--- /dev/null
+From 6f103929f8979d2638e58d7f7fda0beefcb8ee7e Mon Sep 17 00:00:00 2001
+From: Neal Cardwell <ncardwell@google.com>
+Date: Tue, 27 Mar 2012 15:09:37 -0400
+Subject: nohz: Fix stale jiffies update in tick_nohz_restart()
+
+From: Neal Cardwell <ncardwell@google.com>
+
+commit 6f103929f8979d2638e58d7f7fda0beefcb8ee7e upstream.
+
+Fix tick_nohz_restart() to not use a stale ktime_t "now" value when
+calling tick_do_update_jiffies64(now).
+
+If we reach this point in the loop it means that we crossed a tick
+boundary since we grabbed the "now" timestamp, so at this point "now"
+refers to a time in the old jiffy, so using the old value for "now" is
+incorrect, and is likely to give us a stale jiffies value.
+
+In particular, the first time through the loop the
+tick_do_update_jiffies64(now) call is always a no-op, since the
+caller, tick_nohz_restart_sched_tick(), will have already called
+tick_do_update_jiffies64(now) with that "now" value.
+
+Note that tick_nohz_stop_sched_tick() already uses the correct
+approach: when we notice we cross a jiffy boundary, grab a new
+timestamp with ktime_get(), and *then* update jiffies.
+
+Signed-off-by: Neal Cardwell <ncardwell@google.com>
+Cc: Ben Segall <bsegall@google.com>
+Cc: Ingo Molnar <mingo@elte.hu>
+Link: http://lkml.kernel.org/r/1332875377-23014-1-git-send-email-ncardwell@google.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/tick-sched.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/time/tick-sched.c
++++ b/kernel/time/tick-sched.c
+@@ -484,9 +484,9 @@ static void tick_nohz_restart(struct tic
+ hrtimer_get_expires(&ts->sched_timer), 0))
+ break;
+ }
+- /* Update jiffies and reread time */
+- tick_do_update_jiffies64(now);
++ /* Reread time and update jiffies */
+ now = ktime_get();
++ tick_do_update_jiffies64(now);
+ }
+ }
+
--- /dev/null
+From 63fa471dd49e9c9ce029d910d1024330d9b1b145 Mon Sep 17 00:00:00 2001
+From: David Miller <davem@davemloft.net>
+Date: Tue, 27 Mar 2012 03:14:18 -0400
+Subject: perf hists: Catch and handle out-of-date hist entry maps.
+
+From: David Miller <davem@davemloft.net>
+
+commit 63fa471dd49e9c9ce029d910d1024330d9b1b145 upstream.
+
+When a process exec()'s, all the maps are retired, but we keep the hist
+entries around which hold references to those outdated maps.
+
+If the same library gets mapped in for which we have hist entries, a new
+map will be created. But when we take a perf entry hit within that map,
+we'll find the existing hist entry with the older map.
+
+This causes symbol translations to be done incorrectly. For example,
+the perf entry processing will lookup the correct uptodate map entry and
+use that to calculate the symbol and DSO relative address. But later
+when we update the histogram we'll translate the address using the
+outdated map file instead leading to conditions such as out-of-range
+offsets in symbol__inc_addr_samples().
+
+Therefore, update the map of the hist_entry dynamically at lookup/
+creation time.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Link: http://lkml.kernel.org/r/20120327.031418.1220315351537060808.davem@davemloft.net
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/hist.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/tools/perf/util/hist.c
++++ b/tools/perf/util/hist.c
+@@ -158,6 +158,18 @@ struct hist_entry *__hists__add_entry(st
+ if (!cmp) {
+ he->period += period;
+ ++he->nr_events;
++
++ /* If the map of an existing hist_entry has
++ * become out-of-date due to an exec() or
++ * similar, update it. Otherwise we will
++ * mis-adjust symbol addresses when computing
++ * the history counter to increment.
++ */
++ if (he->ms.map != entry->ms.map) {
++ he->ms.map = entry->ms.map;
++ if (he->ms.map)
++ he->ms.map->referenced = true;
++ }
+ goto out;
+ }
+
sparc64-fix-bootup-crash-on-sun4v.patch
cciss-initialize-scsi-host-max_sectors-for-tape-drive-support.patch
cciss-fix-scsi-tape-io-with-more-than-255-scatter-gather-elements.patch
+perf-hists-catch-and-handle-out-of-date-hist-entry-maps.patch
+video-uvesafb-fix-oops-that-uvesafb-try-to-execute-nx-protected-page.patch
+nohz-fix-stale-jiffies-update-in-tick_nohz_restart.patch
+usb-serial-fix-race-between-probe-and-open.patch
--- /dev/null
+From a65a6f14dc24a90bde3f5d0073ba2364476200bf Mon Sep 17 00:00:00 2001
+From: Johan Hovold <jhovold@gmail.com>
+Date: Tue, 20 Mar 2012 16:59:33 +0100
+Subject: USB: serial: fix race between probe and open
+
+From: Johan Hovold <jhovold@gmail.com>
+
+commit a65a6f14dc24a90bde3f5d0073ba2364476200bf upstream.
+
+Fix race between probe and open by making sure that the disconnected
+flag is not cleared until all ports have been registered.
+
+A call to tty_open while probe is running may get a reference to the
+serial structure in serial_install before its ports have been
+registered. This may lead to usb_serial_core calling driver open before
+port is fully initialised.
+
+With ftdi_sio this result in the following NULL-pointer dereference as
+the private data has not been initialised at open:
+
+[ 199.698286] IP: [<f811a089>] ftdi_open+0x59/0xe0 [ftdi_sio]
+[ 199.698297] *pde = 00000000
+[ 199.698303] Oops: 0000 [#1] PREEMPT SMP
+[ 199.698313] Modules linked in: ftdi_sio usbserial
+[ 199.698323]
+[ 199.698327] Pid: 1146, comm: ftdi_open Not tainted 3.2.11 #70 Dell Inc. Vostro 1520/0T816J
+[ 199.698339] EIP: 0060:[<f811a089>] EFLAGS: 00010286 CPU: 0
+[ 199.698344] EIP is at ftdi_open+0x59/0xe0 [ftdi_sio]
+[ 199.698348] EAX: 0000003e EBX: f5067000 ECX: 00000000 EDX: 80000600
+[ 199.698352] ESI: f48d8800 EDI: 00000001 EBP: f515dd54 ESP: f515dcfc
+[ 199.698356] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
+[ 199.698361] Process ftdi_open (pid: 1146, ti=f515c000 task=f481e040 task.ti=f515c000)
+[ 199.698364] Stack:
+[ 199.698368] f811a9fe f811a9e0 f811b3ef 00000000 00000000 00001388 00000000 f4a86800
+[ 199.698387] 00000002 00000000 f806e68e 00000000 f532765c f481e040 00000246 22222222
+[ 199.698479] 22222222 22222222 22222222 f5067004 f5327600 f5327638 f515dd74 f806e6ab
+[ 199.698496] Call Trace:
+[ 199.698504] [<f806e68e>] ? serial_activate+0x2e/0x70 [usbserial]
+[ 199.698511] [<f806e6ab>] serial_activate+0x4b/0x70 [usbserial]
+[ 199.698521] [<c126380c>] tty_port_open+0x7c/0xd0
+[ 199.698527] [<f806e660>] ? serial_set_termios+0xa0/0xa0 [usbserial]
+[ 199.698534] [<f806e76f>] serial_open+0x2f/0x70 [usbserial]
+[ 199.698540] [<c125d07c>] tty_open+0x20c/0x510
+[ 199.698546] [<c10e9eb7>] chrdev_open+0xe7/0x230
+[ 199.698553] [<c10e48f2>] __dentry_open+0x1f2/0x390
+[ 199.698559] [<c144bfec>] ? _raw_spin_unlock+0x2c/0x50
+[ 199.698565] [<c10e4b76>] nameidata_to_filp+0x66/0x80
+[ 199.698570] [<c10e9dd0>] ? cdev_put+0x20/0x20
+[ 199.698576] [<c10f3e08>] do_last+0x198/0x730
+[ 199.698581] [<c10f4440>] path_openat+0xa0/0x350
+[ 199.698587] [<c10f47d5>] do_filp_open+0x35/0x80
+[ 199.698593] [<c144bfec>] ? _raw_spin_unlock+0x2c/0x50
+[ 199.698599] [<c10ff110>] ? alloc_fd+0xc0/0x100
+[ 199.698605] [<c10f0b72>] ? getname_flags+0x72/0x120
+[ 199.698611] [<c10e4450>] do_sys_open+0xf0/0x1c0
+[ 199.698617] [<c11fcc08>] ? trace_hardirqs_on_thunk+0xc/0x10
+[ 199.698623] [<c10e458e>] sys_open+0x2e/0x40
+[ 199.698628] [<c144c990>] sysenter_do_call+0x12/0x36
+[ 199.698632] Code: 85 89 00 00 00 8b 16 8b 4d c0 c1 e2 08 c7 44 24 14 88 13 00 00 81 ca 00 00 00 80 c7 44 24 10 00 00 00 00 c7 44 24 0c 00 00 00 00 <0f> b7 41 78 31 c9 89 44 24 08 c7 44 24 04 00 00 00 00 c7 04 24
+[ 199.698884] EIP: [<f811a089>] ftdi_open+0x59/0xe0 [ftdi_sio] SS:ESP 0068:f515dcfc
+[ 199.698893] CR2: 0000000000000078
+[ 199.698925] ---[ end trace 77c43ec023940cff ]---
+
+Reported-and-tested-by: Ken Huang <csuhgw@gmail.com>
+Signed-off-by: Johan Hovold <jhovold@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/usb-serial.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/usb/serial/usb-serial.c
++++ b/drivers/usb/serial/usb-serial.c
+@@ -1059,6 +1059,12 @@ int usb_serial_probe(struct usb_interfac
+ serial->attached = 1;
+ }
+
++ /* Avoid race with tty_open and serial_install by setting the
++ * disconnected flag and not clearing it until all ports have been
++ * registered.
++ */
++ serial->disconnected = 1;
++
+ if (get_free_serial(serial, num_ports, &minor) == NULL) {
+ dev_err(&interface->dev, "No more free serial devices\n");
+ goto probe_error;
+@@ -1083,6 +1089,8 @@ int usb_serial_probe(struct usb_interfac
+ }
+ }
+
++ serial->disconnected = 0;
++
+ usb_serial_console_init(debug, minor);
+
+ exit:
--- /dev/null
+From b78f29ca0516266431688c5eb42d39ce42ec039a Mon Sep 17 00:00:00 2001
+From: Wang YanQing <udknight@gmail.com>
+Date: Sun, 1 Apr 2012 08:54:02 +0800
+Subject: video:uvesafb: Fix oops that uvesafb try to execute NX-protected page
+
+From: Wang YanQing <udknight@gmail.com>
+
+commit b78f29ca0516266431688c5eb42d39ce42ec039a upstream.
+
+This patch fix the oops below that catched in my machine
+
+[ 81.560602] uvesafb: NVIDIA Corporation, GT216 Board - 0696a290, Chip Rev , OEM: NVIDIA, VBE v3.0
+[ 81.609384] uvesafb: protected mode interface info at c000:d350
+[ 81.609388] uvesafb: pmi: set display start = c00cd3b3, set palette = c00cd40e
+[ 81.609390] uvesafb: pmi: ports = 3b4 3b5 3ba 3c0 3c1 3c4 3c5 3c6 3c7 3c8 3c9 3cc 3ce 3cf 3d0 3d1 3d2 3d3 3d4 3d5 3da
+[ 81.614558] uvesafb: VBIOS/hardware doesn't support DDC transfers
+[ 81.614562] uvesafb: no monitor limits have been set, default refresh rate will be used
+[ 81.614994] uvesafb: scrolling: ypan using protected mode interface, yres_virtual=4915
+[ 81.744147] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
+[ 81.744153] BUG: unable to handle kernel paging request at c00cd3b3
+[ 81.744159] IP: [<c00cd3b3>] 0xc00cd3b2
+[ 81.744167] *pdpt = 00000000016d6001 *pde = 0000000001c7b067 *pte = 80000000000cd163
+[ 81.744171] Oops: 0011 [#1] SMP
+[ 81.744174] Modules linked in: uvesafb(+) cfbcopyarea cfbimgblt cfbfillrect
+[ 81.744178]
+[ 81.744181] Pid: 3497, comm: modprobe Not tainted 3.3.0-rc4NX+ #71 Acer Aspire 4741 /Aspire 4741
+[ 81.744185] EIP: 0060:[<c00cd3b3>] EFLAGS: 00010246 CPU: 0
+[ 81.744187] EIP is at 0xc00cd3b3
+[ 81.744189] EAX: 00004f07 EBX: 00000000 ECX: 00000000 EDX: 00000000
+[ 81.744191] ESI: f763f000 EDI: f763f6e8 EBP: f57f3a0c ESP: f57f3a00
+[ 81.744192] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
+[ 81.744195] Process modprobe (pid: 3497, ti=f57f2000 task=f748c600 task.ti=f57f2000)
+[ 81.744196] Stack:
+[ 81.744197] f82512c5 f759341c 00000000 f57f3a30 c124a9bc 00000001 00000001 000001e0
+[ 81.744202] f8251280 f763f000 f7593400 00000000 f57f3a40 c12598dd f5c0c000 00000000
+[ 81.744206] f57f3b10 c1255efe c125a21a 00000006 f763f09c 00000000 c1c6cb60 f7593400
+[ 81.744210] Call Trace:
+[ 81.744215] [<f82512c5>] ? uvesafb_pan_display+0x45/0x60 [uvesafb]
+[ 81.744222] [<c124a9bc>] fb_pan_display+0x10c/0x160
+[ 81.744226] [<f8251280>] ? uvesafb_vbe_find_mode+0x180/0x180 [uvesafb]
+[ 81.744230] [<c12598dd>] bit_update_start+0x1d/0x50
+[ 81.744232] [<c1255efe>] fbcon_switch+0x39e/0x550
+[ 81.744235] [<c125a21a>] ? bit_cursor+0x4ea/0x560
+[ 81.744240] [<c129b6cb>] redraw_screen+0x12b/0x220
+[ 81.744245] [<c128843b>] ? tty_do_resize+0x3b/0xc0
+[ 81.744247] [<c129ef42>] vc_do_resize+0x3d2/0x3e0
+[ 81.744250] [<c129efb4>] vc_resize+0x14/0x20
+[ 81.744253] [<c12586bd>] fbcon_init+0x29d/0x500
+[ 81.744255] [<c12984c4>] ? set_inverse_trans_unicode+0xe4/0x110
+[ 81.744258] [<c129b378>] visual_init+0xb8/0x150
+[ 81.744261] [<c129c16c>] bind_con_driver+0x16c/0x360
+[ 81.744264] [<c129b47e>] ? register_con_driver+0x6e/0x190
+[ 81.744267] [<c129c3a1>] take_over_console+0x41/0x50
+[ 81.744269] [<c1257b7a>] fbcon_takeover+0x6a/0xd0
+[ 81.744272] [<c12594b8>] fbcon_event_notify+0x758/0x790
+[ 81.744277] [<c10929e2>] notifier_call_chain+0x42/0xb0
+[ 81.744280] [<c1092d30>] __blocking_notifier_call_chain+0x60/0x90
+[ 81.744283] [<c1092d7a>] blocking_notifier_call_chain+0x1a/0x20
+[ 81.744285] [<c124a5a1>] fb_notifier_call_chain+0x11/0x20
+[ 81.744288] [<c124b759>] register_framebuffer+0x1d9/0x2b0
+[ 81.744293] [<c1061c73>] ? ioremap_wc+0x33/0x40
+[ 81.744298] [<f82537c6>] uvesafb_probe+0xaba/0xc40 [uvesafb]
+[ 81.744302] [<c12bb81f>] platform_drv_probe+0xf/0x20
+[ 81.744306] [<c12ba558>] driver_probe_device+0x68/0x170
+[ 81.744309] [<c12ba731>] __device_attach+0x41/0x50
+[ 81.744313] [<c12b9088>] bus_for_each_drv+0x48/0x70
+[ 81.744316] [<c12ba7f3>] device_attach+0x83/0xa0
+[ 81.744319] [<c12ba6f0>] ? __driver_attach+0x90/0x90
+[ 81.744321] [<c12b991f>] bus_probe_device+0x6f/0x90
+[ 81.744324] [<c12b8a45>] device_add+0x5e5/0x680
+[ 81.744329] [<c122a1a3>] ? kvasprintf+0x43/0x60
+[ 81.744332] [<c121e6e4>] ? kobject_set_name_vargs+0x64/0x70
+[ 81.744335] [<c121e6e4>] ? kobject_set_name_vargs+0x64/0x70
+[ 81.744339] [<c12bbe9f>] platform_device_add+0xff/0x1b0
+[ 81.744343] [<f8252906>] uvesafb_init+0x50/0x9b [uvesafb]
+[ 81.744346] [<c100111f>] do_one_initcall+0x2f/0x170
+[ 81.744350] [<f82528b6>] ? uvesafb_is_valid_mode+0x66/0x66 [uvesafb]
+[ 81.744355] [<c10c6994>] sys_init_module+0xf4/0x1410
+[ 81.744359] [<c1157fc0>] ? vfsmount_lock_local_unlock_cpu+0x30/0x30
+[ 81.744363] [<c144cb10>] sysenter_do_call+0x12/0x36
+[ 81.744365] Code: f5 00 00 00 32 f6 66 8b da 66 d1 e3 66 ba d4 03 8a e3 b0 1c 66 ef b0 1e 66 ef 8a e7 b0 1d 66 ef b0 1f 66 ef e8 fa 00 00 00 61 c3 <60> e8 c8 00 00 00 66 8b f3 66 8b da 66 ba d4 03 b0 0c 8a e5 66
+[ 81.744388] EIP: [<c00cd3b3>] 0xc00cd3b3 SS:ESP 0068:f57f3a00
+[ 81.744391] CR2: 00000000c00cd3b3
+[ 81.744393] ---[ end trace 18b2c87c925b54d6 ]---
+
+Signed-off-by: Wang YanQing <udknight@gmail.com>
+Cc: Michal Januszewski <spock@gentoo.org>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/video/uvesafb.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/video/uvesafb.c
++++ b/drivers/video/uvesafb.c
+@@ -815,8 +815,15 @@ static int __devinit uvesafb_vbe_init(st
+ par->pmi_setpal = pmi_setpal;
+ par->ypan = ypan;
+
+- if (par->pmi_setpal || par->ypan)
+- uvesafb_vbe_getpmi(task, par);
++ if (par->pmi_setpal || par->ypan) {
++ if (__supported_pte_mask & _PAGE_NX) {
++ par->pmi_setpal = par->ypan = 0;
++ printk(KERN_WARNING "uvesafb: NX protection is actively."
++ "We have better not to use the PMI.\n");
++ } else {
++ uvesafb_vbe_getpmi(task, par);
++ }
++ }
+ #else
+ /* The protected mode interface is not available on non-x86. */
+ par->pmi_setpal = par->ypan = 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
