--- /dev/null
+From 62a1cfe052346b96a552b6a9178d412c709711bb Mon Sep 17 00:00:00 2001
+From: Tilman Schmidt <tilman@imap.cc>
+Date: Wed, 25 Apr 2012 13:02:20 +0000
+Subject: isdn/gigaset: fix CAPI disconnect B3 handling
+
+From: Tilman Schmidt <tilman@imap.cc>
+
+commit 62a1cfe052346b96a552b6a9178d412c709711bb upstream.
+
+If DISCONNECT_B3_IND was synthesized because of a DISCONNECT_REQ
+with existing logical connections, the connection state wasn't
+updated accordingly. Also the emitted DISCONNECT_B3_IND message
+wasn't included in the debug log as requested.
+This patch fixes both of these issues.
+
+Signed-off-by: Tilman Schmidt <tilman@imap.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/isdn/gigaset/capi.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/isdn/gigaset/capi.c
++++ b/drivers/isdn/gigaset/capi.c
+@@ -1887,6 +1887,9 @@ static void do_disconnect_req(struct gig
+
+ /* check for active logical connection */
+ if (bcs->apconnstate >= APCONN_ACTIVE) {
++ /* clear it */
++ bcs->apconnstate = APCONN_SETUP;
++
+ /*
+ * emit DISCONNECT_B3_IND with cause 0x3301
+ * use separate cmsg structure, as the content of iif->acmsg
+@@ -1911,6 +1914,7 @@ static void do_disconnect_req(struct gig
+ }
+ capi_cmsg2message(b3cmsg,
+ __skb_put(b3skb, CAPI_DISCONNECT_B3_IND_BASELEN));
++ dump_cmsg(DEBUG_CMD, __func__, b3cmsg);
+ kfree(b3cmsg);
+ capi_ctr_handle_message(&iif->ctr, ap->id, b3skb);
+ }
--- /dev/null
+From e055d03dc088a990fe5ea24a2d64033a168da23c Mon Sep 17 00:00:00 2001
+From: Tilman Schmidt <tilman@imap.cc>
+Date: Wed, 25 Apr 2012 13:02:20 +0000
+Subject: isdn/gigaset: improve error handling querying firmware version
+
+From: Tilman Schmidt <tilman@imap.cc>
+
+commit e055d03dc088a990fe5ea24a2d64033a168da23c upstream.
+
+An out-of-place "OK" response to the "AT+GMR" (get firmware version)
+command turns out to be, more often than not, a delayed response to
+a previous command rather than an actual error, so continue waiting
+for the version number in that case.
+
+Signed-off-by: Tilman Schmidt <tilman@imap.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/isdn/gigaset/ev-layer.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/isdn/gigaset/ev-layer.c
++++ b/drivers/isdn/gigaset/ev-layer.c
+@@ -190,6 +190,7 @@ struct reply_t gigaset_tab_nocid[] =
+ ACT_INIT} },
+ {RSP_OK, 121, 121, -1, 0, 0, {ACT_GOTVER,
+ ACT_INIT} },
++ {RSP_NONE, 121, 121, -1, 120, 0, {ACT_GETSTRING} },
+
+ /* leave dle mode */
+ {RSP_INIT, 0, 0, SEQ_DLE0, 201, 5, {0}, "^SDLE=0\r"},
+@@ -1314,8 +1315,9 @@ static void do_action(int action, struct
+ s = ev->ptr;
+
+ if (!strcmp(s, "OK")) {
++ /* OK without version string: assume old response */
+ *p_genresp = 1;
+- *p_resp_code = RSP_ERROR;
++ *p_resp_code = RSP_NONE;
+ break;
+ }
+
--- /dev/null
+From 8e618aad5348b6e6c5a90e8d97ea643197963b20 Mon Sep 17 00:00:00 2001
+From: Tilman Schmidt <tilman@imap.cc>
+Date: Wed, 25 Apr 2012 13:02:19 +0000
+Subject: isdn/gigaset: ratelimit CAPI message dumps
+
+From: Tilman Schmidt <tilman@imap.cc>
+
+commit 8e618aad5348b6e6c5a90e8d97ea643197963b20 upstream.
+
+Introduce a global ratelimit for CAPI message dumps to protect
+against possible log flood.
+Drop the ratelimit for ignored messages which is now covered by the
+global one.
+
+Signed-off-by: Tilman Schmidt <tilman@imap.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/isdn/gigaset/capi.c | 22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+--- a/drivers/isdn/gigaset/capi.c
++++ b/drivers/isdn/gigaset/capi.c
+@@ -14,6 +14,7 @@
+ #include "gigaset.h"
+ #include <linux/proc_fs.h>
+ #include <linux/seq_file.h>
++#include <linux/ratelimit.h>
+ #include <linux/isdn/capilli.h>
+ #include <linux/isdn/capicmd.h>
+ #include <linux/isdn/capiutil.h>
+@@ -223,10 +224,14 @@ get_appl(struct gigaset_capi_ctr *iif, u
+ static inline void dump_cmsg(enum debuglevel level, const char *tag, _cmsg *p)
+ {
+ #ifdef CONFIG_GIGASET_DEBUG
++ /* dump at most 20 messages in 20 secs */
++ static DEFINE_RATELIMIT_STATE(msg_dump_ratelimit, 20 * HZ, 20);
+ _cdebbuf *cdb;
+
+ if (!(gigaset_debuglevel & level))
+ return;
++ if (!___ratelimit(&msg_dump_ratelimit, tag))
++ return;
+
+ cdb = capi_cmsg2str(p);
+ if (cdb) {
+@@ -2059,12 +2064,6 @@ static void do_reset_b3_req(struct gigas
+ }
+
+ /*
+- * dump unsupported/ignored messages at most twice per minute,
+- * some apps send those very frequently
+- */
+-static unsigned long ignored_msg_dump_time;
+-
+-/*
+ * unsupported CAPI message handler
+ */
+ static void do_unsupported(struct gigaset_capi_ctr *iif,
+@@ -2073,8 +2072,7 @@ static void do_unsupported(struct gigase
+ {
+ /* decode message */
+ capi_message2cmsg(&iif->acmsg, skb->data);
+- if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000))
+- dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
++ dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+ send_conf(iif, ap, skb, CapiMessageNotSupportedInCurrentState);
+ }
+
+@@ -2085,11 +2083,9 @@ static void do_nothing(struct gigaset_ca
+ struct gigaset_capi_appl *ap,
+ struct sk_buff *skb)
+ {
+- if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000)) {
+- /* decode message */
+- capi_message2cmsg(&iif->acmsg, skb->data);
+- dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+- }
++ /* decode message */
++ capi_message2cmsg(&iif->acmsg, skb->data);
++ dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+ dev_kfree_skb_any(skb);
+ }
+
--- /dev/null
+isdn-gigaset-ratelimit-capi-message-dumps.patch
+isdn-gigaset-fix-capi-disconnect-b3-handling.patch
+isdn-gigaset-improve-error-handling-querying-firmware-version.patch
+vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch
--- /dev/null
+From a70b52ec1aaeaf60f4739edb1b422827cb6f3893 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 21 May 2012 16:06:20 -0700
+Subject: vfs: make AIO use the proper rw_verify_area() area helpers
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit a70b52ec1aaeaf60f4739edb1b422827cb6f3893 upstream.
+
+We had for some reason overlooked the AIO interface, and it didn't use
+the proper rw_verify_area() helper function that checks (for example)
+mandatory locking on the file, and that the size of the access doesn't
+cause us to overflow the provided offset limits etc.
+
+Instead, AIO did just the security_file_permission() thing (that
+rw_verify_area() also does) directly.
+
+This fixes it to do all the proper helper functions, which not only
+means that now mandatory file locking works with AIO too, we can
+actually remove lines of code.
+
+Reported-by: Manish Honap <manish_honap_vit@yahoo.co.in>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/aio.c | 30 ++++++++++++++----------------
+ 1 file changed, 14 insertions(+), 16 deletions(-)
+
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -1456,6 +1456,10 @@ static ssize_t aio_setup_vectored_rw(int
+ if (ret < 0)
+ goto out;
+
++ ret = rw_verify_area(type, kiocb->ki_filp, &kiocb->ki_pos, ret);
++ if (ret < 0)
++ goto out;
++
+ kiocb->ki_nr_segs = kiocb->ki_nbytes;
+ kiocb->ki_cur_seg = 0;
+ /* ki_nbytes/left now reflect bytes instead of segs */
+@@ -1467,11 +1471,17 @@ out:
+ return ret;
+ }
+
+-static ssize_t aio_setup_single_vector(struct kiocb *kiocb)
++static ssize_t aio_setup_single_vector(int type, struct file * file, struct kiocb *kiocb)
+ {
++ int bytes;
++
++ bytes = rw_verify_area(type, file, &kiocb->ki_pos, kiocb->ki_left);
++ if (bytes < 0)
++ return bytes;
++
+ kiocb->ki_iovec = &kiocb->ki_inline_vec;
+ kiocb->ki_iovec->iov_base = kiocb->ki_buf;
+- kiocb->ki_iovec->iov_len = kiocb->ki_left;
++ kiocb->ki_iovec->iov_len = bytes;
+ kiocb->ki_nr_segs = 1;
+ kiocb->ki_cur_seg = 0;
+ return 0;
+@@ -1496,10 +1506,7 @@ static ssize_t aio_setup_iocb(struct kio
+ if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf,
+ kiocb->ki_left)))
+ break;
+- ret = security_file_permission(file, MAY_READ);
+- if (unlikely(ret))
+- break;
+- ret = aio_setup_single_vector(kiocb);
++ ret = aio_setup_single_vector(READ, file, kiocb);
+ if (ret)
+ break;
+ ret = -EINVAL;
+@@ -1514,10 +1521,7 @@ static ssize_t aio_setup_iocb(struct kio
+ if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf,
+ kiocb->ki_left)))
+ break;
+- ret = security_file_permission(file, MAY_WRITE);
+- if (unlikely(ret))
+- break;
+- ret = aio_setup_single_vector(kiocb);
++ ret = aio_setup_single_vector(WRITE, file, kiocb);
+ if (ret)
+ break;
+ ret = -EINVAL;
+@@ -1528,9 +1532,6 @@ static ssize_t aio_setup_iocb(struct kio
+ ret = -EBADF;
+ if (unlikely(!(file->f_mode & FMODE_READ)))
+ break;
+- ret = security_file_permission(file, MAY_READ);
+- if (unlikely(ret))
+- break;
+ ret = aio_setup_vectored_rw(READ, kiocb, compat);
+ if (ret)
+ break;
+@@ -1542,9 +1543,6 @@ static ssize_t aio_setup_iocb(struct kio
+ ret = -EBADF;
+ if (unlikely(!(file->f_mode & FMODE_WRITE)))
+ break;
+- ret = security_file_permission(file, MAY_WRITE);
+- if (unlikely(ret))
+- break;
+ ret = aio_setup_vectored_rw(WRITE, kiocb, compat);
+ if (ret)
+ break;
projects / thirdparty / kernel / stable-queue.git / commitdiff
