3.14-stable patches

added patches:
	pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch
	pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch
	pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch

diff --git a/queue-3.14/pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch b/queue-3.14/pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch
new file mode 100644 (file)
index 0000000..128bb3e
--- /dev/null
+++ b/queue-3.14/pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch
@@ -0,0 +1,52 @@
+From 57fd835385a043577457a385f28c08be693991bf Mon Sep 17 00:00:00 2001
+From: Liu ShuoX <shuox.liu@intel.com>
+Date: Mon, 17 Mar 2014 11:24:49 +1100
+Subject: pstore: clarify clearing of _read_cnt in ramoops_context
+
+From: Liu ShuoX <shuox.liu@intel.com>
+
+commit 57fd835385a043577457a385f28c08be693991bf upstream.
+
+*_read_cnt in ramoops_context need to be cleared during pstore ->open to
+support mutli times getting the records.  The patch added missed
+ftrace_read_cnt clearing and removed duplicate clearing in ramoops_probe.
+
+Signed-off-by: Liu ShuoX <shuox.liu@intel.com>
+Cc: "Zhang, Yanmin" <yanmin_zhang@linux.intel.com>
+Cc: Colin Cross <ccross@android.com>
+Cc: Kees Cook <keescook@chromium.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Cc: HuKeping <hukeping@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/pstore/ram.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/pstore/ram.c
++++ b/fs/pstore/ram.c
+@@ -92,6 +92,7 @@ struct ramoops_context {
+       struct persistent_ram_ecc_info ecc_info;
+       unsigned int max_dump_cnt;
+       unsigned int dump_write_cnt;
++      /* _read_cnt need clear on ramoops_pstore_open */
+       unsigned int dump_read_cnt;
+       unsigned int console_read_cnt;
+       unsigned int ftrace_read_cnt;
+@@ -107,6 +108,7 @@ static int ramoops_pstore_open(struct ps
+ 
+       cxt->dump_read_cnt = 0;
+       cxt->console_read_cnt = 0;
++      cxt->ftrace_read_cnt = 0;
+       return 0;
+ }
+ 
+@@ -435,7 +437,6 @@ static int ramoops_probe(struct platform
+       if (pdata->ftrace_size && !is_power_of_2(pdata->ftrace_size))
+               pdata->ftrace_size = rounddown_pow_of_two(pdata->ftrace_size);
+ 
+-      cxt->dump_read_cnt = 0;
+       cxt->size = pdata->mem_size;
+       cxt->phys_addr = pdata->mem_address;
+       cxt->memtype = pdata->mem_type;

diff --git a/queue-3.14/pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch b/queue-3.14/pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch
new file mode 100644 (file)
index 0000000..7eb3aa7
--- /dev/null
+++ b/queue-3.14/pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch
@@ -0,0 +1,37 @@
+From b0aa931fb84431394d995472d0af2a6c2b61064d Mon Sep 17 00:00:00 2001
+From: Liu ShuoX <shuox.liu@intel.com>
+Date: Mon, 17 Mar 2014 13:57:49 -0700
+Subject: pstore: Fix NULL pointer fault if get NULL prz in ramoops_get_next_prz
+
+From: Liu ShuoX <shuox.liu@intel.com>
+
+commit b0aa931fb84431394d995472d0af2a6c2b61064d upstream.
+
+ramoops_get_next_prz get the prz according the paramters. If it get a
+uninitialized prz, access its members by following persistent_ram_old_size(prz)
+will cause a NULL pointer crash.
+Ex: if ftrace_size is 0, fprz will be NULL.
+
+Fix it by return NULL in advance.
+
+Signed-off-by: Liu ShuoX <shuox.liu@intel.com>
+Acked-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Cc: HuKeping <hukeping@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/pstore/ram.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/pstore/ram.c
++++ b/fs/pstore/ram.c
+@@ -125,6 +125,8 @@ ramoops_get_next_prz(struct persistent_r
+               return NULL;
+ 
+       prz = przs[i];
++      if (!prz)
++              return NULL;
+ 
+       /* Update old/shadowed buffer. */
+       if (update)

diff --git a/queue-3.14/pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch b/queue-3.14/pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch
new file mode 100644 (file)
index 0000000..6da927b
--- /dev/null
+++ b/queue-3.14/pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch
@@ -0,0 +1,46 @@
+From aa9a4a1edfbd3d223af01db833da2f07850bc655 Mon Sep 17 00:00:00 2001
+From: Liu ShuoX <shuox.liu@intel.com>
+Date: Mon, 17 Mar 2014 11:24:49 +1100
+Subject: pstore: skip zero size persistent ram buffer in traverse
+
+From: Liu ShuoX <shuox.liu@intel.com>
+
+commit aa9a4a1edfbd3d223af01db833da2f07850bc655 upstream.
+
+In ramoops_pstore_read, a valid prz pointer with zero size buffer will
+break traverse of all persistent ram buffers.  The latter buffer might be
+lost.
+
+Signed-off-by: Liu ShuoX <shuox.liu@intel.com>
+Cc: "Zhang, Yanmin" <yanmin_zhang@linux.intel.com>
+Cc: Colin Cross <ccross@android.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Cc: HuKeping <hukeping@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/pstore/ram.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/fs/pstore/ram.c
++++ b/fs/pstore/ram.c
+@@ -126,12 +126,12 @@ ramoops_get_next_prz(struct persistent_r
+ 
+       prz = przs[i];
+ 
+-      if (update) {
+-              /* Update old/shadowed buffer. */
++      /* Update old/shadowed buffer. */
++      if (update)
+               persistent_ram_save_old(prz);
+-              if (!persistent_ram_old_size(prz))
+-                      return NULL;
+-      }
++
++      if (!persistent_ram_old_size(prz))
++              return NULL;
+ 
+       *typep = type;
+       *id = i;

diff --git a/queue-3.14/series b/queue-3.14/series
index e75576da743bb31229e28e095c63a91cd3b2d5f1..01394ccd4678b283b75caa0b9c0d2be06ddd7d96 100644 (file)
--- a/queue-3.14/series
+++ b/queue-3.14/series
@@ -25,3 +25,6 @@ regulator-core-fix-race-condition-in-regulator_put.patch
 drivers-net-cpsw-discard-dual-emac-default-vlan-configuration.patch
 drm-i915-only-fence-tiled-region-of-object.patch
 arm-dma-ensure-that-old-section-mappings-are-flushed-from-the-tlb.patch
+pstore-clarify-clearing-of-_read_cnt-in-ramoops_context.patch
+pstore-skip-zero-size-persistent-ram-buffer-in-traverse.patch
+pstore-fix-null-pointer-fault-if-get-null-prz-in-ramoops_get_next_prz.patch