diff options
Diffstat (limited to 'target/linux/generic')
5 files changed, 7 insertions, 195 deletions
diff --git a/target/linux/generic/patches-4.4/010-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch b/target/linux/generic/patches-4.4/010-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch deleted file mode 100644 index f22d8c389c..0000000000 --- a/target/linux/generic/patches-4.4/010-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 7ca88764d45c209791e8813131c1457c2e9e51e7 Mon Sep 17 00:00:00 2001 -From: Yevgeny Pats <yevgeny@perception-point.io> -Date: Mon, 11 Jan 2016 12:05:28 +0000 -Subject: KEYS: Fix keyring ref leak in join_session_keyring() - -If a thread is asked to join as a session keyring the keyring that's already -set as its session, we leak a keyring reference. - -This can be tested with the following program: - - #include <stddef.h> - #include <stdio.h> - #include <sys/types.h> - #include <keyutils.h> - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - -If, after the program has run, there something like the following line in -/proc/keys: - -3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - -with a usage count of 100 * the number of times the program has been run, -then the kernel is malfunctioning. If leaked-keyring has zero usages or -has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats <yevgeny@perception-point.io> -Signed-off-by: David Howells <dhowells@redhat.com> ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *na - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } diff --git a/target/linux/generic/patches-4.4/100-dump_stack-avoid-potential-deadlocks.patch b/target/linux/generic/patches-4.4/100-dump_stack-avoid-potential-deadlocks.patch deleted file mode 100644 index a20de7aa30..0000000000 --- a/target/linux/generic/patches-4.4/100-dump_stack-avoid-potential-deadlocks.patch +++ /dev/null @@ -1,118 +0,0 @@ -From: Eric Dumazet <edumazet@google.com> -Date: Fri, 22 Jan 2016 23:06:44 -0800 -Subject: [PATCH] dump_stack: avoid potential deadlocks - -Some servers experienced fatal deadlocks because of a combination -of bugs, leading to multiple cpus calling dump_stack(). - -The checksumming bug was fixed in commit 34ae6a1aa054 -("ipv6: update skb->csum when CE mark is propagated"). - -The second problem is a faulty locking in dump_stack() - -CPU1 runs in process context and calls dump_stack(), grabs dump_lock. - - CPU2 receives a TCP packet under softirq, grabs socket spinlock, and - call dump_stack() from netdev_rx_csum_fault(). - - dump_stack() spins on atomic_cmpxchg(&dump_lock, -1, 2), since - dump_lock is owned by CPU1 - -While dumping its stack, CPU1 is interrupted by a softirq, and happens -to process a packet for the TCP socket locked by CPU2. - -CPU1 spins forever in spin_lock() : deadlock - -Stack trace on CPU1 looked like : - -[306295.402231] NMI backtrace for cpu 1 -[306295.402238] RIP: 0010:[<ffffffffa9804e95>] [<ffffffffa9804e95>] _raw_spin_lock+0x25/0x30 -... -[306295.402255] Stack: -[306295.402256] ffff88407f023cb0 ffffffffa99cbdc3 ffff88407f023ca0 ffff88012f496bb0 -[306295.402266] ffffffffaa4dc1f0 ffff8820d94f0dc0 000000000000000a ffffffffaa4b4280 -[306295.402275] ffff88407f023ce0 ffffffffa98a21d0 ffff88407f023cc0 ffff88407f023ca0 -[306295.402284] Call Trace: -[306295.402286] <IRQ> -[306295.402288] -[306295.402291] [<ffffffffa99cbdc3>] tcp_v6_rcv+0x243/0x620 -[306295.402304] [<ffffffffa99c38af>] ip6_input_finish+0x11f/0x330 -[306295.402309] [<ffffffffa99c3b38>] ip6_input+0x38/0x40 -[306295.402313] [<ffffffffa99c3b7c>] ip6_rcv_finish+0x3c/0x90 -[306295.402318] [<ffffffffa99c3e79>] ipv6_rcv+0x2a9/0x500 -[306295.402323] [<ffffffffa989a1a1>] process_backlog+0x461/0xaa0 -[306295.402332] [<ffffffffa9899a57>] net_rx_action+0x147/0x430 -[306295.402337] [<ffffffffa980cca7>] __do_softirq+0x167/0x2d0 -[306295.402341] [<ffffffffa9d912dc>] call_softirq+0x1c/0x30 -[306295.402345] [<ffffffffa980687f>] do_softirq+0x3f/0x80 -[306295.402350] [<ffffffffa980cf7e>] irq_exit+0x6e/0xc0 -[306295.402355] [<ffffffffa980a5b5>] smp_call_function_single_interrupt+0x35/0x40 -[306295.402360] [<ffffffffa9d90bfa>] call_function_single_interrupt+0x6a/0x70 -[306295.402361] <EOI> -[306295.402364] -[306295.402376] [<ffffffffa9a3fa32>] printk+0x4d/0x4f -[306295.402390] [<ffffffffa99e1726>] printk_address+0x31/0x33 -[306295.402395] [<ffffffffa99e175b>] print_trace_address+0x33/0x3c -[306295.402408] [<ffffffffa99e165b>] print_context_stack+0x7f/0x119 -[306295.402412] [<ffffffffa99e07f1>] dump_trace+0x26b/0x28e -[306295.402417] [<ffffffffa99e17b3>] show_trace_log_lvl+0x4f/0x5c -[306295.402421] [<ffffffffa99e0a14>] show_stack_log_lvl+0x104/0x113 -[306295.402425] [<ffffffffa99e1819>] show_stack+0x42/0x44 -[306295.402429] [<ffffffffa9ba350a>] dump_stack+0x46/0x58 -[306295.402434] [<ffffffffa9d0957d>] netdev_rx_csum_fault+0x38/0x3c -[306295.402439] [<ffffffffa9988e0e>] __skb_checksum_complete_head+0x6e/0x80 -[306295.402444] [<ffffffffa9988e31>] __skb_checksum_complete+0x11/0x20 -[306295.402449] [<ffffffffa98acf65>] tcp_rcv_established+0x2bd5/0x2fd0 -[306295.402468] [<ffffffffa99cb69c>] tcp_v6_do_rcv+0x13c/0x620 -[306295.402477] [<ffffffffa9984be5>] sk_backlog_rcv+0x15/0x30 -[306295.402482] [<ffffffffa98931e2>] release_sock+0xd2/0x150 -[306295.402486] [<ffffffffa98a51b1>] tcp_recvmsg+0x1c1/0xfc0 -[306295.402491] [<ffffffffa98b637d>] inet_recvmsg+0x7d/0x90 -[306295.402495] [<ffffffffa9891fcf>] sock_recvmsg+0xaf/0xe0 -[306295.402505] [<ffffffffa9892611>] ___sys_recvmsg+0x111/0x3b0 -[306295.402528] [<ffffffffa9892f5c>] SyS_recvmsg+0x5c/0xb0 -[306295.402532] [<ffffffffa9d8fba2>] system_call_fastpath+0x16/0x1b - -Fixes: b58d977432c8 ("dump_stack: serialize the output from dump_stack()") -Signed-off-by: Eric Dumazet <edumazet@google.com> -Cc: Alex Thorlton <athorlton@sgi.com> ---- - ---- a/lib/dump_stack.c -+++ b/lib/dump_stack.c -@@ -25,6 +25,7 @@ static atomic_t dump_lock = ATOMIC_INIT( - - asmlinkage __visible void dump_stack(void) - { -+ unsigned long flags; - int was_locked; - int old; - int cpu; -@@ -33,9 +34,8 @@ asmlinkage __visible void dump_stack(voi - * Permit this cpu to perform nested stack dumps while serialising - * against other CPUs - */ -- preempt_disable(); -- - retry: -+ local_irq_save(flags); - cpu = smp_processor_id(); - old = atomic_cmpxchg(&dump_lock, -1, cpu); - if (old == -1) { -@@ -43,6 +43,7 @@ retry: - } else if (old == cpu) { - was_locked = 1; - } else { -+ local_irq_restore(flags); - cpu_relax(); - goto retry; - } -@@ -52,7 +53,7 @@ retry: - if (!was_locked) - atomic_set(&dump_lock, -1); - -- preempt_enable(); -+ local_irq_restore(flags); - } - #else - asmlinkage __visible void dump_stack(void) diff --git a/target/linux/generic/patches-4.4/680-NET-skip-GRO-for-foreign-MAC-addresses.patch b/target/linux/generic/patches-4.4/680-NET-skip-GRO-for-foreign-MAC-addresses.patch index 921b8096a0..256bd514aa 100644 --- a/target/linux/generic/patches-4.4/680-NET-skip-GRO-for-foreign-MAC-addresses.patch +++ b/target/linux/generic/patches-4.4/680-NET-skip-GRO-for-foreign-MAC-addresses.patch @@ -17,7 +17,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org> --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -4199,6 +4199,9 @@ static enum gro_result dev_gro_receive(s +@@ -4204,6 +4204,9 @@ static enum gro_result dev_gro_receive(s enum gro_result ret; int grow; @@ -27,7 +27,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org> if (!(skb->dev->features & NETIF_F_GRO)) goto normal; -@@ -5349,6 +5352,48 @@ static void __netdev_adjacent_dev_unlink +@@ -5354,6 +5357,48 @@ static void __netdev_adjacent_dev_unlink &upper_dev->adj_list.lower); } @@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org> static int __netdev_upper_dev_link(struct net_device *dev, struct net_device *upper_dev, bool master, void *private) -@@ -5420,6 +5465,7 @@ static int __netdev_upper_dev_link(struc +@@ -5425,6 +5470,7 @@ static int __netdev_upper_dev_link(struc goto rollback_lower_mesh; } @@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org> call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev, &changeupper_info.info); return 0; -@@ -5546,6 +5592,7 @@ void netdev_upper_dev_unlink(struct net_ +@@ -5551,6 +5597,7 @@ void netdev_upper_dev_unlink(struct net_ list_for_each_entry(i, &upper_dev->all_adj_list.upper, list) __netdev_adjacent_dev_unlink(dev, i->dev); @@ -92,7 +92,7 @@ Signed-off-by: Felix Fietkau <nbd@openwrt.org> call_netdevice_notifiers_info(NETDEV_CHANGEUPPER, dev, &changeupper_info.info); } -@@ -6086,6 +6133,7 @@ int dev_set_mac_address(struct net_devic +@@ -6091,6 +6138,7 @@ int dev_set_mac_address(struct net_devic if (err) return err; dev->addr_assign_type = NET_ADDR_SET; diff --git a/target/linux/generic/patches-4.4/721-phy_packets.patch b/target/linux/generic/patches-4.4/721-phy_packets.patch index 719275b540..c5993564a0 100644 --- a/target/linux/generic/patches-4.4/721-phy_packets.patch +++ b/target/linux/generic/patches-4.4/721-phy_packets.patch @@ -86,7 +86,7 @@ help --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -2708,10 +2708,20 @@ static int xmit_one(struct sk_buff *skb, +@@ -2713,10 +2713,20 @@ static int xmit_one(struct sk_buff *skb, if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) dev_queue_xmit_nit(skb, dev); diff --git a/target/linux/generic/patches-4.4/820-usb_add_usb_find_device_by_name.patch b/target/linux/generic/patches-4.4/820-usb_add_usb_find_device_by_name.patch index f6ef9ce1a7..1740d74179 100644 --- a/target/linux/generic/patches-4.4/820-usb_add_usb_find_device_by_name.patch +++ b/target/linux/generic/patches-4.4/820-usb_add_usb_find_device_by_name.patch @@ -74,7 +74,7 @@ * @dev: device the buffer will be used with --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -725,6 +725,7 @@ static inline bool usb_device_no_sg_cons +@@ -729,6 +729,7 @@ static inline bool usb_device_no_sg_cons return udev && udev->bus && udev->bus->no_sg_constraint; } |