rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Linux v3.14-7247-gcd6362befe4c

This commit is contained in:
Josh Boyer 2014-04-03 09:00:10 -04:00
parent 5ff84c8066
commit 5d496319a5
8 changed files with 25 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
Bluetooth-allocate-static-minor-for-vhci.patch
View File

@ -1,77 +0,0 @@
Bugzilla: 1051748
Upstream-status: Queued for 3.15
From ae77280ec0111a8728f52a27e480324935b97ae1 Mon Sep 17 00:00:00 2001
From: Lucas De Marchi <lucas.demarchi@intel.com>
Date: Tue, 18 Feb 2014 05:19:26 +0000
Subject: [PATCH] Bluetooth: allocate static minor for vhci
Commit bfacbb9 (Bluetooth: Use devname:vhci module alias for virtual HCI
driver) added the module alias to hci_vhci module so it's possible to
create the /dev/vhci node. However creating an alias without
specifying the minor doesn't allow us to create the node ahead,
triggerring module auto-load when it's first accessed.
Starting with depmod from kmod 16 we started to warn if there's a
devname alias without specifying the major and minor.
Let's do the same done for uhid, kvm, fuse and others, specifying a
fixed minor. In systems with systemd as the init the following will
happen: on early boot systemd will call "kmod static-nodes" to read
/lib/modules/$(uname -r)/modules.devname and then create the nodes. When
first accessed these "dead" nodes will trigger the module loading.
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
Documentation/devices.txt | 1 +
drivers/bluetooth/hci_vhci.c | 3 ++-
include/linux/miscdevice.h | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/Documentation/devices.txt b/Documentation/devices.txt
index 087d2122b204..d154147d0015 100644
--- a/Documentation/devices.txt
+++ b/Documentation/devices.txt
@@ -353,6 +353,7 @@ Your cooperation is appreciated.
133 = /dev/exttrp External device trap
134 = /dev/apm_bios Advanced Power Management BIOS
135 = /dev/rtc Real Time Clock
+ 137 = /dev/vhci Bluetooth virtual HCI driver
139 = /dev/openprom SPARC OpenBoot PROM
140 = /dev/relay8 Berkshire Products Octal relay card
141 = /dev/relay16 Berkshire Products ISO-16 relay card
diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c
index 1ef6990a5c7e..add1c6a72063 100644
--- a/drivers/bluetooth/hci_vhci.c
+++ b/drivers/bluetooth/hci_vhci.c
@@ -359,7 +359,7 @@ static const struct file_operations vhci_fops = {
static struct miscdevice vhci_miscdev= {
.name = "vhci",
.fops = &vhci_fops,
- .minor = MISC_DYNAMIC_MINOR,
+ .minor = VHCI_MINOR,
};
static int __init vhci_init(void)
@@ -385,3 +385,4 @@ MODULE_DESCRIPTION("Bluetooth virtual HCI driver ver " VERSION);
MODULE_VERSION(VERSION);
MODULE_LICENSE("GPL");
MODULE_ALIAS("devname:vhci");
+MODULE_ALIAS_MISCDEV(VHCI_MINOR);
diff --git a/include/linux/miscdevice.h b/include/linux/miscdevice.h
index 2cf1547096d9..51e26f3cd3b3 100644
--- a/include/linux/miscdevice.h
+++ b/include/linux/miscdevice.h
@@ -23,6 +23,7 @@
#define TEMP_MINOR 131 /* Temperature Sensor */
#define RTC_MINOR 135
#define EFI_RTC_MINOR 136 /* EFI Time services */
+#define VHCI_MINOR 137
#define SUN_OPENPROM_MINOR 139
#define DMAPI_MINOR 140 /* unused */
#define NVRAM_MINOR 144
--
1.8.5.3

1
config-armv7-generic
View File

@ -166,6 +166,7 @@ CONFIG_MDIO_SUN4I=m
CONFIG_NET_VENDOR_ALLWINNER=y
CONFIG_SUN4I_EMAC=m
CONFIG_STMMAC_PLATFORM=y
CONFIG_DWMAC_SOCFPGA=y
CONFIG_DWMAC_SUNXI=y
CONFIG_EEPROM_SUNXI_SID=m
CONFIG_RTC_DRV_SUNXI=m

18
config-generic
View File

@ -1066,6 +1066,7 @@ CONFIG_IP_SET_BITMAP_IP=m
CONFIG_IP_SET_BITMAP_IPMAC=m
CONFIG_IP_SET_BITMAP_PORT=m
CONFIG_IP_SET_HASH_IP=m
CONFIG_IP_SET_HASH_IPMARK=m
CONFIG_IP_SET_HASH_IPPORT=m
CONFIG_IP_SET_HASH_IPPORTIP=m
CONFIG_IP_SET_HASH_IPPORTNET=m
@ -1194,6 +1195,7 @@ CONFIG_BATMAN_ADV=m
CONFIG_BATMAN_ADV_BLA=y
CONFIG_BATMAN_ADV_DAT=y
CONFIG_BATMAN_ADV_NC=y
CONFIG_BATMAN_ADV_MCAST=y
# CONFIG_BATMAN_ADV_DEBUG is not set
CONFIG_OPENVSWITCH=m
@ -1302,6 +1304,8 @@ CONFIG_NET_VENDOR_ALTEON=y
CONFIG_ACENIC=m
# CONFIG_ACENIC_OMIT_TIGON_I is not set
CONFIG_ALTERA_TSE=m
CONFIG_NET_VENDOR_AMD=y
CONFIG_PCNET32=m
CONFIG_AMD8111_ETH=m
@ -1361,6 +1365,7 @@ CONFIG_SUNDANCE=m
CONFIG_NET_VENDOR_EMULEX=y
CONFIG_BE2NET=m
CONFIG_BE2NET_VXLAN=y
CONFIG_NET_VENDOR_EXAR=y
CONFIG_S2IO=m
@ -1436,6 +1441,7 @@ CONFIG_QLA3XXX=m
CONFIG_QLCNIC=m
CONFIG_QLCNIC_SRIOV=y
CONFIG_QLCNIC_DCB=y
CONFIG_QLCNIC_VXLAN=y
CONFIG_QLGE=m
CONFIG_NETXEN_NIC=m
@ -1455,6 +1461,7 @@ CONFIG_NET_VENDOR_RDC=y
CONFIG_R6040=m
# CONFIG_NET_VENDOR_SEEQ is not set
# CONFIG_NET_VENDOR_SAMSUNG is not set
CONFIG_NET_VENDOR_SILAN=y
CONFIG_SC92031=m
@ -1514,6 +1521,7 @@ CONFIG_MDIO_BITBANG=m
CONFIG_NATIONAL_PHY=m
CONFIG_ICPLUS_PHY=m
CONFIG_BCM63XX_PHY=m
CONFIG_BCM7XXX_PHY=m
CONFIG_LSI_ET1011C_PHY=m
CONFIG_LXT_PHY=m
CONFIG_MARVELL_PHY=m
@ -1539,6 +1547,7 @@ CONFIG_ES3210=m
CONFIG_NET_PCI=y
CONFIG_B44=m
CONFIG_B44_PCI=y
CONFIG_BCMGENET=m
CONFIG_BNX2=m
CONFIG_BNX2X=m
CONFIG_BNX2X_SRIOV=y
@ -1558,6 +1567,7 @@ CONFIG_JME=m
#
# CONFIG_IP1000 is not set
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_EN_VXLAN is not set
# CONFIG_SFC is not set
# CONFIG_FDDI is not set
@ -1715,6 +1725,7 @@ CONFIG_LIBERTAS_MESH=y
CONFIG_IWLWIFI=m
CONFIG_IWLDVM=m
CONFIG_IWLMVM=m
# CONFIG_IWLWIFI_BCAST_FILTERING is not set
CONFIG_IWLWIFI_DEBUG=y
CONFIG_IWLWIFI_DEBUGFS=y
CONFIG_IWLWIFI_DEVICE_SVTOOL=y
@ -1736,6 +1747,10 @@ CONFIG_P54_PCI=m
CONFIG_MWL8K=m
# CONFIG_PRISM54 is not set
# CONFIG_PCMCIA_WL3501 is not set
CONFIG_RSI_91X=m
CONFIG_RSI_DEBUGFS=y
CONFIG_RSI_SDIO=m
CONFIG_RSI_USB=m
CONFIG_RT2X00=m
CONFIG_RT2X00_LIB_DEBUGFS=y
# CONFIG_RT2X00_DEBUG is not set
@ -1783,6 +1798,7 @@ CONFIG_RTL8192SE=m
CONFIG_RTL8192CU=m
CONFIG_RTL8192DE=m
CONFIG_RTL8723AE=m
CONFIG_RTL8723BE=m
CONFIG_RTL8188EE=m
CONFIG_MWIFIEX=m
@ -1849,6 +1865,7 @@ CONFIG_NFC_PN544_I2C=m
CONFIG_NFC_PN533=m
CONFIG_NFC_MICROREAD=m
CONFIG_NFC_MICROREAD_I2C=m
CONFIG_NFC_TRF7970A=m
#
# IrDA (infrared) support
@ -1892,6 +1909,7 @@ CONFIG_WINBOND_FIR=m
# Bluetooth support
#
CONFIG_BT=m
# CONFIG_BT_6LOWPAN is not set
CONFIG_BT_L2CAP=y
CONFIG_BT_SCO=y
CONFIG_BT_CMTP=m

48
iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch
View File

@ -1,48 +0,0 @@
Bugzilla: 1046495
Upstream-status: Sent for 3.14 http://marc.info/?l=linux-wireless&m=139453882510796&w=2
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
There is a flow in which we send the host command in SYNC
mode, but we don't take priv->mutex.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1046495
Cc: <stable@vger.kernel.org>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
---
drivers/net/wireless/iwlwifi/dvm/main.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/dvm/main.c b/drivers/net/wireless/iwlwifi/dvm/main.c
index ba1b1ea..ea7e70c 100644
--- a/drivers/net/wireless/iwlwifi/dvm/main.c
+++ b/drivers/net/wireless/iwlwifi/dvm/main.c
@@ -252,13 +252,17 @@ static void iwl_bg_bt_runtime_config(struct work_struct *work)
struct iwl_priv *priv =
container_of(work, struct iwl_priv, bt_runtime_config);
+ mutex_lock(&priv->mutex);
if (test_bit(STATUS_EXIT_PENDING, &priv->status))
- return;
+ goto out;
/* dont send host command if rf-kill is on */
if (!iwl_is_ready_rf(priv))
- return;
+ goto out;
+
iwlagn_send_advance_bt_config(priv);
+out:
+ mutex_unlock(&priv->mutex);
}
static void iwl_bg_bt_full_concurrency(struct work_struct *work)
--
1.8.3.2
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

31
kernel.spec
View File

@ -61,7 +61,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 0
# The git snapshot level
%define gitrev 7
%define gitrev 8
# Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0
%endif
@ -433,7 +433,7 @@ BuildRequires: net-tools, hostname, bc
BuildRequires: sparse
%endif
%if %{with_perf}
BuildRequires: elfutils-devel >= 0.158 zlib-devel binutils-devel newt-devel python-devel perl(ExtUtils::Embed) bison flex
BuildRequires: elfutils-devel zlib-devel binutils-devel newt-devel python-devel perl(ExtUtils::Embed) bison flex
BuildRequires: audit-libs-devel
%endif
%if %{with_tools}
@ -633,21 +633,9 @@ Patch22000: weird-root-dentry-name-debug.patch
Patch25047: drm-radeon-Disable-writeback-by-default-on-ppc.patch
#rhbz 1051748
Patch25035: Bluetooth-allocate-static-minor-for-vhci.patch
#Fixes module loading on ppc64le
Patch25036: ppc64le_module_fix.patch
#rhbz 1046495
Patch25044: iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch
#CVE-2014-2580 rhbz 1080084 1080086
Patch25052: net-xen-netback-disable-rogue-vif-in-kthread-context.patch
#CVE-2014-2678 rhbz 1083274 1083280
Patch25054: rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
Patch25055: net-enic-include-irq.h-for-irqreturn_t-definitions.patch
Patch25056: net-bnx2x-include-irq.h-for-irqreturn_t-definitions.patch
Patch25057: net-qlcnic-include-irq.h-for-irq-definitions.patch
@ -1291,21 +1279,9 @@ ApplyPatch ath9k_rx_dma_stop_check.patch
ApplyPatch drm-radeon-Disable-writeback-by-default-on-ppc.patch
#rhbz 1051748
ApplyPatch Bluetooth-allocate-static-minor-for-vhci.patch
# Fixes module loading on ppc64le
ApplyPatch ppc64le_module_fix.patch
#rhbz 1046495
ApplyPatch iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch
#CVE-2014-2580 rhbz 1080084 1080086
ApplyPatch net-xen-netback-disable-rogue-vif-in-kthread-context.patch
#CVE-2014-2678 rhbz 1083274 1083280
ApplyPatch rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
ApplyPatch net-enic-include-irq.h-for-irqreturn_t-definitions.patch
ApplyPatch net-bnx2x-include-irq.h-for-irqreturn_t-definitions.patch
ApplyPatch net-qlcnic-include-irq.h-for-irq-definitions.patch
@ -2090,6 +2066,9 @@ fi
# ||----w |
# || ||
%changelog
* Thu Apr 03 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git8.1
- Linux v3.14-7247-gcd6362befe4c
* Wed Apr 02 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git7.1
- Linux v3.14-5146-g0f1b1e6d73cb

143
net-xen-netback-disable-rogue-vif-in-kthread-context.patch
View File

@ -1,143 +0,0 @@
Bugzilla: 1080086
Upstream-status: sent to netdev list
From patchwork Tue Mar 25 12:20:51 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [net,V2] xen-netback: disable rogue vif in kthread context
From: Wei Liu <wei.liu2@citrix.com>
X-Patchwork-Id: 333459
Message-Id: <1395750051-15932-1-git-send-email-wei.liu2@citrix.com>
To: <netdev@vger.kernel.org>, <xen-devel@lists.xen.org>
Cc: <paul.durrant@citrix.com>, <zoltan.kiss@citrix.com>,
<edwin@etorok.net>, <david.vrabel@citrix.com>,
Wei Liu <wei.liu2@citrix.com>, Ian Campbell <ian.campbell@citrix.com>
Date: Tue, 25 Mar 2014 12:20:51 +0000
When netback discovers frontend is sending malformed packet it will
disables the interface which serves that frontend.
However disabling a network interface involving taking a mutex which
cannot be done in softirq context, so we need to defer this process to
kthread context.
This patch does the following:
1. introduce a flag to indicate the interface is disabled.
2. check that flag in TX path, don't do any work if it's true.
3. check that flag in RX path, turn off that interface if it's true.
The reason to disable it in RX path is because RX uses kthread. After
this change the behavior of netback is still consistent -- it won't do
any TX work for a rogue frontend, and the interface will be eventually
turned off.
Also change a "continue" to "break" after xenvif_fatal_tx_err, as it
doesn't make sense to continue processing packets if frontend is rogue.
This is a fix for XSA-90.
Reported-by: Török Edwin <edwin@etorok.net>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
---
drivers/net/xen-netback/common.h | 5 +++++
drivers/net/xen-netback/interface.c | 15 ++++++++++++++-
drivers/net/xen-netback/netback.c | 15 +++++++++++++--
3 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h
index ae413a2..4bf5b33 100644
--- a/drivers/net/xen-netback/common.h
+++ b/drivers/net/xen-netback/common.h
@@ -113,6 +113,11 @@ struct xenvif {
domid_t domid;
unsigned int handle;
+ /* Is this interface disabled? True when backend discovers
+ * frontend is rogue.
+ */
+ bool disabled;
+
/* Use NAPI for guest TX */
struct napi_struct napi;
/* When feature-split-event-channels = 0, tx_irq = rx_irq. */
diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
index 301cc03..8c921de 100644
--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -61,12 +61,23 @@ static int xenvif_poll(struct napi_struct *napi, int budget)
{
struct xenvif *vif = container_of(napi, struct xenvif, napi);
int work_done;
+ unsigned long flags;
+
+ /* This vif is rogue, we pretend we've there is nothing to do
+ * for this vif to deschedule it from NAPI. But this interface
+ * will be turned off in thread context later.
+ */
+ if (unlikely(vif->disabled)) {
+ local_irq_save(flags);
+ __napi_complete(napi);
+ local_irq_restore(flags);
+ return 0;
+ }
work_done = xenvif_tx_action(vif, budget);
if (work_done < budget) {
int more_to_do = 0;
- unsigned long flags;
/* It is necessary to disable IRQ before calling
* RING_HAS_UNCONSUMED_REQUESTS. Otherwise we might
@@ -321,6 +332,8 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid,
vif->ip_csum = 1;
vif->dev = dev;
+ vif->disabled = false;
+
vif->credit_bytes = vif->remaining_credit = ~0UL;
vif->credit_usec = 0UL;
init_timer(&vif->credit_timeout);
diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
index 438d0c0..17633dd 100644
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c
@@ -655,7 +655,8 @@ static void xenvif_tx_err(struct xenvif *vif,
static void xenvif_fatal_tx_err(struct xenvif *vif)
{
netdev_err(vif->dev, "fatal error; disabling device\n");
- xenvif_carrier_off(vif);
+ vif->disabled = true;
+ xenvif_kick_thread(vif);
}
static int xenvif_count_requests(struct xenvif *vif,
@@ -1126,7 +1127,7 @@ static unsigned xenvif_tx_build_gops(struct xenvif *vif, int budget)
vif->tx.sring->req_prod, vif->tx.req_cons,
XEN_NETIF_TX_RING_SIZE);
xenvif_fatal_tx_err(vif);
- continue;
+ break;
}
work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&vif->tx);
@@ -1549,6 +1550,16 @@ int xenvif_kthread(void *data)
wait_event_interruptible(vif->wq,
rx_work_todo(vif) ||
kthread_should_stop());
+
+ /* This frontend is found to be rogue, disable it in
+ * kthread context. Currently this is only set when
+ * netback finds out frontend sends malformed packet,
+ * but we cannot disable the interface in softirq
+ * context so we defer it here.
+ */
+ if (unlikely(vif->disabled && netif_carrier_ok(vif->dev)))
+ xenvif_carrier_off(vif);
+
if (kthread_should_stop())
break;

31
rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
View File

@ -1,31 +0,0 @@
Bugzilla: 1083280
Upstream-status: Queued for 3.15
From bf39b4247b8799935ea91d90db250ab608a58e50 Mon Sep 17 00:00:00 2001
From: Sasha Levin <sasha.levin@oracle.com>
Date: Sat, 29 Mar 2014 20:39:35 -0400
Subject: rds: prevent dereference of a NULL device in rds_iw_laddr_check
Binding might result in a NULL device which is later dereferenced
without checking.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/rds/iw.c b/net/rds/iw.c
index 7826d46..5899356 100644
--- a/net/rds/iw.c
+++ b/net/rds/iw.c
@@ -239,7 +239,8 @@ static int rds_iw_laddr_check(__be32 addr)
ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin);
/* due to this, we will claim to support IB devices unless we
check node_type. */
- if (ret || cm_id->device->node_type != RDMA_NODE_RNIC)
+ if (ret || !cm_id->device ||
+ cm_id->device->node_type != RDMA_NODE_RNIC)
ret = -EADDRNOTAVAIL;
rdsdebug("addr %pI4 ret %d node type %d\n",
--
cgit v0.10.1

2
sources
View File

@ -1,3 +1,3 @@
b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
d36baf2d62de5aa61f10a976d00d2d2a perf-man-3.14.tar.gz
322ca8dfc78f3b86243062f875c34bee patch-3.14-git7.xz
4f6a8f55799e38e21c34c3b4b67a51f8 patch-3.14-git8.xz