--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 06:35:53 2007
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Fri, 16 Mar 2007 09:34:29 -0400 (EDT)
+Subject: EHCI: add delay to bus_resume before accessing ports
+To: stable@kernel.org
+Message-ID: <Pine.LNX.4.44L0.0703160928380.3039-100000@iolanthe.rowland.org>
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+This patch (as870) adds a delay to ehci-hcd's bus_resume routine.
+Apparently there are controllers and/or BIOSes out there which need
+such a delay to get the ports back into their correct state. This
+fixes Bugzilla #8190.
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/host/ehci-hub.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/usb/host/ehci-hub.c
++++ b/drivers/usb/host/ehci-hub.c
+@@ -134,6 +134,10 @@ static int ehci_bus_resume (struct usb_h
+ /* restore CMD_RUN, framelist size, and irq threshold */
+ writel (ehci->command, &ehci->regs->command);
+
++ /* Some controller/firmware combinations need a delay during which
++ * they set up the port statuses. See Bugzilla #8190. */
++ mdelay(8);
++
+ /* manually resume the ports we suspended during bus_suspend() */
+ i = HCS_N_PORTS (ehci->hcs_params);
+ while (i--) {
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 15:17:28 2007
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 16 Mar 2007 14:15:57 -0800
+Subject: fix MTIME_SEC_MAX on 32-bit
+To: torvalds@linux-foundation.org
+Cc: akpm@linux-foundation.org, mingo@elte.hu, tglx@linutronix.de, stable@kernel.org
+Message-ID: <200703162215.l2GMFwJt023098@shell0.pdx.osdl.net>
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+The maximum seconds value we can handle on 32bit is LONG_MAX.
+
+Cc: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/ktime.h | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/include/linux/ktime.h
++++ b/include/linux/ktime.h
+@@ -57,7 +57,11 @@ typedef union {
+ } ktime_t;
+
+ #define KTIME_MAX ((s64)~((u64)1 << 63))
+-#define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC)
++#if (BITS_PER_LONG == 64)
++# define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC)
++#else
++# define KTIME_SEC_MAX LONG_MAX
++#endif
+
+ /*
+ * ktime_t definitions when using the 64-bit scalar representation:
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 14:40:22 2007
+From: Ingo Molnar <mingo@elte.hu>
+Date: Fri, 16 Mar 2007 13:38:31 -0800
+Subject: futex: PI state locking fix
+To: torvalds@linux-foundation.org
+Cc: akpm@linux-foundation.org, tglx@linutronix.de, mingo@elte.hu, cebbert@redhat.com, stable@kernel.org
+Message-ID: <200703162138.l2GLcWjm022407@shell0.pdx.osdl.net>
+
+From: Ingo Molnar <mingo@elte.hu>
+
+Testing of -rt by IBM uncovered a locking bug in wake_futex_pi(): the PI
+state needs to be locked before we access it.
+
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/futex.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -565,6 +565,7 @@ static int wake_futex_pi(u32 __user *uad
+ if (!pi_state)
+ return -EINVAL;
+
++ spin_lock(&pi_state->pi_mutex.wait_lock);
+ new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
+
+ /*
+@@ -604,6 +605,7 @@ static int wake_futex_pi(u32 __user *uad
+ pi_state->owner = new_owner;
+ spin_unlock_irq(&new_owner->pi_lock);
+
++ spin_unlock(&pi_state->pi_mutex.wait_lock);
+ rt_mutex_unlock(&pi_state->pi_mutex);
+
+ return 0;
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 14:40:41 2007
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 16 Mar 2007 13:38:20 -0800
+Subject: hrtimer: prevent overrun DoS in hrtimer_forward()
+To: torvalds@linux-foundation.org
+Cc: akpm@linux-foundation.org, mingo@elte.hu, tglx@linutronix.de, stable@kernel.org
+Message-ID: <200703162138.l2GLcKVR022355@shell0.pdx.osdl.net>
+
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+hrtimer_forward() does not check for the possible overflow of
+timer->expires. This can happen on 64 bit machines with large interval
+values and results currently in an endless loop in the softirq because the
+expiry value becomes negative and therefor the timer is expired all the
+time.
+
+Check for this condition and set the expiry value to the max. expiry time
+in the future. The fix should be applied to stable kernel series as well.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/hrtimer.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -332,6 +332,12 @@ hrtimer_forward(struct hrtimer *timer, k
+ orun++;
+ }
+ timer->expires = ktime_add(timer->expires, interval);
++ /*
++ * Make sure, that the result did not wrap with a very large
++ * interval.
++ */
++ if (timer->expires.tv64 < 0)
++ timer->expires = ktime_set(KTIME_SEC_MAX, 0);
+
+ return orun;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 14:40:07 2007
+From: Zilvinas Valinskas <zilvinas@wilibox.com>
+Date: Fri, 16 Mar 2007 13:38:34 -0800
+Subject: initialise pi_lock if CONFIG_RT_MUTEXES=N
+To: torvalds@linux-foundation.org
+Cc: akpm@linux-foundation.org, mingo@elte.hu, zilvinas@wilibox.com, stable@kernel.org
+Message-ID: <200703162138.l2GLcYcI022419@shell0.pdx.osdl.net>
+
+
+From: Zilvinas Valinskas <zilvinas@wilibox.com>
+
+Fixes a bogus lockdep warning which causes lockdep to disable itself.
+
+Acked-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/fork.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -933,8 +933,8 @@ asmlinkage long sys_set_tid_address(int
+
+ static inline void rt_mutex_init_task(struct task_struct *p)
+ {
+-#ifdef CONFIG_RT_MUTEXES
+ spin_lock_init(&p->pi_lock);
++#ifdef CONFIG_RT_MUTEXES
+ plist_head_init(&p->pi_waiters, &p->pi_lock);
+ p->pi_blocked_on = NULL;
+ #endif
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 14:39:59 2007
+From: Bernhard Walle <bwalle@suse.de>
+Date: Fri, 16 Mar 2007 13:38:30 -0800
+Subject: Initialise SAK member for each virtual console to prevent oops
+To: torvalds@linux-foundation.org
+Cc: stable@kernel.org, akpm@linux-foundation.org, bwalle@suse.de, ebiederm@xmission.com
+Message-ID: <200703162138.l2GLcU8Y022399@shell0.pdx.osdl.net>
+
+From: Bernhard Walle <bwalle@suse.de>
+
+Initialise the SAK member of the vc_cons variable on all virtual terminals,
+not only the first one. This prevents an oops when trying Sysrq-C on e.g.
+the second virtual terminal:
+
+ kernel BUG at kernel/workqueue.c:212!
+ invalid opcode: 0000 [1] SMP
+ CPU 0
+ Modules linked in: i915 drm deflate zlib_deflate twofish twofish_common serpent blowfish des ce
+ Pid: 0, comm: swapper Not tainted 2.6.21-rc3-default #15
+ RIP: 0010:[<ffffffff8028c955>] [<ffffffff8028c955>] queue_work+0x32/0x51
+ RSP: 0018:ffffffff805fada8 EFLAGS: 00010013
+ RAX: ffffffff80683f38 RBX: ffffffff804ae700 RCX: 0000000000000000
+ RDX: 0000000000000000 RSI: ffffffff80683f30 RDI: ffff81000134a840
+ RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000002
+ R10: ffffffff805990e0 R11: ffff810037f4c0f0 R12: 000000000000006b
+ R13: ffff81007aa23000 R14: 0000000000000001 R15: 0000000000000096
+ FS: 0000000000000000(0000) GS:ffffffff804d8000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
+ CR2: 00002b72026e9000 CR3: 0000000079175000 CR4: 00000000000006e0
+ Process swapper (pid: 0, threadinfo ffffffff8059e000, task ffffffff80490840)
+ Stack: 0000000000000096 ffffffff803635db ffffffff805fadf8 0000000000000001
+ ffff8100013c2e40 0000000000000025 ffff81007c931c00 ffff81007aa23000
+ 0000000000000001 ffffffff8035e3ee 0000000000000092 ffff810037cc8000
+ Call Trace:
+ <IRQ> [<ffffffff803635db>] __handle_sysrq+0x98/0x129
+ [<ffffffff8035e3ee>] kbd_event+0x32e/0x56a
+ [<ffffffff8037d502>] input_event+0x422/0x44a
+ [<ffffffff80381d71>] atkbd_interrupt+0x449/0x503
+ [<ffffffff8037a42d>] serio_interrupt+0x37/0x6f
+ [<ffffffff8037affb>] i8042_interrupt+0x1f4/0x20a
+ [<ffffffff8026bd20>] smp_send_timer_broadcast_ipi+0x2d/0x4e
+ [<ffffffff8020eee5>] handle_IRQ_event+0x25/0x53
+ [<ffffffff802a924c>] handle_edge_irq+0xe4/0x128
+ [<ffffffff802562ac>] call_softirq+0x1c/0x28
+ [<ffffffff802632eb>] do_IRQ+0x6c/0xd3
+ [<ffffffff8024f4e7>] mwait_idle+0x0/0x45
+ [<ffffffff80255631>] ret_from_intr+0x0/0xa
+ <EOI> [<ffffffff80248a4d>] datagram_poll+0x0/0xc8
+ [<ffffffff8024f529>] mwait_idle+0x42/0x45
+ [<ffffffff80242c05>] cpu_idle+0x8b/0xae
+ [<ffffffff805a8779>] start_kernel+0x2b9/0x2c5
+ [<ffffffff805a815e>] _sinittext+0x15e/0x162
+
+ Code: 0f 0b eb fe 48 8b 07 48 63 d2 48 f7 d0 48 8b 3c d0 e8 13 ff
+ RIP [<ffffffff8028c955>] queue_work+0x32/0x51
+ RSP <ffffffff805fada8>
+ Kernel panic - not syncing: Aiee, killing interrupt handler!
+
+Signed-off-by: Bernhard Walle <bwalle@suse.de>
+Acked-by: Eric Biederman <ebiederm@xmission.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/vt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/char/vt.c
++++ b/drivers/char/vt.c
+@@ -727,6 +727,7 @@ int vc_allocate(unsigned int currcons) /
+ return -ENOMEM;
+ memset(vc, 0, sizeof(*vc));
+ vc_cons[currcons].d = vc;
++ INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK);
+ visual_init(vc, currcons, 1);
+ if (!*vc->vc_uni_pagedir_loc)
+ con_set_default_unimap(vc);
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 14:39:36 2007
+From: Nick Piggin <npiggin@suse.de>
+Date: Fri, 16 Mar 2007 13:38:10 -0800
+Subject: mm: fix madvise infinine loop
+Cc: npiggin@suse.de, hugh@veritas.com, akpm@linux-foundation.org, pbadari@us.ibm.com, stable@kernel.org
+Message-ID: <200703162138.l2GLcAaG022320@shell0.pdx.osdl.net>
+
+From: Nick Piggin <npiggin@suse.de>
+
+madvise(MADV_REMOVE) can go into an infinite loop or cause an oops if the
+call covers a region from the start of a vma, and extending past that vma.
+
+Signed-off-by: Nick Piggin <npiggin@suse.de>
+Cc: Badari Pulavarty <pbadari@us.ibm.com>
+Acked-by: Hugh Dickins <hugh@veritas.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/madvise.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/mm/madvise.c
++++ b/mm/madvise.c
+@@ -155,11 +155,14 @@ static long madvise_dontneed(struct vm_a
+ * Other filesystems return -ENOSYS.
+ */
+ static long madvise_remove(struct vm_area_struct *vma,
++ struct vm_area_struct **prev,
+ unsigned long start, unsigned long end)
+ {
+ struct address_space *mapping;
+ loff_t offset, endoff;
+
++ *prev = vma;
++
+ if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
+ return -EINVAL;
+
+@@ -199,7 +202,7 @@ madvise_vma(struct vm_area_struct *vma,
+ error = madvise_behavior(vma, prev, start, end, behavior);
+ break;
+ case MADV_REMOVE:
+- error = madvise_remove(vma, start, end);
++ error = madvise_remove(vma, prev, start, end);
+ break;
+
+ case MADV_WILLNEED:
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 14:40:29 2007
+From: Trond Myklebust <trond.myklebust@fys.uio.no>
+Date: Fri, 16 Mar 2007 13:38:28 -0800
+Subject: nfs: nfs_getattr() can't call nfs_sync_mapping_range() for non-regular files
+To: torvalds@linux-foundation.org
+Cc: olof@lixom.net, akpm@linux-foundation.org, Trond.Myklebust@netapp.com, stable@kernel.org, trond.myklebust@fys.uio.no
+Message-ID: <200703162138.l2GLcSBK022391@shell0.pdx.osdl.net>
+
+
+From: Trond Myklebust <trond.myklebust@fys.uio.no>
+
+Looks like we need a check in nfs_getattr() for a regular file. It makes
+no sense to call nfs_sync_mapping_range() on anything else. I think that
+should fix your problem: it will stop the NFS client from interfering
+with dirty pages on that inode's mapping.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Acked-by: Olof Johansson <olof@lixom.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/inode.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/nfs/inode.c
++++ b/fs/nfs/inode.c
+@@ -422,7 +422,8 @@ int nfs_getattr(struct vfsmount *mnt, st
+ int err;
+
+ /* Flush out writes to the server in order to update c/mtime */
+- nfs_sync_mapping_range(inode->i_mapping, 0, 0, FLUSH_NOCOMMIT);
++ if (S_ISREG(inode->i_mode))
++ nfs_sync_mapping_range(inode->i_mapping, 0, 0, FLUSH_NOCOMMIT);
+
+ /*
+ * We may force a getattr if the user cares about atime.
netfilter-nfnetlink_log-fix-reference-counting.patch
ia64-fix-null-pointer-in-ia64-irq_chip-mask-unmask-function.patch
adjust-legacy-ide-resource-setting.patch
+mm-fix-madvise-infinine-loop.patch
+ehci-add-delay-to-bus_resume-before-accessing-ports.patch
+initialise-sak-member-for-each-virtual-console-to-prevent-oops.patch
+initialise-pi_lock-if-config_rt_mutexes-n.patch
+futex-pi-state-locking-fix.patch
+nfs-nfs_getattr-can-t-call-nfs_sync_mapping_range-for-non-regular-files.patch
+hrtimer-prevent-overrun-dos-in-hrtimer_forward.patch
+fix-mtime_sec_max-on-32-bit.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
