diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-09-28 13:11:36 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-09-28 13:11:36 -0700 |
commit | a273c194dd4d35179ac0ce4e90f7a90d185fd156 (patch) | |
tree | 898ff8d14b61ff7f528fe99b380f4459fb4b7a2a | |
parent | e9fe504245d41a45222cf6876288de30625eb99a (diff) | |
download | longterm-queue-2.6.32-a273c194dd4d35179ac0ce4e90f7a90d185fd156.tar.gz |
.32 patches
6 files changed, 201 insertions, 0 deletions
diff --git a/queue-2.6.32/3w-9xxx-fix-iommu_iova-leak.patch b/queue-2.6.32/3w-9xxx-fix-iommu_iova-leak.patch new file mode 100644 index 0000000..64b6635 --- /dev/null +++ b/queue-2.6.32/3w-9xxx-fix-iommu_iova-leak.patch @@ -0,0 +1,40 @@ +From 96067723e46b0dd24ae7b934085ab4eff4d26a1b Mon Sep 17 00:00:00 2001 +From: James Bottomley <JBottomley@Parallels.com> +Date: Sun, 18 Sep 2011 18:56:20 +0400 +Subject: [SCSI] 3w-9xxx: fix iommu_iova leak + +From: James Bottomley <JBottomley@Parallels.com> + +commit 96067723e46b0dd24ae7b934085ab4eff4d26a1b upstream. + +Following reports on the list, it looks like the 3e-9xxx driver will leak dma +mappings every time we get a transient queueing error back from the card. +This is because it maps the sg list in the routine that sends the command, but +doesn't unmap again in the transient failure path (even though the command is +sent back to the block layer). Fix by unmapping before returning the status. + +Reported-by: Chris Boot <bootc@bootc.net> +Tested-by: Chris Boot <bootc@bootc.net> +Acked-by: Adam Radford <aradford@gmail.com> +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/scsi/3w-9xxx.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/scsi/3w-9xxx.c ++++ b/drivers/scsi/3w-9xxx.c +@@ -1786,10 +1786,12 @@ static int twa_scsi_queue(struct scsi_cm + switch (retval) { + case SCSI_MLQUEUE_HOST_BUSY: + twa_free_request_id(tw_dev, request_id); ++ twa_unmap_scsi_data(tw_dev, request_id); + break; + case 1: + tw_dev->state[request_id] = TW_S_COMPLETED; + twa_free_request_id(tw_dev, request_id); ++ twa_unmap_scsi_data(tw_dev, request_id); + SCpnt->result = (DID_ERROR << 16); + done(SCpnt); + retval = 0; diff --git a/queue-2.6.32/aacraid-reset-should-disable-msi-interrupt.patch b/queue-2.6.32/aacraid-reset-should-disable-msi-interrupt.patch new file mode 100644 index 0000000..5a651dd --- /dev/null +++ b/queue-2.6.32/aacraid-reset-should-disable-msi-interrupt.patch @@ -0,0 +1,37 @@ +From d0efab26f89506387a1bde898556660e06d7eb15 Mon Sep 17 00:00:00 2001 +From: Vasily Averin <vvs@parallels.com> +Date: Fri, 2 Sep 2011 19:31:46 +0400 +Subject: [SCSI] aacraid: reset should disable MSI interrupt + +From: Vasily Averin <vvs@parallels.com> + +commit d0efab26f89506387a1bde898556660e06d7eb15 upstream. + +scsi reset on hardware with enabled MSI interrupts generates WARNING message + +[11027.798722] aacraid: Host adapter abort request (0,0,0,0) +[11027.798814] aacraid: Host adapter reset request. SCSI hang ? +[11087.762237] aacraid: SCSI bus appears hung +[11135.082543] ------------[ cut here ]------------ +[11135.082646] WARNING: at drivers/pci/msi.c:658 pci_enable_msi_block+0x251/0x290() + +Signed-off-by: Vasily Averin <vvs@sw.ru> +Acked-by: Mark Salyzyn <mark_salyzyn@us.xyratex.com> +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/scsi/aacraid/commsup.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/scsi/aacraid/commsup.c ++++ b/drivers/scsi/aacraid/commsup.c +@@ -1202,6 +1202,8 @@ static int _aac_reset_adapter(struct aac + kfree(aac->queues); + aac->queues = NULL; + free_irq(aac->pdev->irq, aac); ++ if (aac->msi) ++ pci_disable_msi(aac->pdev); + kfree(aac->fsa_dev); + aac->fsa_dev = NULL; + quirks = aac_get_driver_ident(index)->quirks; diff --git a/queue-2.6.32/cfg80211-fix-validation-of-akm-suites.patch b/queue-2.6.32/cfg80211-fix-validation-of-akm-suites.patch new file mode 100644 index 0000000..abefddc --- /dev/null +++ b/queue-2.6.32/cfg80211-fix-validation-of-akm-suites.patch @@ -0,0 +1,43 @@ +From 1b9ca0272ffae212e726380f66777b30a56ed7a5 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Wed, 21 Sep 2011 16:13:07 +0300 +Subject: cfg80211: Fix validation of AKM suites + +From: Jouni Malinen <jouni@qca.qualcomm.com> + +commit 1b9ca0272ffae212e726380f66777b30a56ed7a5 upstream. + +Incorrect variable was used in validating the akm_suites array from +NL80211_ATTR_AKM_SUITES. In addition, there was no explicit +validation of the array length (we only have room for +NL80211_MAX_NR_AKM_SUITES). + +This can result in a buffer write overflow for stack variables with +arbitrary data from user space. The nl80211 commands using the affected +functionality require GENL_ADMIN_PERM, so this is only exposed to admin +users. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +Signed-off-by: John W. Linville <linville@tuxdriver.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + net/wireless/nl80211.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -3364,9 +3364,12 @@ static int nl80211_crypto_settings(struc + if (len % sizeof(u32)) + return -EINVAL; + ++ if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) ++ return -EINVAL; ++ + memcpy(settings->akm_suites, data, len); + +- for (i = 0; i < settings->n_ciphers_pairwise; i++) ++ for (i = 0; i < settings->n_akm_suites; i++) + if (!nl80211_valid_akm_suite(settings->akm_suites[i])) + return -EINVAL; + } diff --git a/queue-2.6.32/libsas-fix-failure-to-revalidate-domain-for-anything-but-the-first-expander-child.patch b/queue-2.6.32/libsas-fix-failure-to-revalidate-domain-for-anything-but-the-first-expander-child.patch new file mode 100644 index 0000000..a8dae83 --- /dev/null +++ b/queue-2.6.32/libsas-fix-failure-to-revalidate-domain-for-anything-but-the-first-expander-child.patch @@ -0,0 +1,43 @@ +From 24926dadc41cc566e974022b0e66231b82c6375f Mon Sep 17 00:00:00 2001 +From: Mark Salyzyn <mark_salyzyn@us.xyratex.com> +Date: Thu, 1 Sep 2011 06:11:17 -0700 +Subject: [SCSI] libsas: fix failure to revalidate domain for anything but the first expander child. + +From: Mark Salyzyn <mark_salyzyn@us.xyratex.com> + +commit 24926dadc41cc566e974022b0e66231b82c6375f upstream. + +In an enclosure model where there are chaining expanders to a large body +of storage, it was discovered that libsas, responding to a broadcast +event change, would only revalidate the domain of first child expander +in the list. + +The issue is that the pointer value to the discovered source device was +used to break out of the loop, rather than the content of the pointer. + +This still remains non-compliant as the revalidate domain code is +supposed to loop through all child expanders, and not stop at the first +one it finds that reports a change count. However, the design of this +routine does not allow multiple device discoveries and that would be a +more complicated set of patches reserved for another day. We are fixing +the glaring bug rather than refactoring the code. + +Signed-off-by: Mark Salyzyn <msalyzyn@us.xyratex.com> +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/scsi/libsas/sas_expander.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/libsas/sas_expander.c ++++ b/drivers/scsi/libsas/sas_expander.c +@@ -1712,7 +1712,7 @@ static int sas_find_bcast_dev(struct dom + list_for_each_entry(ch, &ex->children, siblings) { + if (ch->dev_type == EDGE_DEV || ch->dev_type == FANOUT_DEV) { + res = sas_find_bcast_dev(ch, src_dev); +- if (src_dev) ++ if (*src_dev) + return res; + } + } diff --git a/queue-2.6.32/series b/queue-2.6.32/series index 68647ef..e2f1abd 100644 --- a/queue-2.6.32/series +++ b/queue-2.6.32/series @@ -37,3 +37,8 @@ tpm-zero-buffer-after-copying-to-userspace.patch libiscsi_tcp-fix-lld-data-allocation.patch cnic-improve-netdev_up-event-handling.patch alsa-hda-realtek-avoid-bogus-hp-pin-assignment.patch +3w-9xxx-fix-iommu_iova-leak.patch +aacraid-reset-should-disable-msi-interrupt.patch +libsas-fix-failure-to-revalidate-domain-for-anything-but-the-first-expander-child.patch +cfg80211-fix-validation-of-akm-suites.patch +splice-direct_splice_actor-should-not-use-pos-in-sd.patch diff --git a/queue-2.6.32/splice-direct_splice_actor-should-not-use-pos-in-sd.patch b/queue-2.6.32/splice-direct_splice_actor-should-not-use-pos-in-sd.patch new file mode 100644 index 0000000..c465cca --- /dev/null +++ b/queue-2.6.32/splice-direct_splice_actor-should-not-use-pos-in-sd.patch @@ -0,0 +1,33 @@ +From 2cb4b05e7647891b46b91c07c9a60304803d1688 Mon Sep 17 00:00:00 2001 +From: Changli Gao <xiaosuo@gmail.com> +Date: Tue, 29 Jun 2010 13:09:18 +0200 +Subject: splice: direct_splice_actor() should not use pos in sd + +From: Changli Gao <xiaosuo@gmail.com> + +commit 2cb4b05e7647891b46b91c07c9a60304803d1688 upstream. + +direct_splice_actor() shouldn't use sd->pos, as sd->pos is for file reading, +file->f_pos should be used instead. + +Signed-off-by: Changli Gao <xiaosuo@gmail.com> +Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> +Signed-off-by: Jens Axboe <jaxboe@fusionio.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + fs/splice.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/splice.c ++++ b/fs/splice.c +@@ -1221,7 +1221,8 @@ static int direct_splice_actor(struct pi + { + struct file *file = sd->u.file; + +- return do_splice_from(pipe, file, &sd->pos, sd->total_len, sd->flags); ++ return do_splice_from(pipe, file, &file->f_pos, sd->total_len, ++ sd->flags); + } + + /** |