From 58f19b149ab835e5b65be0849c6883c6c843b126 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 31 Mar 2014 08:32:46 -0400 Subject: [PATCH] Linux v3.14 - Disable debugging options. --- .gitignore | 1 + config-generic | 8 +- config-nodebug | 112 ++++++------ config-x86-generic | 2 +- ...gs-in-skb_zerocopy-and-handle-errors.patch | 163 ------------------ ...2-Don-t-report-the-cypress-PS-2-trac.patch | 50 ------ kernel.spec | 38 +--- ...al-length-when-packets-are-too-short.patch | 80 --------- ...idate-vhost_get_vq_desc-return-value.patch | 55 ------ sources | 6 +- 10 files changed, 73 insertions(+), 442 deletions(-) delete mode 100644 core-nfqueue-openvswitch-Orphan-frags-in-skb_zerocopy-and-handle-errors.patch delete mode 100644 input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch delete mode 100644 net-vhost-fix-total-length-when-packets-are-too-short.patch delete mode 100644 net-vhost-validate-vhost_get_vq_desc-return-value.patch diff --git a/.gitignore b/.gitignore index 881c38c69..241798986 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ clog kernel-[23].*/ /perf-man.tar.gz /perf-man-3.13.tar.gz +/perf-man-3.14.tar.gz diff --git a/config-generic b/config-generic index fd1351de7..daf0dfe96 100644 --- a/config-generic +++ b/config-generic @@ -1661,13 +1661,13 @@ CONFIG_B43_SDIO=y CONFIG_B43_BCMA=y # CONFIG_B43_BCMA_EXTRA is not set CONFIG_B43_BCMA_PIO=y -CONFIG_B43_DEBUG=y +# CONFIG_B43_DEBUG is not set CONFIG_B43_PHY_LP=y CONFIG_B43_PHY_N=y CONFIG_B43_PHY_HT=y # CONFIG_B43_FORCE_PIO is not set CONFIG_B43LEGACY=m -CONFIG_B43LEGACY_DEBUG=y +# CONFIG_B43LEGACY_DEBUG is not set CONFIG_B43LEGACY_DMA=y CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y @@ -3502,7 +3502,7 @@ CONFIG_USB_STORAGE_REALTEK=m CONFIG_REALTEK_AUTOPM=y CONFIG_USB_STORAGE_ENE_UB6250=m # CONFIG_USB_LIBUSUAL is not set -CONFIG_USB_UAS=m +# CONFIG_USB_UAS is not set # @@ -4570,7 +4570,7 @@ CONFIG_PM_DEBUG=y # CONFIG_DPM_WATCHDOG is not set # revisit this in debug CONFIG_PM_TRACE=y CONFIG_PM_TRACE_RTC=y -CONFIG_PM_TEST_SUSPEND=y +# CONFIG_PM_TEST_SUSPEND is not set CONFIG_PM_RUNTIME=y # CONFIG_PM_OPP is not set # CONFIG_PM_AUTOSLEEP is not set diff --git a/config-nodebug b/config-nodebug index 9d4b2e91f..ee4842bfc 100644 --- a/config-nodebug +++ b/config-nodebug @@ -2,98 +2,98 @@ CONFIG_SND_VERBOSE_PRINTK=y CONFIG_SND_DEBUG=y CONFIG_SND_PCM_XRUN_DEBUG=y -CONFIG_DEBUG_ATOMIC_SLEEP=y +# CONFIG_DEBUG_ATOMIC_SLEEP is not set -CONFIG_DEBUG_MUTEXES=y -CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y -CONFIG_DEBUG_RT_MUTEXES=y -CONFIG_DEBUG_LOCK_ALLOC=y -CONFIG_PROVE_LOCKING=y -CONFIG_DEBUG_SPINLOCK=y -CONFIG_PROVE_RCU=y +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_PROVE_RCU is not set # CONFIG_PROVE_RCU_REPEATEDLY is not set -CONFIG_DEBUG_PER_CPU_MAPS=y +# CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_CPUMASK_OFFSTACK=y -CONFIG_CPU_NOTIFIER_ERROR_INJECT=m +# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set -CONFIG_FAULT_INJECTION=y -CONFIG_FAILSLAB=y -CONFIG_FAIL_PAGE_ALLOC=y -CONFIG_FAIL_MAKE_REQUEST=y -CONFIG_FAULT_INJECTION_DEBUG_FS=y -CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y -CONFIG_FAIL_IO_TIMEOUT=y -CONFIG_FAIL_MMC_REQUEST=y +# CONFIG_FAULT_INJECTION is not set +# CONFIG_FAILSLAB is not set +# CONFIG_FAIL_PAGE_ALLOC is not set +# CONFIG_FAIL_MAKE_REQUEST is not set +# CONFIG_FAULT_INJECTION_DEBUG_FS is not set +# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set +# CONFIG_FAIL_IO_TIMEOUT is not set +# CONFIG_FAIL_MMC_REQUEST is not set -CONFIG_LOCK_STAT=y +# CONFIG_LOCK_STAT is not set -CONFIG_DEBUG_STACK_USAGE=y +# CONFIG_DEBUG_STACK_USAGE is not set -CONFIG_ACPI_DEBUG=y +# CONFIG_ACPI_DEBUG is not set # CONFIG_ACPI_DEBUG_FUNC_TRACE is not set -CONFIG_DEBUG_SG=y +# CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_PAGEALLOC is not set -CONFIG_DEBUG_WRITECOUNT=y -CONFIG_DEBUG_OBJECTS=y +# CONFIG_DEBUG_WRITECOUNT is not set +# CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_OBJECTS_SELFTEST is not set -CONFIG_DEBUG_OBJECTS_FREE=y -CONFIG_DEBUG_OBJECTS_TIMERS=y -CONFIG_DEBUG_OBJECTS_RCU_HEAD=y +# CONFIG_DEBUG_OBJECTS_FREE is not set +# CONFIG_DEBUG_OBJECTS_TIMERS is not set +# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1 -CONFIG_X86_PTDUMP=y +# CONFIG_X86_PTDUMP is not set -CONFIG_CAN_DEBUG_DEVICES=y +# CONFIG_CAN_DEBUG_DEVICES is not set -CONFIG_MODULE_FORCE_UNLOAD=y +# CONFIG_MODULE_FORCE_UNLOAD is not set -CONFIG_SYSCTL_SYSCALL_CHECK=y +# CONFIG_SYSCTL_SYSCALL_CHECK is not set -CONFIG_DEBUG_NOTIFIERS=y +# CONFIG_DEBUG_NOTIFIERS is not set -CONFIG_DMA_API_DEBUG=y +# CONFIG_DMA_API_DEBUG is not set -CONFIG_MMIOTRACE=y +# CONFIG_MMIOTRACE is not set -CONFIG_DEBUG_CREDENTIALS=y +# CONFIG_DEBUG_CREDENTIALS is not set # off in both production debug and nodebug builds, # on in rawhide nodebug builds -CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set -CONFIG_EXT4_DEBUG=y +# CONFIG_EXT4_DEBUG is not set # CONFIG_XFS_WARN is not set -CONFIG_DEBUG_PERF_USE_VMALLOC=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set -CONFIG_JBD2_DEBUG=y +# CONFIG_JBD2_DEBUG is not set -CONFIG_NFSD_FAULT_INJECTION=y +# CONFIG_NFSD_FAULT_INJECTION is not set -CONFIG_DEBUG_BLK_CGROUP=y +# CONFIG_DEBUG_BLK_CGROUP is not set -CONFIG_DRBD_FAULT_INJECTION=y +# CONFIG_DRBD_FAULT_INJECTION is not set -CONFIG_ATH_DEBUG=y -CONFIG_CARL9170_DEBUGFS=y -CONFIG_IWLWIFI_DEVICE_TRACING=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_CARL9170_DEBUGFS is not set +# CONFIG_IWLWIFI_DEVICE_TRACING is not set # CONFIG_RTLWIFI_DEBUG is not set -CONFIG_DEBUG_OBJECTS_WORK=y +# CONFIG_DEBUG_OBJECTS_WORK is not set -CONFIG_DMADEVICES_DEBUG=y -CONFIG_DMADEVICES_VDEBUG=y +# CONFIG_DMADEVICES_DEBUG is not set +# CONFIG_DMADEVICES_VDEBUG is not set CONFIG_PM_ADVANCED_DEBUG=y -CONFIG_CEPH_LIB_PRETTYDEBUG=y -CONFIG_QUOTA_DEBUG=y +# CONFIG_CEPH_LIB_PRETTYDEBUG is not set +# CONFIG_QUOTA_DEBUG is not set CONFIG_PCI_DEFAULT_USE_CRS=y @@ -101,18 +101,18 @@ CONFIG_KGDB_KDB=y CONFIG_KDB_KEYBOARD=y CONFIG_KDB_CONTINUE_CATASTROPHIC=0 -CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y +# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set # CONFIG_PERCPU_TEST is not set -CONFIG_TEST_LIST_SORT=y +# CONFIG_TEST_LIST_SORT is not set # CONFIG_TEST_STRING_HELPERS is not set -CONFIG_DETECT_HUNG_TASK=y +# CONFIG_DETECT_HUNG_TASK is not set CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set -CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y +# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set -CONFIG_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024 # CONFIG_DEBUG_KMEMLEAK_TEST is not set CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y @@ -123,7 +123,7 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y # CONFIG_SPI_DEBUG is not set -CONFIG_X86_DEBUG_STATIC_CPU_HAS=y +# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set # CONFIG_SCHEDSTATS is not set # CONFIG_LATENCYTOP is not set diff --git a/config-x86-generic b/config-x86-generic index c44b81f3a..f6b3fa8c5 100644 --- a/config-x86-generic +++ b/config-x86-generic @@ -334,7 +334,7 @@ CONFIG_SP5100_TCO=m # CONFIG_MEMTEST is not set # CONFIG_DEBUG_TLBFLUSH is not set -CONFIG_MAXSMP=y +# CONFIG_MAXSMP is not set CONFIG_HP_ILO=m diff --git a/core-nfqueue-openvswitch-Orphan-frags-in-skb_zerocopy-and-handle-errors.patch b/core-nfqueue-openvswitch-Orphan-frags-in-skb_zerocopy-and-handle-errors.patch deleted file mode 100644 index 804f3a901..000000000 --- a/core-nfqueue-openvswitch-Orphan-frags-in-skb_zerocopy-and-handle-errors.patch +++ /dev/null @@ -1,163 +0,0 @@ -Bugzilla: 1079013 -Upstream-status: Queued in netdev tree - -From 36d5fe6a000790f56039afe26834265db0a3ad4c Mon Sep 17 00:00:00 2001 -From: Zoltan Kiss -Date: Wed, 26 Mar 2014 22:37:45 +0000 -Subject: core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle - errors - -skb_zerocopy can copy elements of the frags array between skbs, but it doesn't -orphan them. Also, it doesn't handle errors, so this patch takes care of that -as well, and modify the callers accordingly. skb_tx_error() is also added to -the callers so they will signal the failed delivery towards the creator of the -skb. - -Signed-off-by: Zoltan Kiss -Signed-off-by: David S. Miller - -diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 5e1e6f2..15ede6a 100644 ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -2451,8 +2451,8 @@ int skb_splice_bits(struct sk_buff *skb, unsigned int offset, - unsigned int flags); - void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to); - unsigned int skb_zerocopy_headlen(const struct sk_buff *from); --void skb_zerocopy(struct sk_buff *to, const struct sk_buff *from, -- int len, int hlen); -+int skb_zerocopy(struct sk_buff *to, struct sk_buff *from, -+ int len, int hlen); - void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len); - int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen); - void skb_scrub_packet(struct sk_buff *skb, bool xnet); -diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 869c7af..97e5a2c 100644 ---- a/net/core/skbuff.c -+++ b/net/core/skbuff.c -@@ -2127,25 +2127,31 @@ EXPORT_SYMBOL_GPL(skb_zerocopy_headlen); - * - * The `hlen` as calculated by skb_zerocopy_headlen() specifies the - * headroom in the `to` buffer. -+ * -+ * Return value: -+ * 0: everything is OK -+ * -ENOMEM: couldn't orphan frags of @from due to lack of memory -+ * -EFAULT: skb_copy_bits() found some problem with skb geometry - */ --void --skb_zerocopy(struct sk_buff *to, const struct sk_buff *from, int len, int hlen) -+int -+skb_zerocopy(struct sk_buff *to, struct sk_buff *from, int len, int hlen) - { - int i, j = 0; - int plen = 0; /* length of skb->head fragment */ -+ int ret; - struct page *page; - unsigned int offset; - - BUG_ON(!from->head_frag && !hlen); - - /* dont bother with small payloads */ -- if (len <= skb_tailroom(to)) { -- skb_copy_bits(from, 0, skb_put(to, len), len); -- return; -- } -+ if (len <= skb_tailroom(to)) -+ return skb_copy_bits(from, 0, skb_put(to, len), len); - - if (hlen) { -- skb_copy_bits(from, 0, skb_put(to, hlen), hlen); -+ ret = skb_copy_bits(from, 0, skb_put(to, hlen), hlen); -+ if (unlikely(ret)) -+ return ret; - len -= hlen; - } else { - plen = min_t(int, skb_headlen(from), len); -@@ -2163,6 +2169,11 @@ skb_zerocopy(struct sk_buff *to, const struct sk_buff *from, int len, int hlen) - to->len += len + plen; - to->data_len += len + plen; - -+ if (unlikely(skb_orphan_frags(from, GFP_ATOMIC))) { -+ skb_tx_error(from); -+ return -ENOMEM; -+ } -+ - for (i = 0; i < skb_shinfo(from)->nr_frags; i++) { - if (!len) - break; -@@ -2173,6 +2184,8 @@ skb_zerocopy(struct sk_buff *to, const struct sk_buff *from, int len, int hlen) - j++; - } - skb_shinfo(to)->nr_frags = j; -+ -+ return 0; - } - EXPORT_SYMBOL_GPL(skb_zerocopy); - -diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c -index f072fe8..108120f 100644 ---- a/net/netfilter/nfnetlink_queue_core.c -+++ b/net/netfilter/nfnetlink_queue_core.c -@@ -354,13 +354,16 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, - - skb = nfnetlink_alloc_skb(net, size, queue->peer_portid, - GFP_ATOMIC); -- if (!skb) -+ if (!skb) { -+ skb_tx_error(entskb); - return NULL; -+ } - - nlh = nlmsg_put(skb, 0, 0, - NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET, - sizeof(struct nfgenmsg), 0); - if (!nlh) { -+ skb_tx_error(entskb); - kfree_skb(skb); - return NULL; - } -@@ -488,13 +491,15 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, - nla->nla_type = NFQA_PAYLOAD; - nla->nla_len = nla_attr_size(data_len); - -- skb_zerocopy(skb, entskb, data_len, hlen); -+ if (skb_zerocopy(skb, entskb, data_len, hlen)) -+ goto nla_put_failure; - } - - nlh->nlmsg_len = skb->len; - return skb; - - nla_put_failure: -+ skb_tx_error(entskb); - kfree_skb(skb); - net_err_ratelimited("nf_queue: error creating packet message\n"); - return NULL; -diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c -index 8601b32..270b77d 100644 ---- a/net/openvswitch/datapath.c -+++ b/net/openvswitch/datapath.c -@@ -464,7 +464,9 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb, - } - nla->nla_len = nla_attr_size(skb->len); - -- skb_zerocopy(user_skb, skb, skb->len, hlen); -+ err = skb_zerocopy(user_skb, skb, skb->len, hlen); -+ if (err) -+ goto out; - - /* Pad OVS_PACKET_ATTR_PACKET if linear copy was performed */ - if (!(dp->user_features & OVS_DP_F_UNALIGNED)) { -@@ -478,6 +480,8 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb, - - err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid); - out: -+ if (err) -+ skb_tx_error(skb); - kfree_skb(nskb); - return err; - } --- -cgit v0.10.1 - diff --git a/input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch b/input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch deleted file mode 100644 index 5d8b3b1b0..000000000 --- a/input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch +++ /dev/null @@ -1,50 +0,0 @@ -From c4aa64b54ecc029579b0c62e976d747a0e567dfc Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 21 Mar 2014 10:55:11 +0100 -Subject: [PATCH] input: cypress_ps2: Don't report the cypress PS/2 trackpads - as a button pad - -The cypress PS/2 trackpad models supported by the cypress_ps2 driver emulate -BTN_RIGHT events in firmware based on the finger position, as part of this -no motion events are sent when the finger is in the button area. - -The INPUT_PROP_BUTTONPAD property is there to indicate to userspace that -BTN_RIGHT events should be emulated in userspace, which is not necessary -in this case. - -When INPUT_PROP_BUTTONPAD is advertised userspace will wait for a motion event -before propagating the button event higher up the stack, as it needs current -abs x + y data for its BTN_RIGHT emulation. Since in the cypress_ps2 pads -don't report motion events in the button area, this means that clicks in the -button area end up being ignored, so INPUT_PROP_BUTTONPAD actually causes -problems for these touchpads, and removing it fixes: - -https://bugs.freedesktop.org/show_bug.cgi?id=76341 - -Reported-by: Adam Williamson -Tested-by: Adam Williamson -Reviewed-by: Peter Hutterer -Cc: Adam Williamson -Cc: Peter Hutterer -Signed-off-by: Hans de Goede -Signed-off-by: Dmitry Torokhov -Cc: stable@vger.kernel.org ---- - drivers/input/mouse/cypress_ps2.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/drivers/input/mouse/cypress_ps2.c b/drivers/input/mouse/cypress_ps2.c -index 87095e2..8af34ff 100644 ---- a/drivers/input/mouse/cypress_ps2.c -+++ b/drivers/input/mouse/cypress_ps2.c -@@ -409,7 +409,6 @@ static int cypress_set_input_params(struct input_dev *input, - __clear_bit(REL_X, input->relbit); - __clear_bit(REL_Y, input->relbit); - -- __set_bit(INPUT_PROP_BUTTONPAD, input->propbit); - __set_bit(EV_KEY, input->evbit); - __set_bit(BTN_LEFT, input->keybit); - __set_bit(BTN_RIGHT, input->keybit); --- -1.9.0 - diff --git a/kernel.spec b/kernel.spec index 622ab1c38..5fc7e3764 100644 --- a/kernel.spec +++ b/kernel.spec @@ -6,7 +6,7 @@ Summary: The Linux kernel # For a stable, released kernel, released_kernel should be 1. For rawhide # and/or a kernel built from an rc or git snapshot, released_kernel should # be 0. -%global released_kernel 0 +%global released_kernel 1 # Sign modules on x86. Make sure the config files match this setting if more # architectures are added. @@ -40,7 +40,7 @@ Summary: The Linux kernel # base_sublevel is the kernel version we're starting with and patching # on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base, # which yields a base_sublevel of 0. -%define base_sublevel 13 +%define base_sublevel 14 ## If this is a released kernel ## %if 0%{?released_kernel} @@ -59,9 +59,9 @@ Summary: The Linux kernel # The next upstream release sublevel (base_sublevel+1) %define upstream_sublevel %(echo $((%{base_sublevel} + 1))) # The rc snapshot level -%define rcrev 8 +%define rcrev 0 # The git snapshot level -%define gitrev 1 +%define gitrev 0 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -122,7 +122,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. -%define debugbuildsenabled 0 +%define debugbuildsenabled 1 # Want to build a vanilla kernel build without any non-upstream patches? %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} @@ -642,21 +642,9 @@ Patch25036: ppc64le_module_fix.patch #rhbz 1046495 Patch25044: iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch -#CVE-2014-2568 rhbz 1079012 1079013 -Patch25049: core-nfqueue-openvswitch-Orphan-frags-in-skb_zerocopy-and-handle-errors.patch - -#CVE-2014-0055 rhbz 1062577 1081503 -Patch25050: net-vhost-validate-vhost_get_vq_desc-return-value.patch - -#CVE-2014-0077 rhbz 1064440 1081504 -Patch25051: net-vhost-fix-total-length-when-packets-are-too-short.patch - #CVE-2014-2580 rhbz 1080084 1080086 Patch25052: net-xen-netback-disable-rogue-vif-in-kthread-context.patch -#https://bugs.freedesktop.org/show_bug.cgi?id=76341 -#included in the input tree for-linux branch, will go upstream for 3.15 -Patch25053: input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch # END OF PATCH DEFINITIONS %endif @@ -1304,21 +1292,9 @@ ApplyPatch ppc64le_module_fix.patch #rhbz 1046495 ApplyPatch iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch -#CVE-2014-2568 rhbz 1079012 1079013 -ApplyPatch core-nfqueue-openvswitch-Orphan-frags-in-skb_zerocopy-and-handle-errors.patch - -#CVE-2014-0055 rhbz 1062577 1081503 -ApplyPatch net-vhost-validate-vhost_get_vq_desc-return-value.patch - -#CVE-2014-0077 rhbz 1064440 1081504 -ApplyPatch net-vhost-fix-total-length-when-packets-are-too-short.patch - #CVE-2014-2580 rhbz 1080084 1080086 ApplyPatch net-xen-netback-disable-rogue-vif-in-kthread-context.patch -#https://bugs.freedesktop.org/show_bug.cgi?id=76341 -ApplyPatch input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch - # END OF PATCH APPLICATIONS %endif @@ -2098,6 +2074,10 @@ fi # ||----w | # || || %changelog +* Mon Mar 31 2014 Josh Boyer - 3.14.0-1 +- Linux v3.14 +- Disable debugging options. + * Mon Mar 31 2014 Hans de Goede - Fix clicks getting lost with cypress_ps2 touchpads with recent xorg-x11-drv-synaptics versions (bfdo#76341) diff --git a/net-vhost-fix-total-length-when-packets-are-too-short.patch b/net-vhost-fix-total-length-when-packets-are-too-short.patch deleted file mode 100644 index a86779499..000000000 --- a/net-vhost-fix-total-length-when-packets-are-too-short.patch +++ /dev/null @@ -1,80 +0,0 @@ -Bugzilla: 1081504 -Upstream-status: Sent to netdev list - -From patchwork Thu Mar 27 10:00:26 2014 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [PATCHv2,net] vhost: fix total length when packets are too short -From: "Michael S. Tsirkin" -X-Patchwork-Id: 334283 -Message-Id: <20140327100026.GA30715@redhat.com> -To: linux-kernel@vger.kernel.org -Cc: kvm@vger.kernel.org, virtio-dev@lists.oasis-open.org, - virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, - Jason Wang , David Miller -Date: Thu, 27 Mar 2014 12:00:26 +0200 - -When mergeable buffers are disabled, and the -incoming packet is too large for the rx buffer, -get_rx_bufs returns success. - -This was intentional in order for make recvmsg -truncate the packet and then handle_rx would -detect err != sock_len and drop it. - -Unfortunately we pass the original sock_len to -recvmsg - which means we use parts of iov not fully -validated. - -Fix this up by detecting this overrun and doing packet drop -immediately. - -CVE-2014-0077 - -Signed-off-by: Michael S. Tsirkin - ---- -Changes from v1: - Fix CVE# in the commit log. - Patch is unchanged. - -Note: this is needed for -stable. - -I wonder if this can still make the release. - - drivers/vhost/net.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c -index a0fa5de..026be58 100644 ---- a/drivers/vhost/net.c -+++ b/drivers/vhost/net.c -@@ -532,6 +532,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, - *iovcount = seg; - if (unlikely(log)) - *log_num = nlogs; -+ -+ /* Detect overrun */ -+ if (unlikely(datalen > 0)) { -+ r = UIO_MAXIOV + 1; -+ goto err; -+ } - return headcount; - err: - vhost_discard_vq_desc(vq, headcount); -@@ -587,6 +593,14 @@ static void handle_rx(struct vhost_net *net) - /* On error, stop handling until the next kick. */ - if (unlikely(headcount < 0)) - break; -+ /* On overrun, truncate and discard */ -+ if (unlikely(headcount > UIO_MAXIOV)) { -+ msg.msg_iovlen = 1; -+ err = sock->ops->recvmsg(NULL, sock, &msg, -+ 1, MSG_DONTWAIT | MSG_TRUNC); -+ pr_debug("Discarded rx packet: len %zd\n", sock_len); -+ continue; -+ } - /* OK, now we need to know about added descriptors. */ - if (!headcount) { - if (unlikely(vhost_enable_notify(&net->dev, vq))) { diff --git a/net-vhost-validate-vhost_get_vq_desc-return-value.patch b/net-vhost-validate-vhost_get_vq_desc-return-value.patch deleted file mode 100644 index 5ed9bdf0a..000000000 --- a/net-vhost-validate-vhost_get_vq_desc-return-value.patch +++ /dev/null @@ -1,55 +0,0 @@ -Bugzilla: 1081503 -Upstream-status: Sent to netdev - -From patchwork Thu Mar 27 10:53:37 2014 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [net] vhost: validate vhost_get_vq_desc return value -From: "Michael S. Tsirkin" -X-Patchwork-Id: 334291 -Message-Id: <1395917517-30937-1-git-send-email-mst@redhat.com> -To: linux-kernel@vger.kernel.org -Cc: kvm@vger.kernel.org, virtio-dev@lists.oasis-open.org, - virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, - David Miller , Jason Wang -Date: Thu, 27 Mar 2014 12:53:37 +0200 - -vhost fails to validate negative error code -from vhost_get_vq_desc causing -a crash: we are using -EFAULT which is 0xfffffff2 -as vector size, which exceeds the allocated size. - -The code in question was introduced in commit -8dd014adfea6f173c1ef6378f7e5e7924866c923 - vhost-net: mergeable buffers support - -CVE-2014-0055 - -Signed-off-by: Michael S. Tsirkin - ---- -This is needed in -stable. - - drivers/vhost/net.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c -index 026be58..e1e22e0 100644 ---- a/drivers/vhost/net.c -+++ b/drivers/vhost/net.c -@@ -505,9 +505,13 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, - r = -ENOBUFS; - goto err; - } -- d = vhost_get_vq_desc(vq->dev, vq, vq->iov + seg, -+ r = vhost_get_vq_desc(vq->dev, vq, vq->iov + seg, - ARRAY_SIZE(vq->iov) - seg, &out, - &in, log, log_num); -+ if (unlikely(r < 0)) -+ goto err; -+ -+ d = r; - if (d == vq->num) { - r = 0; - goto err; diff --git a/sources b/sources index a91c5b3eb..3d6940b42 100644 --- a/sources +++ b/sources @@ -1,4 +1,2 @@ -0ecbaf65c00374eb4a826c2f9f37606f linux-3.13.tar.xz -732d1952898b28d5ccc264cad77b0619 perf-man-3.13.tar.gz -625e757abc795d92e4bf23247df3fb31 patch-3.14-rc8.xz -59b9c6c53a6ef15c591ea47b723385eb patch-3.14-rc8-git1.xz +b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz +d36baf2d62de5aa61f10a976d00d2d2a perf-man-3.14.tar.gz