). + +Remove the "weak" attribute from the declarations so we always prefer a +non-weak definition over the weak one, independent of link order. + +Fixes: be8a8d069e50 ("vmcore: introduce ELF header in new memory feature") +Fixes: 9cb218131de1 ("vmcore: introduce remap_oldmem_pfn_range()") +Signed-off-by: Bjorn Helgaas +Acked-by: Andrew Morton +Acked-by: Vivek Goyal +CC: Michael Holzheu +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/crash_dump.h | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/include/linux/crash_dump.h ++++ b/include/linux/crash_dump.h +@@ -14,14 +14,13 @@ + extern unsigned long long elfcorehdr_addr; + extern unsigned long long elfcorehdr_size; + +-extern int __weak elfcorehdr_alloc(unsigned long long *addr, +- unsigned long long *size); +-extern void __weak elfcorehdr_free(unsigned long long addr); +-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos); +-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); +-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma, +- unsigned long from, unsigned long pfn, +- unsigned long size, pgprot_t prot); ++extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); ++extern void elfcorehdr_free(unsigned long long addr); ++extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos); ++extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); ++extern int remap_oldmem_pfn_range(struct vm_area_struct *vma, ++ unsigned long from, unsigned long pfn, ++ unsigned long size, pgprot_t prot); + + extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, + unsigned long, int); -- 2.47.3