3.4-stable patches

added patches:
	bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch
	tile-expect-new-initramfs-name-from-hypervisor-file-system.patch

diff --git a/queue-3.4/bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch b/queue-3.4/bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch
new file mode 100644 (file)
index 0000000..546b741
--- /dev/null
+++ b/queue-3.4/bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch
@@ -0,0 +1,96 @@
+From eb20ff9c91ddcb2d55c1849a87d3db85af5e88a9 Mon Sep 17 00:00:00 2001
+From: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
+Date: Wed, 13 Mar 2013 19:46:20 -0300
+Subject: Bluetooth: Fix not closing SCO sockets in the BT_CONNECT2 state
+
+From: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
+
+commit eb20ff9c91ddcb2d55c1849a87d3db85af5e88a9 upstream.
+
+With deferred setup for SCO, it is possible that userspace closes the
+socket when it is in the BT_CONNECT2 state, after the Connect Request is
+received but before the Accept Synchonous Connection is sent.
+
+If this happens the following crash was observed, when the connection is
+terminated:
+
+[  +0.000003] hci_sync_conn_complete_evt: hci0 status 0x10
+[  +0.000005] sco_connect_cfm: hcon ffff88003d1bd800 bdaddr 40:98:4e:32:d7:39 status 16
+[  +0.000003] sco_conn_del: hcon ffff88003d1bd800 conn ffff88003cc8e300, err 110
+[  +0.000015] BUG: unable to handle kernel NULL pointer dereference at 0000000000000199
+[  +0.000906] IP: [<ffffffff810620dd>] __lock_acquire+0xed/0xe82
+[  +0.000000] PGD 3d21f067 PUD 3d291067 PMD 0
+[  +0.000000] Oops: 0002 [#1] SMP
+[  +0.000000] Modules linked in: rfcomm bnep btusb bluetooth
+[  +0.000000] CPU 0
+[  +0.000000] Pid: 1481, comm: kworker/u:2H Not tainted 3.9.0-rc1-25019-gad82cdd #1 Bochs Bochs
+[  +0.000000] RIP: 0010:[<ffffffff810620dd>]  [<ffffffff810620dd>] __lock_acquire+0xed/0xe82
+[  +0.000000] RSP: 0018:ffff88003c3c19d8  EFLAGS: 00010002
+[  +0.000000] RAX: 0000000000000001 RBX: 0000000000000246 RCX: 0000000000000000
+[  +0.000000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88003d1be868
+[  +0.000000] RBP: ffff88003c3c1a98 R08: 0000000000000002 R09: 0000000000000000
+[  +0.000000] R10: ffff88003d1be868 R11: ffff88003e20b000 R12: 0000000000000002
+[  +0.000000] R13: ffff88003aaa8000 R14: 000000000000006e R15: ffff88003d1be850
+[  +0.000000] FS:  0000000000000000(0000) GS:ffff88003e200000(0000) knlGS:0000000000000000
+[  +0.000000] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+[  +0.000000] CR2: 0000000000000199 CR3: 000000003c1cb000 CR4: 00000000000006b0
+[  +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[  +0.000000] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+[  +0.000000] Process kworker/u:2H (pid: 1481, threadinfo ffff88003c3c0000, task ffff88003aaa8000)
+[  +0.000000] Stack:
+[  +0.000000]  ffffffff81b16342 0000000000000000 0000000000000000 ffff88003d1be868
+[  +0.000000]  ffffffff00000000 00018c0c7863e367 000000003c3c1a28 ffffffff8101efbd
+[  +0.000000]  0000000000000000 ffff88003e3d2400 ffff88003c3c1a38 ffffffff81007c7a
+[  +0.000000] Call Trace:
+[  +0.000000]  [<ffffffff8101efbd>] ? kvm_clock_read+0x34/0x3b
+[  +0.000000]  [<ffffffff81007c7a>] ? paravirt_sched_clock+0x9/0xd
+[  +0.000000]  [<ffffffff81007fd4>] ? sched_clock+0x9/0xb
+[  +0.000000]  [<ffffffff8104fd7a>] ? sched_clock_local+0x12/0x75
+[  +0.000000]  [<ffffffff810632d1>] lock_acquire+0x93/0xb1
+[  +0.000000]  [<ffffffffa0022339>] ? spin_lock+0x9/0xb [bluetooth]
+[  +0.000000]  [<ffffffff8105f3d8>] ? lock_release_holdtime.part.22+0x4e/0x55
+[  +0.000000]  [<ffffffff814f6038>] _raw_spin_lock+0x40/0x74
+[  +0.000000]  [<ffffffffa0022339>] ? spin_lock+0x9/0xb [bluetooth]
+[  +0.000000]  [<ffffffff814f6936>] ? _raw_spin_unlock+0x23/0x36
+[  +0.000000]  [<ffffffffa0022339>] spin_lock+0x9/0xb [bluetooth]
+[  +0.000000]  [<ffffffffa00230cc>] sco_conn_del+0x76/0xbb [bluetooth]
+[  +0.000000]  [<ffffffffa002391d>] sco_connect_cfm+0x2da/0x2e9 [bluetooth]
+[  +0.000000]  [<ffffffffa000862a>] hci_proto_connect_cfm+0x38/0x65 [bluetooth]
+[  +0.000000]  [<ffffffffa0008d30>] hci_sync_conn_complete_evt.isra.79+0x11a/0x13e [bluetooth]
+[  +0.000000]  [<ffffffffa000cd96>] hci_event_packet+0x153b/0x239d [bluetooth]
+[  +0.000000]  [<ffffffff814f68ff>] ? _raw_spin_unlock_irqrestore+0x48/0x5c
+[  +0.000000]  [<ffffffffa00025f6>] hci_rx_work+0xf3/0x2e3 [bluetooth]
+[  +0.000000]  [<ffffffff8103efed>] process_one_work+0x1dc/0x30b
+[  +0.000000]  [<ffffffff8103ef83>] ? process_one_work+0x172/0x30b
+[  +0.000000]  [<ffffffff8103e07f>] ? spin_lock_irq+0x9/0xb
+[  +0.000000]  [<ffffffff8103fc8d>] worker_thread+0x123/0x1d2
+[  +0.000000]  [<ffffffff8103fb6a>] ? manage_workers+0x240/0x240
+[  +0.000000]  [<ffffffff81044211>] kthread+0x9d/0xa5
+[  +0.000000]  [<ffffffff81044174>] ? __kthread_parkme+0x60/0x60
+[  +0.000000]  [<ffffffff814f75bc>] ret_from_fork+0x7c/0xb0
+[  +0.000000]  [<ffffffff81044174>] ? __kthread_parkme+0x60/0x60
+[  +0.000000] Code: d7 44 89 8d 50 ff ff ff 4c 89 95 58 ff ff ff e8 44 fc ff ff 44 8b 8d 50 ff ff ff 48 85 c0 4c 8b 95 58 ff ff ff 0f 84 7a 04 00 00 <f0> ff 80 98 01 00 00 83 3d 25 41 a7 00 00 45 8b b5 e8 05 00 00
+[  +0.000000] RIP  [<ffffffff810620dd>] __lock_acquire+0xed/0xe82
+[  +0.000000]  RSP <ffff88003c3c19d8>
+[  +0.000000] CR2: 0000000000000199
+[  +0.000000] ---[ end trace e73cd3b52352dd34 ]---
+
+Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
+Tested-by: Frederic Dalleau <frederic.dalleau@intel.com>
+Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/sco.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/bluetooth/sco.c
++++ b/net/bluetooth/sco.c
+@@ -378,6 +378,7 @@ static void __sco_sock_close(struct sock
+                       sco_chan_del(sk, ECONNRESET);
+               break;
+ 
++      case BT_CONNECT2:
+       case BT_CONNECT:
+       case BT_DISCONN:
+               sco_chan_del(sk, ECONNRESET);

diff --git a/queue-3.4/series b/queue-3.4/series
index 01bb4205604858df326736e622336d0021b8db81..d1b0250ff814f46ea4c78f48b5e14b1ae568d679 100644 (file)
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -1 +1,3 @@
 sunrpc-add-barriers-to-ensure-read-ordering-in-rpc_wake_up_task_queue_locked.patch
+tile-expect-new-initramfs-name-from-hypervisor-file-system.patch
+bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch

diff --git a/queue-3.4/tile-expect-new-initramfs-name-from-hypervisor-file-system.patch b/queue-3.4/tile-expect-new-initramfs-name-from-hypervisor-file-system.patch
new file mode 100644 (file)
index 0000000..968ae62
--- /dev/null
+++ b/queue-3.4/tile-expect-new-initramfs-name-from-hypervisor-file-system.patch
@@ -0,0 +1,77 @@
+From ff7f3efb9abf986f4ecd8793a9593f7ca4d6431a Mon Sep 17 00:00:00 2001
+From: Chris Metcalf <cmetcalf@tilera.com>
+Date: Fri, 29 Mar 2013 13:50:21 -0400
+Subject: tile: expect new initramfs name from hypervisor file system
+
+From: Chris Metcalf <cmetcalf@tilera.com>
+
+commit ff7f3efb9abf986f4ecd8793a9593f7ca4d6431a upstream.
+
+The current Tilera boot infrastructure now provides the initramfs
+to Linux as a Tilera-hypervisor file named "initramfs", rather than
+"initramfs.cpio.gz", as before.  (This makes it reasonable to use
+other compression techniques than gzip on the file without having to
+worry about the name causing confusion.)  Adapt to use the new name,
+but also fall back to checking for the old name.
+
+Cc'ing to stable so that older kernels will remain compatible with
+newer Tilera boot infrastructure.
+
+Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/tile/kernel/setup.c |   25 ++++++++++++-------------
+ 1 file changed, 12 insertions(+), 13 deletions(-)
+
+--- a/arch/tile/kernel/setup.c
++++ b/arch/tile/kernel/setup.c
+@@ -912,15 +912,8 @@ void __cpuinit setup_cpu(int boot)
+ 
+ #ifdef CONFIG_BLK_DEV_INITRD
+ 
+-/*
+- * Note that the kernel can potentially support other compression
+- * techniques than gz, though we don't do so by default.  If we ever
+- * decide to do so we can either look for other filename extensions,
+- * or just allow a file with this name to be compressed with an
+- * arbitrary compressor (somewhat counterintuitively).
+- */
+ static int __initdata set_initramfs_file;
+-static char __initdata initramfs_file[128] = "initramfs.cpio.gz";
++static char __initdata initramfs_file[128] = "initramfs";
+ 
+ static int __init setup_initramfs_file(char *str)
+ {
+@@ -934,9 +927,9 @@ static int __init setup_initramfs_file(c
+ early_param("initramfs_file", setup_initramfs_file);
+ 
+ /*
+- * We look for an "initramfs.cpio.gz" file in the hvfs.
+- * If there is one, we allocate some memory for it and it will be
+- * unpacked to the initramfs.
++ * We look for a file called "initramfs" in the hvfs.  If there is one, we
++ * allocate some memory for it and it will be unpacked to the initramfs.
++ * If it's compressed, the initd code will uncompress it first.
+  */
+ static void __init load_hv_initrd(void)
+ {
+@@ -946,10 +939,16 @@ static void __init load_hv_initrd(void)
+ 
+       fd = hv_fs_findfile((HV_VirtAddr) initramfs_file);
+       if (fd == HV_ENOENT) {
+-              if (set_initramfs_file)
++              if (set_initramfs_file) {
+                       pr_warning("No such hvfs initramfs file '%s'\n",
+                                  initramfs_file);
+-              return;
++                      return;
++              } else {
++                      /* Try old backwards-compatible name. */
++                      fd = hv_fs_findfile((HV_VirtAddr)"initramfs.cpio.gz");
++                      if (fd == HV_ENOENT)
++                              return;
++              }
+       }
+       BUG_ON(fd < 0);
+       stat = hv_fs_fstat(fd);