diff options
| author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2012-08-08 13:37:38 -0400 |
|---|---|---|
| committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2012-08-08 13:37:38 -0400 |
| commit | beb955586a2d98a9bbfc146eb5311969764ac718 (patch) | |
| tree | 3aced71cb0d8435d683c243cba657b5bb14068ac | |
| parent | d25feb4ea00165d6b76de0fff58821e65242ec74 (diff) | |
| download | longterm-queue-2.6.34-beb955586a2d98a9bbfc146eb5311969764ac718.tar.gz | |
import commits parallel to 2.6.32.49
compile tested and reviewbot'ted.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
22 files changed, 1737 insertions, 0 deletions
diff --git a/queue/NFS-sunrpc-don-t-use-a-credential-with-extra-groups.patch b/queue/NFS-sunrpc-don-t-use-a-credential-with-extra-groups.patch new file mode 100644 index 0000000..a336619 --- /dev/null +++ b/queue/NFS-sunrpc-don-t-use-a-credential-with-extra-groups.patch @@ -0,0 +1,45 @@ +From 05eccdfa79ea5a8059ba79213ec0cb6ef771a3d9 Mon Sep 17 00:00:00 2001 +From: NeilBrown <neilb@suse.de> +Date: Tue, 25 Oct 2011 10:25:49 +1100 +Subject: [PATCH] NFS/sunrpc: don't use a credential with extra groups. + +commit dc6f55e9f8dac4b6479be67c5c9128ad37bb491f upstream. + +The sunrpc layer keeps a cache of recently used credentials and +'unx_match' is used to find the credential which matches the current +process. + +However unx_match allows a match when the cached credential has extra +groups at the end of uc_gids list which are not in the process group list. + +So if a process with a list of (say) 4 group accesses a file and gains +access because of the last group in the list, then another process +with the same uid and gid, and a gid list being the first tree of the +gids of the original process tries to access the file, it will be +granted access even though it shouldn't as the wrong rpc credential +will be used. + +Signed-off-by: NeilBrown <neilb@suse.de> +Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + net/sunrpc/auth_unix.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c +index aac2f8b..c16f25d 100644 +--- a/net/sunrpc/auth_unix.c ++++ b/net/sunrpc/auth_unix.c +@@ -130,6 +130,9 @@ unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags) + for (i = 0; i < groups ; i++) + if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i)) + return 0; ++ if (groups < NFS_NGROUPS && ++ cred->uc_gids[groups] != NOGROUP) ++ return 0; + return 1; + } + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/PM-Suspend-Off-by-one-in-pm_suspend.patch b/queue/PM-Suspend-Off-by-one-in-pm_suspend.patch new file mode 100644 index 0000000..8ed916d --- /dev/null +++ b/queue/PM-Suspend-Off-by-one-in-pm_suspend.patch @@ -0,0 +1,34 @@ +From 8c596890abfda192b5eac3b297a7af05744e83c0 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter <dan.carpenter@oracle.com> +Date: Wed, 21 Sep 2011 20:55:04 +0200 +Subject: [PATCH] PM / Suspend: Off by one in pm_suspend() + +commit 528f7ce6e439edeac38f6b3f8561f1be129b5e91 upstream. + +In enter_state() we use "state" as an offset for the pm_states[] +array. The pm_states[] array only has PM_SUSPEND_MAX elements so +this test is off by one. + +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + kernel/power/suspend.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/power/suspend.c b/kernel/power/suspend.c +index 56e7dbb..7d4ae3b 100644 +--- a/kernel/power/suspend.c ++++ b/kernel/power/suspend.c +@@ -297,7 +297,7 @@ int enter_state(suspend_state_t state) + */ + int pm_suspend(suspend_state_t state) + { +- if (state > PM_SUSPEND_ON && state <= PM_SUSPEND_MAX) ++ if (state > PM_SUSPEND_ON && state < PM_SUSPEND_MAX) + return enter_state(state); + return -EINVAL; + } +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/SCSI-Make-scsi_free_queue-kill-pending-SCSI-commands.patch b/queue/SCSI-Make-scsi_free_queue-kill-pending-SCSI-commands.patch new file mode 100644 index 0000000..dad6233 --- /dev/null +++ b/queue/SCSI-Make-scsi_free_queue-kill-pending-SCSI-commands.patch @@ -0,0 +1,72 @@ +From 98322059b2a9b23fe7dc39fa8befad0ad0680976 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche <bvanassche@acm.org> +Date: Fri, 23 Sep 2011 19:48:18 +0200 +Subject: [PATCH] [SCSI] Make scsi_free_queue() kill pending SCSI commands + +commit 3308511c93e6ad0d3c58984ecd6e5e57f96b12c8 upstream. + +Make sure that SCSI device removal via scsi_remove_host() does finish +all pending SCSI commands. Currently that's not the case and hence +removal of a SCSI host during I/O can cause a deadlock. See also +"blkdev_issue_discard() hangs forever if underlying storage device is +removed" (http://bugzilla.kernel.org/show_bug.cgi?id=40472). See also +http://lkml.org/lkml/2011/8/27/6. + +Signed-off-by: Bart Van Assche <bvanassche@acm.org> +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/scsi/hosts.c | 9 ++++++--- + drivers/scsi/scsi_lib.c | 9 +++++++++ + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c +index 6660fa9..cdd904d 100644 +--- a/drivers/scsi/hosts.c ++++ b/drivers/scsi/hosts.c +@@ -280,6 +280,7 @@ static void scsi_host_dev_release(struct device *dev) + { + struct Scsi_Host *shost = dev_to_shost(dev); + struct device *parent = dev->parent; ++ struct request_queue *q; + + scsi_proc_hostdir_rm(shost->hostt); + +@@ -287,9 +288,11 @@ static void scsi_host_dev_release(struct device *dev) + kthread_stop(shost->ehandler); + if (shost->work_q) + destroy_workqueue(shost->work_q); +- if (shost->uspace_req_q) { +- kfree(shost->uspace_req_q->queuedata); +- scsi_free_queue(shost->uspace_req_q); ++ q = shost->uspace_req_q; ++ if (q) { ++ kfree(q->queuedata); ++ q->queuedata = NULL; ++ scsi_free_queue(q); + } + + scsi_destroy_command_freelist(shost); +diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c +index 725f3cd..9f240f4 100644 +--- a/drivers/scsi/scsi_lib.c ++++ b/drivers/scsi/scsi_lib.c +@@ -1676,6 +1676,15 @@ struct request_queue *scsi_alloc_queue(struct scsi_device *sdev) + + void scsi_free_queue(struct request_queue *q) + { ++ unsigned long flags; ++ ++ WARN_ON(q->queuedata); ++ ++ /* cause scsi_request_fn() to kill all non-finished requests */ ++ spin_lock_irqsave(q->queue_lock, flags); ++ q->request_fn(q); ++ spin_unlock_irqrestore(q->queue_lock, flags); ++ + blk_cleanup_queue(q); + } + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/SCSI-st-fix-race-in-st_scsi_execute_end.patch b/queue/SCSI-st-fix-race-in-st_scsi_execute_end.patch new file mode 100644 index 0000000..bd4d4b9 --- /dev/null +++ b/queue/SCSI-st-fix-race-in-st_scsi_execute_end.patch @@ -0,0 +1,53 @@ +From 840a9f0594b1f550efdaaa5d32df4881b5ff013d Mon Sep 17 00:00:00 2001 +From: Petr Uzel <petr.uzel@suse.cz> +Date: Fri, 21 Oct 2011 13:31:09 +0200 +Subject: [PATCH] [SCSI] st: fix race in st_scsi_execute_end +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +commit c68bf8eeaa57c852e74adcf597237be149eef830 upstream. + +The call to complete() in st_scsi_execute_end() wakes up sleeping thread +in write_behind_check(), which frees the st_request, thus invalidating +the pointer to the associated bio structure, which is then passed to the +blk_rq_unmap_user(). Fix by storing pointer to bio structure into +temporary local variable. + +This bug is present since at least linux-2.6.32. + +Signed-off-by: Petr Uzel <petr.uzel@suse.cz> +Reported-by: Juergen Groß <juergen.gross@ts.fujitsu.com> +Reviewed-by: Jan Kara <jack@suse.cz> +Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi> +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/scsi/st.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c +index 3ea1a71..516ca15 100644 +--- a/drivers/scsi/st.c ++++ b/drivers/scsi/st.c +@@ -462,14 +462,16 @@ static void st_scsi_execute_end(struct request *req, int uptodate) + { + struct st_request *SRpnt = req->end_io_data; + struct scsi_tape *STp = SRpnt->stp; ++ struct bio *tmp; + + STp->buffer->cmdstat.midlevel_result = SRpnt->result = req->errors; + STp->buffer->cmdstat.residual = req->resid_len; + ++ tmp = SRpnt->bio; + if (SRpnt->waiting) + complete(SRpnt->waiting); + +- blk_rq_unmap_user(SRpnt->bio); ++ blk_rq_unmap_user(tmp); + __blk_put_request(req->q, req); + } + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/USB-Fix-Corruption-issue-in-USB-ftdi-driver-ftdi_sio.patch b/queue/USB-Fix-Corruption-issue-in-USB-ftdi-driver-ftdi_sio.patch new file mode 100644 index 0000000..25b5924 --- /dev/null +++ b/queue/USB-Fix-Corruption-issue-in-USB-ftdi-driver-ftdi_sio.patch @@ -0,0 +1,87 @@ +From 6cdfef8dcd536a3eb9d9a7639b211ebfdbd49a67 Mon Sep 17 00:00:00 2001 +From: Andrew Worsley <amworsley@gmail.com> +Date: Fri, 18 Nov 2011 23:13:33 +1100 +Subject: [PATCH] USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c + +commit b1ffb4c851f185e9051ba837c16d9b84ef688d26 upstream. + +Fix for ftdi_set_termios() glitching output + +ftdi_set_termios() is constantly setting the baud rate, data bits and parity +unnecessarily on every call, . When called while characters are being +transmitted can cause the FTDI chip to corrupt the serial port bit stream +output by stalling the output half a bit during the output of a character. +Simple fix by skipping this setting if the baud rate/data bits/parity are +unchanged. + +Signed-off-by: Andrew Worsley <amworsley@gmail.com> +---- + + I had a brief run with strace on the getty and it was doing ioctl()s on + each call but it didn't look relavant to the problem. I think the issue is + that XON/XOFF flow control was being implmented via hardware - for the ixoff + to allow the user to use XON/XOFF to control output. Unfortunately it would + send 3 Control URBs updating all of the settings after each piece of input + + I am trying to work around the issue of gmail messing with the tab/spacing + by submitting via SMTP via gmail which I believe should fix the issue. + + The patch is against v3.2-rc2 and compiles - but no additional testing in + this kernel has been done. + + Thanks + + Andrew + +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/usb/serial/ftdi_sio.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index 24dc63c..7367f4b 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -2332,13 +2332,19 @@ static void ftdi_set_termios(struct tty_struct *tty, + + cflag = termios->c_cflag; + +- /* FIXME -For this cut I don't care if the line is really changing or +- not - so just do the change regardless - should be able to +- compare old_termios and tty->termios */ ++ if (old_termios->c_cflag == termios->c_cflag ++ && old_termios->c_ispeed == termios->c_ispeed ++ && old_termios->c_ospeed == termios->c_ospeed) ++ goto no_c_cflag_changes; ++ + /* NOTE These routines can get interrupted by + ftdi_sio_read_bulk_callback - need to examine what this means - + don't see any problems yet */ + ++ if ((old_termios->c_cflag & (CSIZE|PARODD|PARENB|CMSPAR|CSTOPB)) == ++ (termios->c_cflag & (CSIZE|PARODD|PARENB|CMSPAR|CSTOPB))) ++ goto no_data_parity_stop_changes; ++ + /* Set number of data bits, parity, stop bits */ + + urb_value = 0; +@@ -2379,6 +2385,7 @@ static void ftdi_set_termios(struct tty_struct *tty, + } + + /* Now do the baudrate */ ++no_data_parity_stop_changes: + if ((cflag & CBAUD) == B0) { + /* Disable flow control */ + if (usb_control_msg(dev, usb_sndctrlpipe(dev, 0), +@@ -2406,6 +2413,7 @@ static void ftdi_set_termios(struct tty_struct *tty, + + /* Set flow control */ + /* Note device also supports DTR/CD (ugh) and Xon/Xoff in hardware */ ++no_c_cflag_changes: + if (cflag & CRTSCTS) { + dbg("%s Setting to CRTSCTS flow control", __func__); + if (usb_control_msg(dev, +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/USB-add-quirk-for-Logitech-C600-web-cam.patch b/queue/USB-add-quirk-for-Logitech-C600-web-cam.patch new file mode 100644 index 0000000..62e71b8 --- /dev/null +++ b/queue/USB-add-quirk-for-Logitech-C600-web-cam.patch @@ -0,0 +1,34 @@ +From 2a27ca3a38a5443d79c007eeef8553f550505b5b Mon Sep 17 00:00:00 2001 +From: Josh Boyer <jwboyer@redhat.com> +Date: Wed, 26 Oct 2011 13:53:17 -0400 +Subject: [PATCH] USB: add quirk for Logitech C600 web cam + +commit 60c71ca972a2dd3fd9d0165b405361c8ad48349b upstream. + +We've had another report of the "chipmunk" sound on a Logitech C600 webcam. +This patch resolves the issue. + +Signed-off-by: Josh Boyer <jwboyer@redhat.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/usb/core/quirks.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index 241a0d6..f1b7442 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -47,6 +47,9 @@ static const struct usb_device_id usb_quirk_list[] = { + /* Logitech Webcam B/C500 */ + { USB_DEVICE(0x046d, 0x0807), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* Logitech Webcam C600 */ ++ { USB_DEVICE(0x046d, 0x0808), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* Logitech Webcam Pro 9000 */ + { USB_DEVICE(0x046d, 0x0809), .driver_info = USB_QUIRK_RESET_RESUME }, + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/USB-quirks-adding-more-quirky-webcams-to-avoid-squea.patch b/queue/USB-quirks-adding-more-quirky-webcams-to-avoid-squea.patch new file mode 100644 index 0000000..9f1d8e2 --- /dev/null +++ b/queue/USB-quirks-adding-more-quirky-webcams-to-avoid-squea.patch @@ -0,0 +1,64 @@ +From 59627ea1fbd3a9fe0f96b0b110f2662f51ae61ed Mon Sep 17 00:00:00 2001 +From: sordna <sordna@gmail.com> +Date: Thu, 27 Oct 2011 21:06:26 -0700 +Subject: [PATCH] USB: quirks: adding more quirky webcams to avoid squeaky + audio + +commit 0d145d7d4a241c321c832a810bb6edad18e2217b upstream. + +The following patch contains additional affected webcam models, on top of the +patches commited to linux-next 2394d67e446bf616a0885167d5f0d397bdacfdfc +and 5b253d88cc6c65a23cefc457a5a4ef139913c5fc + +Signed-off-by: sordna <sordna@gmail.com> +Cc: Oliver Neukum <oliver@neukum.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/usb/core/quirks.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index f1b7442..9774dfc 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -53,12 +53,36 @@ static const struct usb_device_id usb_quirk_list[] = { + /* Logitech Webcam Pro 9000 */ + { USB_DEVICE(0x046d, 0x0809), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* Logitech Webcam C905 */ ++ { USB_DEVICE(0x046d, 0x080a), .driver_info = USB_QUIRK_RESET_RESUME }, ++ ++ /* Logitech Webcam C210 */ ++ { USB_DEVICE(0x046d, 0x0819), .driver_info = USB_QUIRK_RESET_RESUME }, ++ ++ /* Logitech Webcam C260 */ ++ { USB_DEVICE(0x046d, 0x081a), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* Logitech Webcam C310 */ + { USB_DEVICE(0x046d, 0x081b), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* Logitech Webcam C910 */ ++ { USB_DEVICE(0x046d, 0x0821), .driver_info = USB_QUIRK_RESET_RESUME }, ++ ++ /* Logitech Webcam C160 */ ++ { USB_DEVICE(0x046d, 0x0824), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* Logitech Webcam C270 */ + { USB_DEVICE(0x046d, 0x0825), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* Logitech Quickcam Pro 9000 */ ++ { USB_DEVICE(0x046d, 0x0990), .driver_info = USB_QUIRK_RESET_RESUME }, ++ ++ /* Logitech Quickcam E3500 */ ++ { USB_DEVICE(0x046d, 0x09a4), .driver_info = USB_QUIRK_RESET_RESUME }, ++ ++ /* Logitech Quickcam Vision Pro */ ++ { USB_DEVICE(0x046d, 0x09a6), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* Philips PSC805 audio device */ + { USB_DEVICE(0x0471, 0x0155), .driver_info = USB_QUIRK_RESET_RESUME }, + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/USB-serial-pl2303-rm-duplicate-id.patch b/queue/USB-serial-pl2303-rm-duplicate-id.patch new file mode 100644 index 0000000..23b7875 --- /dev/null +++ b/queue/USB-serial-pl2303-rm-duplicate-id.patch @@ -0,0 +1,63 @@ +From 2c49280a5b9b9e22c87c6a49ac0f36f77ec79ac9 Mon Sep 17 00:00:00 2001 +From: wangyanqing <udknight@gmail.com> +Date: Thu, 10 Nov 2011 14:04:08 +0800 +Subject: [PATCH] USB: serial: pl2303: rm duplicate id + +commit 0c16595539b612fe948559433dda08ff96a8bdc7 upstream. + +I get report from customer that his usb-serial +converter doesn't work well,it sometimes work, +but sometimes it doesn't. + +The usb-serial converter's id: +vendor_id product_id +0x4348 0x5523 + +Then I search the usb-serial codes, and there are +two drivers announce support this device, pl2303 +and ch341, commit 026dfaf1 cause it. Through many +times to test, ch341 works well with this device, +and pl2303 doesn't work quite often(it just work quite little). + +ch341 works well with this device, so we doesn't +need pl2303 to support.I try to revert 026dfaf1 first, +but it failed. So I prepare this patch by hand to revert it. + +Signed-off-by: Wang YanQing <Udknight@gmail.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/usb/serial/pl2303.c | 1 - + drivers/usb/serial/pl2303.h | 4 ---- + 2 files changed, 5 deletions(-) + +diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c +index e42ee9b..95ca261 100644 +--- a/drivers/usb/serial/pl2303.c ++++ b/drivers/usb/serial/pl2303.c +@@ -101,7 +101,6 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(SONY_VENDOR_ID, SONY_QN3USB_PRODUCT_ID) }, + { USB_DEVICE(SANWA_VENDOR_ID, SANWA_PRODUCT_ID) }, + { USB_DEVICE(ADLINK_VENDOR_ID, ADLINK_ND6530_PRODUCT_ID) }, +- { USB_DEVICE(WINCHIPHEAD_VENDOR_ID, WINCHIPHEAD_USBSER_PRODUCT_ID) }, + { USB_DEVICE(SMART_VENDOR_ID, SMART_PRODUCT_ID) }, + { } /* Terminating entry */ + }; +diff --git a/drivers/usb/serial/pl2303.h b/drivers/usb/serial/pl2303.h +index 3d10d7f..c38b8c0 100644 +--- a/drivers/usb/serial/pl2303.h ++++ b/drivers/usb/serial/pl2303.h +@@ -145,10 +145,6 @@ + #define ADLINK_VENDOR_ID 0x0b63 + #define ADLINK_ND6530_PRODUCT_ID 0x6530 + +-/* WinChipHead USB->RS 232 adapter */ +-#define WINCHIPHEAD_VENDOR_ID 0x4348 +-#define WINCHIPHEAD_USBSER_PRODUCT_ID 0x5523 +- + /* SMART USB Serial Adapter */ + #define SMART_VENDOR_ID 0x0b8c + #define SMART_PRODUCT_ID 0x2303 +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/drm-i915-Rephrase-pwrite-bounds-checking-to-avoid-an.patch b/queue/drm-i915-Rephrase-pwrite-bounds-checking-to-avoid-an.patch new file mode 100644 index 0000000..d1b8dd6 --- /dev/null +++ b/queue/drm-i915-Rephrase-pwrite-bounds-checking-to-avoid-an.patch @@ -0,0 +1,53 @@ +From b21c4e84f484dc6bd6319d93c0e6ee7fd2dfb3cb Mon Sep 17 00:00:00 2001 +From: Chris Wilson <chris@chris-wilson.co.uk> +Date: Sun, 26 Sep 2010 20:21:44 +0100 +Subject: [PATCH] drm/i915: Rephrase pwrite bounds checking to avoid any + potential overflow + +commit 7dcd2499deab8f10011713c40bc2f309c9b65077 upstream. + +... and do the same for pread. + +Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/gpu/drm/i915/i915_gem.c | 16 ++++------------ + 1 file changed, 4 insertions(+), 12 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c +index fd51c36..82d798b 100644 +--- a/drivers/gpu/drm/i915/i915_gem.c ++++ b/drivers/gpu/drm/i915/i915_gem.c +@@ -481,12 +481,8 @@ i915_gem_pread_ioctl(struct drm_device *dev, void *data, + return -EBADF; + obj_priv = to_intel_bo(obj); + +- /* Bounds check source. +- * +- * XXX: This could use review for overflow issues... +- */ +- if (args->offset > obj->size || args->size > obj->size || +- args->offset + args->size > obj->size) { ++ /* Bounds check source. */ ++ if (args->offset > obj->size || args->size > obj->size - args->offset) { + ret = -EINVAL; + goto err; + } +@@ -959,12 +955,8 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data, + return -EBADF; + obj_priv = to_intel_bo(obj); + +- /* Bounds check destination. +- * +- * XXX: This could use review for overflow issues... +- */ +- if (args->offset > obj->size || args->size > obj->size || +- args->offset + args->size > obj->size) { ++ /* Bounds check destination. */ ++ if (args->offset > obj->size || args->size > obj->size - args->offset) { + ret = -EINVAL; + goto err; + } +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/drm-i915-Sanity-check-pread-pwrite.patch b/queue/drm-i915-Sanity-check-pread-pwrite.patch new file mode 100644 index 0000000..cba409e --- /dev/null +++ b/queue/drm-i915-Sanity-check-pread-pwrite.patch @@ -0,0 +1,91 @@ +From 38904c84f44ba186a147db09f6b6ec5568711e96 Mon Sep 17 00:00:00 2001 +From: Chris Wilson <chris@chris-wilson.co.uk> +Date: Sun, 26 Sep 2010 20:50:05 +0100 +Subject: [PATCH] drm/i915: Sanity check pread/pwrite + +commit ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4 upstream. + +Move the access control up from the fast paths, which are no longer +universally taken first, up into the caller. This then duplicates some +sanity checking along the slow paths, but is much simpler. +Tracked as CVE-2010-2962. + +Reported-by: Kees Cook <kees@ubuntu.com> +Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/gpu/drm/i915/i915_gem.c | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c +index e07722a..fd51c36 100644 +--- a/drivers/gpu/drm/i915/i915_gem.c ++++ b/drivers/gpu/drm/i915/i915_gem.c +@@ -487,8 +487,15 @@ i915_gem_pread_ioctl(struct drm_device *dev, void *data, + */ + if (args->offset > obj->size || args->size > obj->size || + args->offset + args->size > obj->size) { +- drm_gem_object_unreference_unlocked(obj); +- return -EINVAL; ++ ret = -EINVAL; ++ goto err; ++ } ++ ++ if (!access_ok(VERIFY_WRITE, ++ (char __user *)(uintptr_t)args->data_ptr, ++ args->size)) { ++ ret = -EFAULT; ++ goto err; + } + + if (i915_gem_object_needs_bit17_swizzle(obj)) { +@@ -500,8 +507,8 @@ i915_gem_pread_ioctl(struct drm_device *dev, void *data, + file_priv); + } + ++err: + drm_gem_object_unreference_unlocked(obj); +- + return ret; + } + +@@ -591,8 +598,6 @@ i915_gem_gtt_pwrite_fast(struct drm_device *dev, struct drm_gem_object *obj, + + user_data = (char __user *) (uintptr_t) args->data_ptr; + remain = args->size; +- if (!access_ok(VERIFY_READ, user_data, remain)) +- return -EFAULT; + + + mutex_lock(&dev->struct_mutex); +@@ -960,8 +965,15 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data, + */ + if (args->offset > obj->size || args->size > obj->size || + args->offset + args->size > obj->size) { +- drm_gem_object_unreference_unlocked(obj); +- return -EINVAL; ++ ret = -EINVAL; ++ goto err; ++ } ++ ++ if (!access_ok(VERIFY_READ, ++ (char __user *)(uintptr_t)args->data_ptr, ++ args->size)) { ++ ret = -EFAULT; ++ goto err; + } + + /* We can only do the GTT pwrite on untiled buffers, as otherwise +@@ -994,8 +1006,8 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data, + DRM_INFO("pwrite failed %d\n", ret); + #endif + ++err: + drm_gem_object_unreference_unlocked(obj); +- + return ret; + } + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/hfs-add-sanity-check-for-file-name-length.patch b/queue/hfs-add-sanity-check-for-file-name-length.patch new file mode 100644 index 0000000..a8e879e --- /dev/null +++ b/queue/hfs-add-sanity-check-for-file-name-length.patch @@ -0,0 +1,34 @@ +From 3887fc0ad1f56a13b83de20c350db3458350cd1b Mon Sep 17 00:00:00 2001 +From: Dan Carpenter <dan.carpenter@oracle.com> +Date: Mon, 14 Nov 2011 17:52:08 +0300 +Subject: [PATCH] hfs: add sanity check for file name length + +commit bc5b8a9003132ae44559edd63a1623b7b99dfb68 upstream. + +On a corrupted file system the ->len field could be wrong leading to +a buffer overflow. + +Reported-and-acked-by: Clement LECIGNE <clement.lecigne@netasq.com> +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + fs/hfs/trans.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c +index e673a88..b1ce4c7 100644 +--- a/fs/hfs/trans.c ++++ b/fs/hfs/trans.c +@@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in) + + src = in->name; + srclen = in->len; ++ if (srclen > HFS_NAMELEN) ++ srclen = HFS_NAMELEN; + dst = out; + dstlen = HFS_MAX_NAMELEN; + if (nls_io) { +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/kbuild-Add-extra-gcc-checks.patch b/queue/kbuild-Add-extra-gcc-checks.patch new file mode 100644 index 0000000..a81bcb4 --- /dev/null +++ b/queue/kbuild-Add-extra-gcc-checks.patch @@ -0,0 +1,129 @@ +From 5377613abab173fadce5e37bf05d7efeac4aae45 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov <bp@alien8.de> +Date: Tue, 1 Mar 2011 09:35:29 +0100 +Subject: [PATCH] kbuild: Add extra gcc checks + +commit 4a5838ad9d2d4f7354a310982483f4c76aa0abeb upstream. + +Add a 'W=1' Makefile switch which adds additional checking per build +object. + +The idea behind this option is targeted at developers who, in the +process of writing their code, want to do the occasional + +make W=1 [target.o] + +and let gcc do more extensive code checking for them. Then, they +could eyeball the output for valid gcc warnings about various +bugs/discrepancies which are not reported during the normal build +process. + +For more background information and a use case, read through this +thread: http://marc.info/?l=kernel-janitors&m=129802065918147&w=2 + +Cc: Michal Marek <mmarek@suse.cz> +Cc: linux-kbuild@vger.kernel.org +Acked-by: Sam Ravnborg <sam@ravnborg.org> +Acked-by: Ingo Molnar <mingo@elte.hu> +Signed-off-by: Borislav Petkov <bp@alien8.de> +Signed-off-by: Michal Marek <mmarek@suse.cz> +[PG: used for 2.6.34 to better control new compilers on older code] +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + Documentation/kbuild/kbuild.txt | 5 +++++ + Makefile | 5 +++++ + scripts/Makefile.build | 35 ++++++++++++++++++++++++++++++++++- + 3 files changed, 44 insertions(+), 1 deletion(-) + +diff --git a/Documentation/kbuild/kbuild.txt b/Documentation/kbuild/kbuild.txt +index 6f8c1ca..6c35f63 100644 +--- a/Documentation/kbuild/kbuild.txt ++++ b/Documentation/kbuild/kbuild.txt +@@ -162,3 +162,8 @@ For tags/TAGS/cscope targets, you can specify more than one arch + to be included in the databases, separated by blank space. E.g.: + + $ make ALLSOURCE_ARCHS="x86 mips arm" tags ++ ++KBUILD_ENABLE_EXTRA_GCC_CHECKS ++-------------------------------------------------- ++If enabled over the make command line with "W=1", it turns on additional ++gcc -W... options for more extensive build-time checking. +diff --git a/Makefile b/Makefile +index eb9038f..e922e609 100644 +--- a/Makefile ++++ b/Makefile +@@ -102,6 +102,10 @@ ifeq ("$(origin O)", "command line") + KBUILD_OUTPUT := $(O) + endif + ++ifeq ("$(origin W)", "command line") ++ export KBUILD_ENABLE_EXTRA_GCC_CHECKS := 1 ++endif ++ + # That's our default target when none is given on the command line + PHONY := _all + _all: +@@ -1291,6 +1295,7 @@ help: + @echo ' make O=dir [targets] Locate all output files in "dir", including .config' + @echo ' make C=1 [targets] Check all c source with $$CHECK (sparse by default)' + @echo ' make C=2 [targets] Force check of all c source with $$CHECK' ++ @echo ' make W=1 [targets] Enable extra gcc checks' + @echo '' + @echo 'Execute "make" or "make all" to build all targets marked with [*] ' + @echo 'For further info see the ./README file' +diff --git a/scripts/Makefile.build b/scripts/Makefile.build +index 0b94d2f..bd9d518 100644 +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -49,6 +49,40 @@ ifeq ($(KBUILD_NOPEDANTIC),) + $(error CFLAGS was changed in "$(kbuild-file)". Fix it to use EXTRA_CFLAGS) + endif + endif ++ ++# ++# make W=1 settings ++# ++# $(call cc-option... ) handles gcc -W.. options which ++# are not supported by all versions of the compiler ++ifdef KBUILD_ENABLE_EXTRA_GCC_CHECKS ++KBUILD_EXTRA_WARNINGS := -Wextra ++KBUILD_EXTRA_WARNINGS += -Wunused -Wno-unused-parameter ++KBUILD_EXTRA_WARNINGS += -Waggregate-return ++KBUILD_EXTRA_WARNINGS += -Wbad-function-cast ++KBUILD_EXTRA_WARNINGS += -Wcast-qual ++KBUILD_EXTRA_WARNINGS += -Wcast-align ++KBUILD_EXTRA_WARNINGS += -Wconversion ++KBUILD_EXTRA_WARNINGS += -Wdisabled-optimization ++KBUILD_EXTRA_WARNINGS += -Wlogical-op ++KBUILD_EXTRA_WARNINGS += -Wmissing-declarations ++KBUILD_EXTRA_WARNINGS += -Wmissing-format-attribute ++KBUILD_EXTRA_WARNINGS += $(call cc-option, -Wmissing-include-dirs,) ++KBUILD_EXTRA_WARNINGS += -Wmissing-prototypes ++KBUILD_EXTRA_WARNINGS += -Wnested-externs ++KBUILD_EXTRA_WARNINGS += -Wold-style-definition ++KBUILD_EXTRA_WARNINGS += $(call cc-option, -Woverlength-strings,) ++KBUILD_EXTRA_WARNINGS += -Wpacked ++KBUILD_EXTRA_WARNINGS += -Wpacked-bitfield-compat ++KBUILD_EXTRA_WARNINGS += -Wpadded ++KBUILD_EXTRA_WARNINGS += -Wpointer-arith ++KBUILD_EXTRA_WARNINGS += -Wredundant-decls ++KBUILD_EXTRA_WARNINGS += -Wshadow ++KBUILD_EXTRA_WARNINGS += -Wswitch-default ++KBUILD_EXTRA_WARNINGS += $(call cc-option, -Wvla,) ++KBUILD_CFLAGS += $(KBUILD_EXTRA_WARNINGS) ++endif ++ + include scripts/Makefile.lib + + ifdef host-progs +@@ -384,7 +418,6 @@ ifneq ($(cmd_files),) + include $(cmd_files) + endif + +- + # Declare the contents of the .PHONY variable as phony. We keep that + # information in a variable se we can use it in if_changed and friends. + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/kbuild-Disable-Wunused-but-set-variable-for-gcc-4.6..patch b/queue/kbuild-Disable-Wunused-but-set-variable-for-gcc-4.6..patch new file mode 100644 index 0000000..b47cac8 --- /dev/null +++ b/queue/kbuild-Disable-Wunused-but-set-variable-for-gcc-4.6..patch @@ -0,0 +1,52 @@ +From b971ee5dedddf63ba25200e30f589095ad9d43b6 Mon Sep 17 00:00:00 2001 +From: Dave Jones <davej@redhat.com> +Date: Thu, 21 Apr 2011 17:28:13 -0400 +Subject: [PATCH] kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0 + +commit af0e5d565d2fffcd97d1e2d89669d627cc04e8b8 upstream. + +Disable the new -Wunused-but-set-variable that was added in gcc 4.6.0 +It produces more false positives than useful warnings. + +This can still be enabled using W=1 + +Signed-off-by: Dave Jones <davej@redhat.com> +Acked-by: Sam Ravnborg <sam@ravnborg.org> +Tested-by: Sam Ravnborg <sam@ravnborg.org> +Signed-off-by: Michal Marek <mmarek@suse.cz> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + Makefile | 4 ++++ + scripts/Makefile.build | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/Makefile b/Makefile +index 25a8f63..e9fafd0 100644 +--- a/Makefile ++++ b/Makefile +@@ -547,6 +547,10 @@ ifndef CONFIG_CC_STACKPROTECTOR + KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector) + endif + ++# This warning generated too much noise in a regular build. ++# Use make W=1 to enable this warning (see scripts/Makefile.build) ++KBUILD_CFLAGS += $(call cc-option, -Wno-unused-but-set-variable) ++ + ifdef CONFIG_FRAME_POINTER + KBUILD_CFLAGS += -fno-omit-frame-pointer -fno-optimize-sibling-calls + else +diff --git a/scripts/Makefile.build b/scripts/Makefile.build +index f9a413b..4e82824 100644 +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -66,6 +66,7 @@ warning-1 += -Wmissing-format-attribute + warning-1 += -Wmissing-prototypes + warning-1 += -Wold-style-definition + warning-1 += $(call cc-option, -Wmissing-include-dirs) ++warning-1 += $(call cc-option, -Wunused-but-set-variable) + + warning-2 := -Waggregate-return + warning-2 += -Wcast-align +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/kbuild-Fix-passing-Wno-options-to-gcc-4.4.patch b/queue/kbuild-Fix-passing-Wno-options-to-gcc-4.4.patch new file mode 100644 index 0000000..6b25589 --- /dev/null +++ b/queue/kbuild-Fix-passing-Wno-options-to-gcc-4.4.patch @@ -0,0 +1,88 @@ +From 332bc3e882d458d626bc02167f1d2e61b661e584 Mon Sep 17 00:00:00 2001 +From: Michal Marek <mmarek@suse.cz> +Date: Mon, 2 May 2011 12:51:15 +0200 +Subject: [PATCH] kbuild: Fix passing -Wno-* options to gcc 4.4+ + +commit 8417da6f2128008c431c7d130af6cd3d9079922e upstream. + +Starting with 4.4, gcc will happily accept -Wno-<anything> in the +cc-option test and complain later when compiling a file that has some +other warning. This rather unexpected behavior is intentional as per +http://gcc.gnu.org/PR28322, so work around it by testing for support of +the opposite option (without the no-). Introduce a new Makefile function +cc-disable-warning that does this and update two uses of cc-option in +the toplevel Makefile. + +Reported-and-tested-by: Stephen Rothwell <sfr@canb.auug.org.au> +Signed-off-by: Michal Marek <mmarek@suse.cz> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + Documentation/kbuild/makefiles.txt | 12 ++++++++++++ + Makefile | 4 ++-- + scripts/Kbuild.include | 5 +++++ + 3 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/Documentation/kbuild/makefiles.txt b/Documentation/kbuild/makefiles.txt +index 71c602d..ab8689b 100644 +--- a/Documentation/kbuild/makefiles.txt ++++ b/Documentation/kbuild/makefiles.txt +@@ -502,6 +502,18 @@ more details, with real examples. + gcc >= 3.00. For gcc < 3.00, -malign-functions=4 is used. + Note: cc-option-align uses KBUILD_CFLAGS for $(CC) options + ++ cc-disable-warning ++ cc-disable-warning checks if gcc supports a given warning and returns ++ the commandline switch to disable it. This special function is needed, ++ because gcc 4.4 and later accept any unknown -Wno-* option and only ++ warn about it if there is another warning in the source file. ++ ++ Example: ++ KBUILD_CFLAGS += $(call cc-disable-warning, unused-but-set-variable) ++ ++ In the above example, -Wno-unused-but-set-variable will be added to ++ KBUILD_CFLAGS only if gcc really accepts it. ++ + cc-version + cc-version returns a numerical version of the $(CC) compiler version. + The format is <major><minor> where both are two digits. So for example +diff --git a/Makefile b/Makefile +index e9fafd0..92da473 100644 +--- a/Makefile ++++ b/Makefile +@@ -549,7 +549,7 @@ endif + + # This warning generated too much noise in a regular build. + # Use make W=1 to enable this warning (see scripts/Makefile.build) +-KBUILD_CFLAGS += $(call cc-option, -Wno-unused-but-set-variable) ++KBUILD_CFLAGS += $(call cc-disable-warning, unused-but-set-variable) + + ifdef CONFIG_FRAME_POINTER + KBUILD_CFLAGS += -fno-omit-frame-pointer -fno-optimize-sibling-calls +@@ -579,7 +579,7 @@ CHECKFLAGS += $(NOSTDINC_FLAGS) + KBUILD_CFLAGS += $(call cc-option,-Wdeclaration-after-statement,) + + # disable pointer signed / unsigned warnings in gcc 4.0 +-KBUILD_CFLAGS += $(call cc-option,-Wno-pointer-sign,) ++KBUILD_CFLAGS += $(call cc-disable-warning, pointer-sign) + + # disable invalid "can't wrap" optimizations for signed / pointers + KBUILD_CFLAGS += $(call cc-option,-fno-strict-overflow) +diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include +index ed2773e..ba25c44 100644 +--- a/scripts/Kbuild.include ++++ b/scripts/Kbuild.include +@@ -118,6 +118,11 @@ cc-option-yn = $(call try-run,\ + cc-option-align = $(subst -functions=0,,\ + $(call cc-option,-falign-functions=0,-malign-functions=0)) + ++# cc-disable-warning ++# Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable) ++cc-disable-warning = $(call try-run,\ ++ $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) -W$(strip $(1)) -c -xc /dev/null -o "$$TMP",-Wno-$(strip $(1))) ++ + # cc-version + # Usage gcc-ver := $(call cc-version) + cc-version = $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-version.sh $(CC)) +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/kbuild-implement-several-W-levels.patch b/queue/kbuild-implement-several-W-levels.patch new file mode 100644 index 0000000..806397b --- /dev/null +++ b/queue/kbuild-implement-several-W-levels.patch @@ -0,0 +1,160 @@ +From c745b8493459a45102d8046a8c2abc39bfeb836e Mon Sep 17 00:00:00 2001 +From: Sam Ravnborg <sam@ravnborg.org> +Date: Wed, 27 Apr 2011 22:15:27 +0200 +Subject: [PATCH] kbuild: implement several W= levels + +commit 28bc20dccadc610c56e27255aeef2938141a0cd3 upstream. + +Building a kernel with "make W=1" produces far too much noise to be +useful. + +Divide the warning options in three groups: + + W=1 - warnings that may be relevant and does not occur too often + W=2 - warnings that occur quite often but may still be relevant + W=3 - the more obscure warnings, can most likely be ignored + +When building the whole kernel, those levels produce: + +W=1 - 4859 warnings +W=2 - 1394 warnings +W=3 - 86666 warnings + +respectively. Warnings have been counted with Geert's script at + +http://www.kernel.org/pub/linux/kernel/people/geert/linux-log/linux-log-summary.pl + +Many warnings occur from .h files so fixing one file may have a nice +effect on the total number of warnings. + +With these changes I am actually tempted to try W=1 now and then. +Previously there was just too much noise. + +Borislav: + +- make the W= levels exclusive +- move very noisy and making little sense for the kernel warnings to W=3 +- drop -Woverlength-strings due to useless warning message +- copy explanatory text for the different warning levels to 'make help' +- recount warnings per level + +Signed-off-by: Sam Ravnborg <sam@ravnborg.org> +Signed-off-by: Borislav Petkov <bp@alien8.de> +Cc: Dave Jones <davej@redhat.com> +Cc: Geert Uytterhoeven <geert@linux-m68k.org> +Signed-off-by: Michal Marek <mmarek@suse.cz> +[PG: used for 2.6.34 to better control new compilers on older code] +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + Makefile | 8 +++++-- + scripts/Makefile.build | 65 +++++++++++++++++++++++++++++--------------------- + 2 files changed, 44 insertions(+), 29 deletions(-) + +diff --git a/Makefile b/Makefile +index e922e609..25a8f63 100644 +--- a/Makefile ++++ b/Makefile +@@ -103,7 +103,7 @@ ifeq ("$(origin O)", "command line") + endif + + ifeq ("$(origin W)", "command line") +- export KBUILD_ENABLE_EXTRA_GCC_CHECKS := 1 ++ export KBUILD_ENABLE_EXTRA_GCC_CHECKS := $(W) + endif + + # That's our default target when none is given on the command line +@@ -1295,7 +1295,11 @@ help: + @echo ' make O=dir [targets] Locate all output files in "dir", including .config' + @echo ' make C=1 [targets] Check all c source with $$CHECK (sparse by default)' + @echo ' make C=2 [targets] Force check of all c source with $$CHECK' +- @echo ' make W=1 [targets] Enable extra gcc checks' ++ @echo ' make W=n [targets] Enable extra gcc checks, n=1,2,3 where' ++ @echo ' 1: warnings which may be relevant and do not occur too often' ++ @echo ' 2: warnings which occur quite often but may still be relevant' ++ @echo ' 3: more obscure warnings, can most likely be ignored' ++ + @echo '' + @echo 'Execute "make" or "make all" to build all targets marked with [*] ' + @echo 'For further info see the ./README file' +diff --git a/scripts/Makefile.build b/scripts/Makefile.build +index bd9d518..f9a413b 100644 +--- a/scripts/Makefile.build ++++ b/scripts/Makefile.build +@@ -51,36 +51,47 @@ ifeq ($(KBUILD_NOPEDANTIC),) + endif + + # +-# make W=1 settings ++# make W=... settings + # +-# $(call cc-option... ) handles gcc -W.. options which ++# W=1 - warnings that may be relevant and does not occur too often ++# W=2 - warnings that occur quite often but may still be relevant ++# W=3 - the more obscure warnings, can most likely be ignored ++# ++# $(call cc-option, -W...) handles gcc -W.. options which + # are not supported by all versions of the compiler + ifdef KBUILD_ENABLE_EXTRA_GCC_CHECKS +-KBUILD_EXTRA_WARNINGS := -Wextra +-KBUILD_EXTRA_WARNINGS += -Wunused -Wno-unused-parameter +-KBUILD_EXTRA_WARNINGS += -Waggregate-return +-KBUILD_EXTRA_WARNINGS += -Wbad-function-cast +-KBUILD_EXTRA_WARNINGS += -Wcast-qual +-KBUILD_EXTRA_WARNINGS += -Wcast-align +-KBUILD_EXTRA_WARNINGS += -Wconversion +-KBUILD_EXTRA_WARNINGS += -Wdisabled-optimization +-KBUILD_EXTRA_WARNINGS += -Wlogical-op +-KBUILD_EXTRA_WARNINGS += -Wmissing-declarations +-KBUILD_EXTRA_WARNINGS += -Wmissing-format-attribute +-KBUILD_EXTRA_WARNINGS += $(call cc-option, -Wmissing-include-dirs,) +-KBUILD_EXTRA_WARNINGS += -Wmissing-prototypes +-KBUILD_EXTRA_WARNINGS += -Wnested-externs +-KBUILD_EXTRA_WARNINGS += -Wold-style-definition +-KBUILD_EXTRA_WARNINGS += $(call cc-option, -Woverlength-strings,) +-KBUILD_EXTRA_WARNINGS += -Wpacked +-KBUILD_EXTRA_WARNINGS += -Wpacked-bitfield-compat +-KBUILD_EXTRA_WARNINGS += -Wpadded +-KBUILD_EXTRA_WARNINGS += -Wpointer-arith +-KBUILD_EXTRA_WARNINGS += -Wredundant-decls +-KBUILD_EXTRA_WARNINGS += -Wshadow +-KBUILD_EXTRA_WARNINGS += -Wswitch-default +-KBUILD_EXTRA_WARNINGS += $(call cc-option, -Wvla,) +-KBUILD_CFLAGS += $(KBUILD_EXTRA_WARNINGS) ++warning-1 := -Wextra -Wunused -Wno-unused-parameter ++warning-1 += -Wmissing-declarations ++warning-1 += -Wmissing-format-attribute ++warning-1 += -Wmissing-prototypes ++warning-1 += -Wold-style-definition ++warning-1 += $(call cc-option, -Wmissing-include-dirs) ++ ++warning-2 := -Waggregate-return ++warning-2 += -Wcast-align ++warning-2 += -Wdisabled-optimization ++warning-2 += -Wnested-externs ++warning-2 += -Wshadow ++warning-2 += $(call cc-option, -Wlogical-op) ++ ++warning-3 := -Wbad-function-cast ++warning-3 += -Wcast-qual ++warning-3 += -Wconversion ++warning-3 += -Wpacked ++warning-3 += -Wpadded ++warning-3 += -Wpointer-arith ++warning-3 += -Wredundant-decls ++warning-3 += -Wswitch-default ++warning-3 += $(call cc-option, -Wpacked-bitfield-compat) ++warning-3 += $(call cc-option, -Wvla) ++ ++warning := $(warning-$(KBUILD_ENABLE_EXTRA_GCC_CHECKS)) ++ ++ifeq ("$(warning)","") ++ $(error W=$(KBUILD_ENABLE_EXTRA_GCC_CHECKS) is unknown) ++endif ++ ++KBUILD_CFLAGS += $(warning) + endif + + include scripts/Makefile.lib +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/md-raid5-abort-any-pending-parity-operations-when-ar.patch b/queue/md-raid5-abort-any-pending-parity-operations-when-ar.patch new file mode 100644 index 0000000..0474316 --- /dev/null +++ b/queue/md-raid5-abort-any-pending-parity-operations-when-ar.patch @@ -0,0 +1,80 @@ +From 79aef9203882405f08b4f431b91a457890151888 Mon Sep 17 00:00:00 2001 +From: NeilBrown <neilb@suse.de> +Date: Tue, 8 Nov 2011 16:22:01 +1100 +Subject: [PATCH] md/raid5: abort any pending parity operations when array + fails. + +commit 9a3f530f39f4490eaa18b02719fb74ce5f4d2d86 upstream. + +When the number of failed devices exceeds the allowed number +we must abort any active parity operations (checks or updates) as they +are no longer meaningful, and can lead to a BUG_ON in +handle_parity_checks6. + +This bug was introduce by commit 6c0069c0ae9659e3a91b68eaed06a5c6c37f45c8 +in 2.6.29. + +Reported-by: Manish Katiyar <mkatiyar@gmail.com> +Tested-by: Manish Katiyar <mkatiyar@gmail.com> +Acked-by: Dan Williams <dan.j.williams@intel.com> +Signed-off-by: NeilBrown <neilb@suse.de> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +[PG: use 2.6.32.49 backport since raid5.c @ 9a3f530f/v3.2 differs more] +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/md/raid5.c | 32 ++++++++++++++++++++------------ + 1 file changed, 20 insertions(+), 12 deletions(-) + +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index dc3e4fc..2936c3b 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -3040,12 +3040,16 @@ static void handle_stripe5(struct stripe_head *sh) + /* check if the array has lost two devices and, if so, some requests might + * need to be failed + */ +- if (s.failed > 1 && s.to_read+s.to_write+s.written) +- handle_failed_stripe(conf, sh, &s, disks, &return_bi); +- if (s.failed > 1 && s.syncing) { +- md_done_sync(conf->mddev, STRIPE_SECTORS,0); +- clear_bit(STRIPE_SYNCING, &sh->state); +- s.syncing = 0; ++ if (s.failed > 1) { ++ sh->check_state = 0; ++ sh->reconstruct_state = 0; ++ if (s.to_read+s.to_write+s.written) ++ handle_failed_stripe(conf, sh, &s, disks, &return_bi); ++ if (s.syncing) { ++ md_done_sync(conf->mddev, STRIPE_SECTORS,0); ++ clear_bit(STRIPE_SYNCING, &sh->state); ++ s.syncing = 0; ++ } + } + + /* might be able to return some write requests if the parity block +@@ -3323,12 +3327,16 @@ static void handle_stripe6(struct stripe_head *sh) + /* check if the array has lost >2 devices and, if so, some requests + * might need to be failed + */ +- if (s.failed > 2 && s.to_read+s.to_write+s.written) +- handle_failed_stripe(conf, sh, &s, disks, &return_bi); +- if (s.failed > 2 && s.syncing) { +- md_done_sync(conf->mddev, STRIPE_SECTORS,0); +- clear_bit(STRIPE_SYNCING, &sh->state); +- s.syncing = 0; ++ if (s.failed > 2) { ++ sh->check_state = 0; ++ sh->reconstruct_state = 0; ++ if (s.to_read+s.to_write+s.written) ++ handle_failed_stripe(conf, sh, &s, disks, &return_bi); ++ if (s.syncing) { ++ md_done_sync(conf->mddev, STRIPE_SECTORS,0); ++ clear_bit(STRIPE_SYNCING, &sh->state); ++ s.syncing = 0; ++ } + } + + /* +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/media-Remove-the-old-V4L1-v4lgrab.c-file.patch b/queue/media-Remove-the-old-V4L1-v4lgrab.c-file.patch new file mode 100644 index 0000000..8652e8c --- /dev/null +++ b/queue/media-Remove-the-old-V4L1-v4lgrab.c-file.patch @@ -0,0 +1,256 @@ +From c430a63ebc794ca0330359041bc2a8a7371c8917 Mon Sep 17 00:00:00 2001 +From: Mauro Carvalho Chehab <mchehab@redhat.com> +Date: Mon, 27 Dec 2010 08:27:05 -0300 +Subject: [PATCH] [media] Remove the old V4L1 v4lgrab.c file + +commit 55fe25b418640fad04190103274841b2c907bacd upstream. + +This example file uses the old V4L1 API. It also doesn't use libv4l. +So, it is completely obsolete. A good example already exists at +v4l-utils (v4l2grab.c): + http://git.linuxtv.org/v4l-utils.git + +Reviewed-by: Hans Verkuil <hverkuil@xs4all.nl> +Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + Documentation/Makefile | 2 +- + Documentation/video4linux/Makefile | 8 -- + Documentation/video4linux/v4lgrab.c | 201 ------------------------------------ + 3 files changed, 1 insertion(+), 210 deletions(-) + delete mode 100644 Documentation/video4linux/Makefile + delete mode 100644 Documentation/video4linux/v4lgrab.c + +diff --git a/Documentation/Makefile b/Documentation/Makefile +index 6fc7ea1..9b4bc5c 100644 +--- a/Documentation/Makefile ++++ b/Documentation/Makefile +@@ -1,3 +1,3 @@ + obj-m := DocBook/ accounting/ auxdisplay/ connector/ \ + filesystems/ filesystems/configfs/ ia64/ laptops/ networking/ \ +- pcmcia/ spi/ timers/ video4linux/ vm/ watchdog/src/ ++ pcmcia/ spi/ timers/ vm/ watchdog/src/ +diff --git a/Documentation/video4linux/Makefile b/Documentation/video4linux/Makefile +deleted file mode 100644 +index 1ed0e98..0000000 +--- a/Documentation/video4linux/Makefile ++++ /dev/null +@@ -1,8 +0,0 @@ +-# kbuild trick to avoid linker error. Can be omitted if a module is built. +-obj- := dummy.o +- +-# List of programs to build +-hostprogs-y := v4lgrab +- +-# Tell kbuild to always build the programs +-always := $(hostprogs-y) +diff --git a/Documentation/video4linux/v4lgrab.c b/Documentation/video4linux/v4lgrab.c +deleted file mode 100644 +index c8ded17..0000000 +--- a/Documentation/video4linux/v4lgrab.c ++++ /dev/null +@@ -1,201 +0,0 @@ +-/* Simple Video4Linux image grabber. */ +-/* +- * Video4Linux Driver Test/Example Framegrabbing Program +- * +- * Compile with: +- * gcc -s -Wall -Wstrict-prototypes v4lgrab.c -o v4lgrab +- * Use as: +- * v4lgrab >image.ppm +- * +- * Copyright (C) 1998-05-03, Phil Blundell <philb@gnu.org> +- * Copied from http://www.tazenda.demon.co.uk/phil/vgrabber.c +- * with minor modifications (Dave Forrest, drf5n@virginia.edu). +- * +- * +- * For some cameras you may need to pre-load libv4l to perform +- * the necessary decompression, e.g.: +- * +- * export LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so +- * ./v4lgrab >image.ppm +- * +- * see http://hansdegoede.livejournal.com/3636.html for details. +- * +- */ +- +-#include <unistd.h> +-#include <sys/types.h> +-#include <sys/stat.h> +-#include <fcntl.h> +-#include <stdio.h> +-#include <sys/ioctl.h> +-#include <stdlib.h> +- +-#include <linux/types.h> +-#include <linux/videodev.h> +- +-#define VIDEO_DEV "/dev/video0" +- +-/* Stole this from tvset.c */ +- +-#define READ_VIDEO_PIXEL(buf, format, depth, r, g, b) \ +-{ \ +- switch (format) \ +- { \ +- case VIDEO_PALETTE_GREY: \ +- switch (depth) \ +- { \ +- case 4: \ +- case 6: \ +- case 8: \ +- (r) = (g) = (b) = (*buf++ << 8);\ +- break; \ +- \ +- case 16: \ +- (r) = (g) = (b) = \ +- *((unsigned short *) buf); \ +- buf += 2; \ +- break; \ +- } \ +- break; \ +- \ +- \ +- case VIDEO_PALETTE_RGB565: \ +- { \ +- unsigned short tmp = *(unsigned short *)buf; \ +- (r) = tmp&0xF800; \ +- (g) = (tmp<<5)&0xFC00; \ +- (b) = (tmp<<11)&0xF800; \ +- buf += 2; \ +- } \ +- break; \ +- \ +- case VIDEO_PALETTE_RGB555: \ +- (r) = (buf[0]&0xF8)<<8; \ +- (g) = ((buf[0] << 5 | buf[1] >> 3)&0xF8)<<8; \ +- (b) = ((buf[1] << 2 ) & 0xF8)<<8; \ +- buf += 2; \ +- break; \ +- \ +- case VIDEO_PALETTE_RGB24: \ +- (r) = buf[0] << 8; (g) = buf[1] << 8; \ +- (b) = buf[2] << 8; \ +- buf += 3; \ +- break; \ +- \ +- default: \ +- fprintf(stderr, \ +- "Format %d not yet supported\n", \ +- format); \ +- } \ +-} +- +-static int get_brightness_adj(unsigned char *image, long size, int *brightness) { +- long i, tot = 0; +- for (i=0;i<size*3;i++) +- tot += image[i]; +- *brightness = (128 - tot/(size*3))/3; +- return !((tot/(size*3)) >= 126 && (tot/(size*3)) <= 130); +-} +- +-int main(int argc, char ** argv) +-{ +- int fd = open(VIDEO_DEV, O_RDONLY), f; +- struct video_capability cap; +- struct video_window win; +- struct video_picture vpic; +- +- unsigned char *buffer, *src; +- int bpp = 24, r = 0, g = 0, b = 0; +- unsigned int i, src_depth = 16; +- +- if (fd < 0) { +- perror(VIDEO_DEV); +- exit(1); +- } +- +- if (ioctl(fd, VIDIOCGCAP, &cap) < 0) { +- perror("VIDIOGCAP"); +- fprintf(stderr, "(" VIDEO_DEV " not a video4linux device?)\n"); +- close(fd); +- exit(1); +- } +- +- if (ioctl(fd, VIDIOCGWIN, &win) < 0) { +- perror("VIDIOCGWIN"); +- close(fd); +- exit(1); +- } +- +- if (ioctl(fd, VIDIOCGPICT, &vpic) < 0) { +- perror("VIDIOCGPICT"); +- close(fd); +- exit(1); +- } +- +- if (cap.type & VID_TYPE_MONOCHROME) { +- vpic.depth=8; +- vpic.palette=VIDEO_PALETTE_GREY; /* 8bit grey */ +- if(ioctl(fd, VIDIOCSPICT, &vpic) < 0) { +- vpic.depth=6; +- if(ioctl(fd, VIDIOCSPICT, &vpic) < 0) { +- vpic.depth=4; +- if(ioctl(fd, VIDIOCSPICT, &vpic) < 0) { +- fprintf(stderr, "Unable to find a supported capture format.\n"); +- close(fd); +- exit(1); +- } +- } +- } +- } else { +- vpic.depth=24; +- vpic.palette=VIDEO_PALETTE_RGB24; +- +- if(ioctl(fd, VIDIOCSPICT, &vpic) < 0) { +- vpic.palette=VIDEO_PALETTE_RGB565; +- vpic.depth=16; +- +- if(ioctl(fd, VIDIOCSPICT, &vpic)==-1) { +- vpic.palette=VIDEO_PALETTE_RGB555; +- vpic.depth=15; +- +- if(ioctl(fd, VIDIOCSPICT, &vpic)==-1) { +- fprintf(stderr, "Unable to find a supported capture format.\n"); +- return -1; +- } +- } +- } +- } +- +- buffer = malloc(win.width * win.height * bpp); +- if (!buffer) { +- fprintf(stderr, "Out of memory.\n"); +- exit(1); +- } +- +- do { +- int newbright; +- read(fd, buffer, win.width * win.height * bpp); +- f = get_brightness_adj(buffer, win.width * win.height, &newbright); +- if (f) { +- vpic.brightness += (newbright << 8); +- if(ioctl(fd, VIDIOCSPICT, &vpic)==-1) { +- perror("VIDIOSPICT"); +- break; +- } +- } +- } while (f); +- +- fprintf(stdout, "P6\n%d %d 255\n", win.width, win.height); +- +- src = buffer; +- +- for (i = 0; i < win.width * win.height; i++) { +- READ_VIDEO_PIXEL(src, vpic.palette, src_depth, r, g, b); +- fputc(r>>8, stdout); +- fputc(g>>8, stdout); +- fputc(b>>8, stdout); +- } +- +- close(fd); +- return 0; +-} +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/mm-avoid-null-pointer-access-in-vm_struct-via-proc-v.patch b/queue/mm-avoid-null-pointer-access-in-vm_struct-via-proc-v.patch new file mode 100644 index 0000000..773090f --- /dev/null +++ b/queue/mm-avoid-null-pointer-access-in-vm_struct-via-proc-v.patch @@ -0,0 +1,176 @@ +From 9eda19c3743393a146d1cb89706f26d291757826 Mon Sep 17 00:00:00 2001 +From: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com> +Date: Mon, 31 Oct 2011 17:08:13 -0700 +Subject: [PATCH] mm: avoid null pointer access in vm_struct via + /proc/vmallocinfo + +commit f5252e009d5b87071a919221e4f6624184005368 upstream. + +The /proc/vmallocinfo shows information about vmalloc allocations in +vmlist that is a linklist of vm_struct. It, however, may access pages +field of vm_struct where a page was not allocated. This results in a null +pointer access and leads to a kernel panic. + +Why this happens: In __vmalloc_node_range() called from vmalloc(), newly +allocated vm_struct is added to vmlist at __get_vm_area_node() and then, +some fields of vm_struct such as nr_pages and pages are set at +__vmalloc_area_node(). In other words, it is added to vmlist before it is +fully initialized. At the same time, when the /proc/vmallocinfo is read, +it accesses the pages field of vm_struct according to the nr_pages field +at show_numa_info(). Thus, a null pointer access happens. + +The patch adds the newly allocated vm_struct to the vmlist *after* it is +fully initialized. So, it can avoid accessing the pages field with +unallocated page when show_numa_info() is called. + +Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com> +Cc: Andrew Morton <akpm@linux-foundation.org> +Cc: David Rientjes <rientjes@google.com> +Cc: Namhyung Kim <namhyung@gmail.com> +Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com> +Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> +Signed-off-by: Andrew Morton <akpm@linux-foundation.org> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +[PG: .34 has VMALLOC_START/END vs. start/end in f5252e009d5] +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + include/linux/vmalloc.h | 1 + + mm/vmalloc.c | 66 ++++++++++++++++++++++++++++++++++++------------- + 2 files changed, 50 insertions(+), 17 deletions(-) + +diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h +index 227c2a5..346df02 100644 +--- a/include/linux/vmalloc.h ++++ b/include/linux/vmalloc.h +@@ -13,6 +13,7 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ + #define VM_MAP 0x00000004 /* vmap()ed pages */ + #define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */ + #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */ ++#define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */ + /* bits [20..32] reserved for arch specific ioremap internals */ + + /* +diff --git a/mm/vmalloc.c b/mm/vmalloc.c +index d44abdd..3843789 100644 +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -1204,18 +1204,22 @@ EXPORT_SYMBOL_GPL(map_vm_area); + DEFINE_RWLOCK(vmlist_lock); + struct vm_struct *vmlist; + +-static void insert_vmalloc_vm(struct vm_struct *vm, struct vmap_area *va, ++static void setup_vmalloc_vm(struct vm_struct *vm, struct vmap_area *va, + unsigned long flags, void *caller) + { +- struct vm_struct *tmp, **p; +- + vm->flags = flags; + vm->addr = (void *)va->va_start; + vm->size = va->va_end - va->va_start; + vm->caller = caller; + va->private = vm; + va->flags |= VM_VM_AREA; ++} ++ ++static void insert_vmalloc_vmlist(struct vm_struct *vm) ++{ ++ struct vm_struct *tmp, **p; + ++ vm->flags &= ~VM_UNLIST; + write_lock(&vmlist_lock); + for (p = &vmlist; (tmp = *p) != NULL; p = &tmp->next) { + if (tmp->addr >= vm->addr) +@@ -1226,6 +1230,13 @@ static void insert_vmalloc_vm(struct vm_struct *vm, struct vmap_area *va, + write_unlock(&vmlist_lock); + } + ++static void insert_vmalloc_vm(struct vm_struct *vm, struct vmap_area *va, ++ unsigned long flags, void *caller) ++{ ++ setup_vmalloc_vm(vm, va, flags, caller); ++ insert_vmalloc_vmlist(vm); ++} ++ + static struct vm_struct *__get_vm_area_node(unsigned long size, + unsigned long align, unsigned long flags, unsigned long start, + unsigned long end, int node, gfp_t gfp_mask, void *caller) +@@ -1264,7 +1275,18 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, + return NULL; + } + +- insert_vmalloc_vm(area, va, flags, caller); ++ /* ++ * When this function is called from __vmalloc_node_range, ++ * we do not add vm_struct to vmlist here to avoid ++ * accessing uninitialized members of vm_struct such as ++ * pages and nr_pages fields. They will be set later. ++ * To distinguish it from others, we use a VM_UNLIST flag. ++ */ ++ if (flags & VM_UNLIST) ++ setup_vmalloc_vm(area, va, flags, caller); ++ else ++ insert_vmalloc_vm(area, va, flags, caller); ++ + return area; + } + +@@ -1339,17 +1361,20 @@ struct vm_struct *remove_vm_area(const void *addr) + va = find_vmap_area((unsigned long)addr); + if (va && va->flags & VM_VM_AREA) { + struct vm_struct *vm = va->private; +- struct vm_struct *tmp, **p; +- /* +- * remove from list and disallow access to this vm_struct +- * before unmap. (address range confliction is maintained by +- * vmap.) +- */ +- write_lock(&vmlist_lock); +- for (p = &vmlist; (tmp = *p) != vm; p = &tmp->next) +- ; +- *p = tmp->next; +- write_unlock(&vmlist_lock); ++ ++ if (!(vm->flags & VM_UNLIST)) { ++ struct vm_struct *tmp, **p; ++ /* ++ * remove from list and disallow access to ++ * this vm_struct before unmap. (address range ++ * confliction is maintained by vmap.) ++ */ ++ write_lock(&vmlist_lock); ++ for (p = &vmlist; (tmp = *p) != vm; p = &tmp->next) ++ ; ++ *p = tmp->next; ++ write_unlock(&vmlist_lock); ++ } + + vmap_debug_free_range(va->va_start, va->va_end); + free_unmap_vmap_area(va); +@@ -1568,8 +1593,9 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, + if (!size || (size >> PAGE_SHIFT) > totalram_pages) + return NULL; + +- area = __get_vm_area_node(size, align, VM_ALLOC, VMALLOC_START, +- VMALLOC_END, node, gfp_mask, caller); ++ area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, ++ VMALLOC_START, VMALLOC_END, node, ++ gfp_mask, caller); + + if (!area) + return NULL; +@@ -1577,6 +1603,12 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, + addr = __vmalloc_area_node(area, gfp_mask, prot, node, caller); + + /* ++ * In this function, newly allocated vm_struct is not added ++ * to vmlist at __get_vm_area_node(). so, it is added here. ++ */ ++ insert_vmalloc_vmlist(area); ++ ++ /* + * A ref_count = 3 is needed because the vm_struct and vmap_area + * structures allocated in the __get_vm_area_node() function contain + * references to the virtual address of the vmalloc'ed block. +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/mtd-mtdchar-add-missing-initializer-on-raw-write.patch b/queue/mtd-mtdchar-add-missing-initializer-on-raw-write.patch new file mode 100644 index 0000000..714af3a --- /dev/null +++ b/queue/mtd-mtdchar-add-missing-initializer-on-raw-write.patch @@ -0,0 +1,37 @@ +From 91d4a9f375089a62cc04f29b7acf6281bed2de0b Mon Sep 17 00:00:00 2001 +From: Peter Wippich <pewi@gw-instruments.de> +Date: Mon, 6 Jun 2011 15:50:58 +0200 +Subject: [PATCH] mtd: mtdchar: add missing initializer on raw write + +commit bf5140817b2d65faac9b32fc9057a097044ac35b upstream. + +On writes in MODE_RAW the mtd_oob_ops struct is not sufficiently +initialized which may cause nandwrite to fail. With this patch +it is possible to write raw nand/oob data without additional ECC +(either for testing or when some sectors need different oob layout +e.g. bootloader) like +nandwrite -n -r -o /dev/mtd0 <myfile> + +Signed-off-by: Peter Wippich <pewi@gw-instruments.de> +Tested-by: Ricard Wanderlof <ricardw@axis.com> +Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/mtd/mtdchar.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c +index 5b081cb..726a1b8 100644 +--- a/drivers/mtd/mtdchar.c ++++ b/drivers/mtd/mtdchar.c +@@ -290,6 +290,7 @@ static ssize_t mtd_write(struct file *file, const char __user *buf, size_t count + ops.mode = MTD_OOB_RAW; + ops.datbuf = kbuf; + ops.oobbuf = NULL; ++ ops.ooboffs = 0; + ops.len = len; + + ret = mtd->write_oob(mtd, *ppos, &ops); +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/netlink-validate-NLA_MSECS-length.patch b/queue/netlink-validate-NLA_MSECS-length.patch new file mode 100644 index 0000000..35d3214 --- /dev/null +++ b/queue/netlink-validate-NLA_MSECS-length.patch @@ -0,0 +1,45 @@ +From 6674f180c152fac043a91c541acf37321b80763c Mon Sep 17 00:00:00 2001 +From: Johannes Berg <johannes.berg@intel.com> +Date: Thu, 3 Nov 2011 00:07:32 +0000 +Subject: [PATCH] netlink: validate NLA_MSECS length + +commit c30bc94758ae2a38a5eb31767c1985c0aae0950b upstream. + +L2TP for example uses NLA_MSECS like this: +policy: + [L2TP_ATTR_RECV_TIMEOUT] = { .type = NLA_MSECS, }, +code: + if (info->attrs[L2TP_ATTR_RECV_TIMEOUT]) + cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]); + +As nla_get_msecs() is essentially nla_get_u64() plus the +conversion to a HZ-based value, this will not properly +reject attributes from userspace that aren't long enough +and might overrun the message. + +Add NLA_MSECS to the attribute minlen array to check the +size properly. + +Cc: Thomas Graf <tgraf@suug.ch> +Signed-off-by: Johannes Berg <johannes.berg@intel.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + lib/nlattr.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/nlattr.c b/lib/nlattr.c +index c4706eb..109d4fe 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -20,6 +20,7 @@ static u16 nla_attr_minlen[NLA_TYPE_MAX+1] __read_mostly = { + [NLA_U16] = sizeof(u16), + [NLA_U32] = sizeof(u32), + [NLA_U64] = sizeof(u64), ++ [NLA_MSECS] = sizeof(u64), + [NLA_NESTED] = NLA_HDRLEN, + }; + +-- +1.7.12.rc1.1.gbce1580 + diff --git a/queue/series b/queue/series index bd920e5..70ca465 100644 --- a/queue/series +++ b/queue/series @@ -62,6 +62,7 @@ HID-usbhid-Add-support-for-SiGma-Micro-chip.patch hwmon-w83627ehf-Properly-report-thermal-diode-sensor.patch x25-Prevent-skb-overreads-when-checking-call-user-da.patch staging-quatech_usb2-Potential-lost-wakeup-scenario-.patch +# 32.47 USB-qcserial-add-device-ID-for-HP-un2430-Mobile-Broa.patch xhci-mem.c-Check-for-ring-first_seg-NULL.patch ipr-Always-initiate-hard-reset-in-kdump-kernel.patch @@ -106,9 +107,11 @@ drivers-net-rionet.c-fix-ethernet-address-macros-for.patch ext2-ext3-ext4-don-t-inherit-APPEND_FL-or-IMMUTABLE_.patch USB-Serial-Add-device-ID-for-Sierra-Wireless-MC8305.patch USB-Serial-Add-PID-0xF7C0-to-FTDI-SIO-driver-for-a-z.patch + #misc ACPI-AC-prevent-OOPS-on-some-boxes-due-to-missing-ch.patch +#leapsecond ntp-Fix-leap-second-hrtimer-livelock.patch ntp-Correct-TAI-offset-during-leap-second.patch timekeeping-Fix-CLOCK_MONOTONIC-inconsistency-during.patch @@ -120,3 +123,26 @@ hrtimers-Move-lock-held-region-in-hrtimer_interrupt.patch timekeeping-Provide-hrtimer-update-function.patch hrtimer-Update-hrtimer-base-offsets-each-hrtimer_int.patch timekeeping-Add-missing-update-call-in-timekeeping_r.patch + +# 32.49 (32.48 was just reverts) +SCSI-st-fix-race-in-st_scsi_execute_end.patch +SCSI-Make-scsi_free_queue-kill-pending-SCSI-commands.patch +NFS-sunrpc-don-t-use-a-credential-with-extra-groups.patch +netlink-validate-NLA_MSECS-length.patch +mtd-mtdchar-add-missing-initializer-on-raw-write.patch +PM-Suspend-Off-by-one-in-pm_suspend.patch +hfs-add-sanity-check-for-file-name-length.patch +kbuild-Add-extra-gcc-checks.patch +kbuild-implement-several-W-levels.patch +kbuild-Disable-Wunused-but-set-variable-for-gcc-4.6..patch +md-raid5-abort-any-pending-parity-operations-when-ar.patch +media-Remove-the-old-V4L1-v4lgrab.c-file.patch +drm-i915-Sanity-check-pread-pwrite.patch +drm-i915-Rephrase-pwrite-bounds-checking-to-avoid-an.patch +mm-avoid-null-pointer-access-in-vm_struct-via-proc-v.patch +kbuild-Fix-passing-Wno-options-to-gcc-4.4.patch +USB-serial-pl2303-rm-duplicate-id.patch +USB-Fix-Corruption-issue-in-USB-ftdi-driver-ftdi_sio.patch +usb-storage-Accept-8020i-protocol-commands-longer-th.patch +USB-add-quirk-for-Logitech-C600-web-cam.patch +USB-quirks-adding-more-quirky-webcams-to-avoid-squea.patch diff --git a/queue/usb-storage-Accept-8020i-protocol-commands-longer-th.patch b/queue/usb-storage-Accept-8020i-protocol-commands-longer-th.patch new file mode 100644 index 0000000..335db9d --- /dev/null +++ b/queue/usb-storage-Accept-8020i-protocol-commands-longer-th.patch @@ -0,0 +1,58 @@ +From c162d6a14000948569c70d1e2843a3aa4c5ecf5c Mon Sep 17 00:00:00 2001 +From: Alan Stern <stern@rowland.harvard.edu> +Date: Tue, 25 Oct 2011 10:50:58 -0400 +Subject: [PATCH] usb-storage: Accept 8020i-protocol commands longer than 12 + bytes + +commit 2f640bf4c94324aeaa1b6385c10aab8c5ad1e1cf upstream. + +The 8020i protocol (also 8070i and QIC-157) uses 12-byte commands; +shorter commands must be padded. Simon Detheridge reports that his +3-TB USB disk drive claims to use the 8020i protocol (which is +normally meant for ATAPI devices like CD drives), and because of its +large size, the disk drive requires the use of 16-byte commands. +However the usb_stor_pad12_command() routine in usb-storage always +sets the command length to 12, making the drive impossible to use. + +Since the SFF-8020i specification allows for 16-byte commands in +future extensions, we may as well accept them. This patch (as1490) +changes usb_stor_pad12_command() to leave commands larger than 12 +bytes alone rather than truncating them. + +Signed-off-by: Alan Stern <stern@rowland.harvard.edu> +Tested-by: Simon Detheridge <simon@widgit.com> +CC: Matthew Dharm <mdharm-usb@one-eyed-alien.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> +--- + drivers/usb/storage/protocol.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/drivers/usb/storage/protocol.c b/drivers/usb/storage/protocol.c +index fc310f7..0fded39 100644 +--- a/drivers/usb/storage/protocol.c ++++ b/drivers/usb/storage/protocol.c +@@ -58,7 +58,9 @@ + + void usb_stor_pad12_command(struct scsi_cmnd *srb, struct us_data *us) + { +- /* Pad the SCSI command with zeros out to 12 bytes ++ /* ++ * Pad the SCSI command with zeros out to 12 bytes. If the ++ * command already is 12 bytes or longer, leave it alone. + * + * NOTE: This only works because a scsi_cmnd struct field contains + * a unsigned char cmnd[16], so we know we have storage available +@@ -66,9 +68,6 @@ void usb_stor_pad12_command(struct scsi_cmnd *srb, struct us_data *us) + for (; srb->cmd_len<12; srb->cmd_len++) + srb->cmnd[srb->cmd_len] = 0; + +- /* set command length to 12 bytes */ +- srb->cmd_len = 12; +- + /* send the command to the transport layer */ + usb_stor_invoke_transport(srb, us); + } +-- +1.7.12.rc1.1.gbce1580 + |