--- /dev/null
+From 39a0ad871000d2a016a4fa113a6e53d22aabf25d Mon Sep 17 00:00:00 2001
+From: Zhao Yakui <yakui.zhao@intel.com>
+Date: Mon, 11 Aug 2008 13:40:22 +0800
+Subject: ACPI : Load device driver according to the status of acpi device
+
+From: Zhao Yakui <yakui.zhao@intel.com>
+
+commit 39a0ad871000d2a016a4fa113a6e53d22aabf25d upstream.
+
+According to ACPI spec when the status of some device is not present
+but functional, the device is valid and the children of this device
+should be enumerated. It means that the device should be added to
+linux acpi device tree. But the device driver for this device should not
+be loaded.
+ The detailed info can be found in the section 6.3.7 of ACPI 3.0b spec.
+ _STA may return bit 0 clear (not present) with bit 3 set (device is
+functional). This case is used to indicate a valid device for which no
+device driver should be loaded (for example, a bridge device.).
+Children of this device may be present and valid. OS should continue
+enumeration below a device whose _STA returns this bit combination
+
+http://bugzilla.kernel.org/show_bug.cgi?id=3358
+
+Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
+Signed-off-by: Li Shaohua <shaohua.li@intel.com>
+Signed-off-by: Zhang Rui <rui.zhang@intel.com>
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Len Brown <len.brown@intel.com>
+Cc: Holger Macht <hmacht@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/acpi/bus.c | 16 ++++++++--------
+ drivers/acpi/scan.c | 35 +++++++++++++++++++++++++----------
+ drivers/pnp/pnpacpi/core.c | 6 +++++-
+ 3 files changed, 38 insertions(+), 19 deletions(-)
+
+--- a/drivers/acpi/bus.c
++++ b/drivers/acpi/bus.c
+@@ -95,21 +95,21 @@ int acpi_bus_get_status(struct acpi_devi
+ }
+
+ /*
+- * Otherwise we assume the status of our parent (unless we don't
+- * have one, in which case status is implied).
++ * According to ACPI spec some device can be present and functional
++ * even if the parent is not present but functional.
++ * In such conditions the child device should not inherit the status
++ * from the parent.
+ */
+- else if (device->parent)
+- device->status = device->parent->status;
+ else
+ STRUCT_TO_INT(device->status) =
+ ACPI_STA_DEVICE_PRESENT | ACPI_STA_DEVICE_ENABLED |
+ ACPI_STA_DEVICE_UI | ACPI_STA_DEVICE_FUNCTIONING;
+
+ if (device->status.functional && !device->status.present) {
+- printk(KERN_WARNING PREFIX "Device [%s] status [%08x]: "
+- "functional but not present; setting present\n",
+- device->pnp.bus_id, (u32) STRUCT_TO_INT(device->status));
+- device->status.present = 1;
++ ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Device [%s] status [%08x]: "
++ "functional but not present;\n",
++ device->pnp.bus_id,
++ (u32) STRUCT_TO_INT(device->status)));
+ }
+
+ ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Device [%s] status [%08x]\n",
+--- a/drivers/acpi/scan.c
++++ b/drivers/acpi/scan.c
+@@ -276,6 +276,13 @@ int acpi_match_device_ids(struct acpi_de
+ {
+ const struct acpi_device_id *id;
+
++ /*
++ * If the device is not present, it is unnecessary to load device
++ * driver for it.
++ */
++ if (!device->status.present)
++ return -ENODEV;
++
+ if (device->flags.hardware_id) {
+ for (id = ids; id->id[0]; id++) {
+ if (!strcmp((char*)id->id, device->pnp.hardware_id))
+@@ -1221,15 +1228,18 @@ acpi_add_single_object(struct acpi_devic
+ result = -ENODEV;
+ goto end;
+ }
+- if (!device->status.present) {
+- /* Bay and dock should be handled even if absent */
+- if (!ACPI_SUCCESS(
+- acpi_is_child_device(device, acpi_bay_match)) &&
+- !ACPI_SUCCESS(
+- acpi_is_child_device(device, acpi_dock_match))) {
+- result = -ENODEV;
+- goto end;
+- }
++ /*
++ * When the device is neither present nor functional, the
++ * device should not be added to Linux ACPI device tree.
++ * When the status of the device is not present but functinal,
++ * it should be added to Linux ACPI tree. For example : bay
++ * device , dock device.
++ * In such conditions it is unncessary to check whether it is
++ * bay device or dock device.
++ */
++ if (!device->status.present && !device->status.functional) {
++ result = -ENODEV;
++ goto end;
+ }
+ break;
+ default:
+@@ -1402,7 +1412,12 @@ static int acpi_bus_scan(struct acpi_dev
+ * TBD: Need notifications and other detection mechanisms
+ * in place before we can fully implement this.
+ */
+- if (child->status.present) {
++ /*
++ * When the device is not present but functional, it is also
++ * necessary to scan the children of this device.
++ */
++ if (child->status.present || (!child->status.present &&
++ child->status.functional)) {
+ status = acpi_get_next_object(ACPI_TYPE_ANY, chandle,
+ NULL, NULL);
+ if (ACPI_SUCCESS(status)) {
+--- a/drivers/pnp/pnpacpi/core.c
++++ b/drivers/pnp/pnpacpi/core.c
+@@ -148,9 +148,13 @@ static int __init pnpacpi_add_device(str
+ acpi_status status;
+ struct pnp_dev *dev;
+
++ /*
++ * If a PnPacpi device is not present , the device
++ * driver should not be loaded.
++ */
+ status = acpi_get_handle(device->handle, "_CRS", &temp);
+ if (ACPI_FAILURE(status) || !ispnpidacpi(acpi_device_hid(device)) ||
+- is_exclusive_device(device))
++ is_exclusive_device(device) || (!device->status.present))
+ return 0;
+
+ dev = pnp_alloc_dev(&pnpacpi_protocol, num, acpi_device_hid(device));
--- /dev/null
+From 5c06fe772da43db63b053addcd2c267f76d0be91 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@ZenIV.linux.org.uk>
+Date: Sun, 16 Nov 2008 22:19:10 +0000
+Subject: Fix broken ownership of /proc/sys/ files
+
+From: Al Viro <viro@ZenIV.linux.org.uk>
+
+commit 5c06fe772da43db63b053addcd2c267f76d0be91 upstream.
+
+D'oh...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Reported-and-tested-by: Peter Palfrader <peter@palfrader.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/proc/proc_sysctl.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/proc/proc_sysctl.c
++++ b/fs/proc/proc_sysctl.c
+@@ -31,6 +31,7 @@ static struct inode *proc_sys_make_inode
+ inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
+ inode->i_flags |= S_PRIVATE; /* tell selinux to ignore this inode */
+ inode->i_mode = table->mode;
++ inode->i_uid = inode->i_gid = 0;
+ if (!table->child) {
+ inode->i_mode |= S_IFREG;
+ inode->i_op = &proc_sys_inode_operations;
--- /dev/null
+From 74af283102b358b0da545460d0d176f473e110f6 Mon Sep 17 00:00:00 2001
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+Date: Fri, 14 Nov 2008 18:18:07 +0100
+Subject: S390: cpu topology: fix locking
+
+From: Heiko Carstens <heiko.carstens@de.ibm.com>
+
+commit 74af283102b358b0da545460d0d176f473e110f6 upstream.
+
+cpu_coregroup_map used to grab a mutex on s390 since it was only
+called from process context.
+Since c7c22e4d5c1fdebfac4dba76de7d0338c2b0d832 "block: add support
+for IO CPU affinity" this is not true anymore.
+It now also gets called from softirq context.
+
+To prevent possible deadlocks change this in architecture code and
+use a spinlock instead of a mutex.
+
+Cc: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/s390/kernel/topology.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/arch/s390/kernel/topology.c
++++ b/arch/s390/kernel/topology.c
+@@ -65,18 +65,21 @@ static int machine_has_topology_irq;
+ static struct timer_list topology_timer;
+ static void set_topology_timer(void);
+ static DECLARE_WORK(topology_work, topology_work_fn);
++/* topology_lock protects the core linked list */
++static DEFINE_SPINLOCK(topology_lock);
+
+ cpumask_t cpu_core_map[NR_CPUS];
+
+ cpumask_t cpu_coregroup_map(unsigned int cpu)
+ {
+ struct core_info *core = &core_info;
++ unsigned long flags;
+ cpumask_t mask;
+
+ cpus_clear(mask);
+ if (!machine_has_topology)
+ return cpu_present_map;
+- mutex_lock(&smp_cpu_state_mutex);
++ spin_lock_irqsave(&topology_lock, flags);
+ while (core) {
+ if (cpu_isset(cpu, core->mask)) {
+ mask = core->mask;
+@@ -84,7 +87,7 @@ cpumask_t cpu_coregroup_map(unsigned int
+ }
+ core = core->next;
+ }
+- mutex_unlock(&smp_cpu_state_mutex);
++ spin_unlock_irqrestore(&topology_lock, flags);
+ if (cpus_empty(mask))
+ mask = cpumask_of_cpu(cpu);
+ return mask;
+@@ -133,7 +136,7 @@ static void tl_to_cores(struct tl_info *
+ union tl_entry *tle, *end;
+ struct core_info *core = &core_info;
+
+- mutex_lock(&smp_cpu_state_mutex);
++ spin_lock_irq(&topology_lock);
+ clear_cores();
+ tle = info->tle;
+ end = (union tl_entry *)((unsigned long)info + info->length);
+@@ -157,7 +160,7 @@ static void tl_to_cores(struct tl_info *
+ }
+ tle = next_tle(tle);
+ }
+- mutex_unlock(&smp_cpu_state_mutex);
++ spin_unlock_irq(&topology_lock);
+ }
+
+ static void topology_update_polarization_simple(void)
-net-fix-proc-net-snmp-as-memory-corruptor.patch
touch_mnt_namespace-when-the-mount-flags-change.patch
iwlagn-avoid-sleep-in-softirq-context.patch
ath5k-fix-suspend-related-oops-on-rmmod.patch
memory-hotplug-fix-page_zone-calculation-in-test_pages_isolated.patch
r8169-select-mii-in-kconfig.patch
sony-laptop-ignore-missing-_dis-method-on-pic-device.patch
+net-fix-proc-net-snmp-as-memory-corruptor.patch
+fix-broken-ownership-of-proc-sys-files.patch
+v4l-dvb-cve-2008-5033-fix-oops-on-tvaudio-when-controlling-bass-treble.patch
+s390-cpu-topology-fix-locking.patch
+acpi-load-device-driver-according-to-the-status-of-acpi-device.patch
--- /dev/null
+From 01a1a3cc1e3fbe718bd06a2a5d4d1a2d0fb4d7d9 Mon Sep 17 00:00:00 2001
+From: Mauro Carvalho Chehab <mchehab@redhat.com>
+Date: Fri, 14 Nov 2008 10:46:59 -0300
+Subject: V4L/DVB (9624): CVE-2008-5033: fix OOPS on tvaudio when controlling bass/treble
+
+From: Mauro Carvalho Chehab <mchehab@redhat.com>
+
+commit 01a1a3cc1e3fbe718bd06a2a5d4d1a2d0fb4d7d9 upstream.
+
+This bug were supposed to be fixed by 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1,
+where a call to NULL happens.
+
+Not all tvaudio chips allow controlling bass/treble. So, the driver
+has a table with a flag to indicate if the chip does support it.
+
+Unfortunately, the handling of this logic were broken for a very long
+time (probably since the first module version). Due to that, an OOPS
+were generated for devices that don't support bass/treble.
+
+This were the resulting OOPS message before the patch, with debug messages
+enabled:
+
+tvaudio' 1-005b: VIDIOC_S_CTRL
+BUG: unable to handle kernel NULL pointer dereference at 00000000
+IP: [<00000000>]
+*pde = 22fda067 *pte = 00000000
+Oops: 0000 [#1] SMP
+Modules linked in: snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device
+snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_hwdep snd soundcore tuner_simple tuner_types tea5767 tuner
+tvaudio bttv bridgebnep rfcomm l2cap bluetooth it87 hwmon_vid hwmon fuse sunrpc ipt_REJECT
+nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack
+ip6table_filter ip6_tables x_tables ipv6 dm_mirrordm_multipath dm_mod configfs videodev v4l1_compat
+ir_common 8139cp compat_ioctl32 v4l2_common 8139too videobuf_dma_sg videobuf_core mii btcx_risc tveeprom
+i915 button snd_page_alloc serio_raw drm pcspkr i2c_algo_bit i2c_i801 i2c_core iTCO_wdt
+iTCO_vendor_support sr_mod cdrom sg ata_generic pata_acpi ata_piix libata sd_mod scsi_mod ext3 jbdmbcache
+uhci_hcd ohci_hcd ehci_hcd [last unloaded: soundcore]
+
+Pid: 15413, comm: qv4l2 Not tainted (2.6.25.14-108.fc9.i686 #1)
+EIP: 0060:[<00000000>] EFLAGS: 00210246 CPU: 0
+EIP is at 0x0
+EAX: 00008000 EBX: ebd21600 ECX: e2fd9ec4 EDX: 00200046
+ESI: f8c0f0c4 EDI: f8c0f0c4 EBP: e2fd9d50 ESP: e2fd9d2c
+ DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
+Process qv4l2 (pid: 15413, ti=e2fd9000 task=ebe44000 task.ti=e2fd9000)
+Stack: f8c0c6ae e2ff2a00 00000d00 e2fd9ec4 ebc4e000 e2fd9d5c f8c0c448 00000000
+ f899c12a e2fd9d5c f899c154 e2fd9d68 e2fd9d80 c0560185 e2fd9d88 f8f3e1d8
+ f8f3e1dc ebc4e034 f8f3e18c e2fd9ec4 00000000 e2fd9d90 f899c286 c008561c
+Call Trace:
+ [<f8c0c6ae>] ? chip_command+0x266/0x4b6 [tvaudio]
+ [<f8c0c448>] ? chip_command+0x0/0x4b6 [tvaudio]
+ [<f899c12a>] ? i2c_cmd+0x0/0x2f [i2c_core]
+ [<f899c154>] ? i2c_cmd+0x2a/0x2f [i2c_core]
+ [<c0560185>] ? device_for_each_child+0x21/0x49
+ [<f899c286>] ? i2c_clients_command+0x1c/0x1e [i2c_core]
+ [<f8f283d8>] ? bttv_call_i2c_clients+0x14/0x16 [bttv]
+ [<f8f23601>] ? bttv_s_ctrl+0x1bc/0x313 [bttv]
+ [<f8f23445>] ? bttv_s_ctrl+0x0/0x313 [bttv]
+ [<f8b6096d>] ? __video_do_ioctl+0x1f84/0x3726 [videodev]
+ [<c05abb4e>] ? sock_aio_write+0x100/0x10d
+ [<c041b23e>] ? kmap_atomic_prot+0x1dd/0x1df
+ [<c043a0c9>] ? enqueue_hrtimer+0xc2/0xcd
+ [<c04f4fa4>] ? copy_from_user+0x39/0x121
+ [<f8b622b9>] ? __video_ioctl2+0x1aa/0x24a [videodev]
+ [<c04054fd>] ? do_notify_resume+0x768/0x795
+ [<c043c0f7>] ? getnstimeofday+0x34/0xd1
+ [<c0437b77>] ? autoremove_wake_function+0x0/0x33
+ [<f8b62368>] ? video_ioctl2+0xf/0x13 [videodev]
+ [<c048c6f0>] ? vfs_ioctl+0x50/0x69
+ [<c048c942>] ? do_vfs_ioctl+0x239/0x24c
+ [<c048c995>] ? sys_ioctl+0x40/0x5b
+ [<c0405bf2>] ? syscall_call+0x7/0xb
+ [<c0620000>] ? cpuid4_cache_sysfs_exit+0x3d/0x69
+ =======================
+Code: Bad EIP value.
+EIP: [<00000000>] 0x0 SS:ESP 0068:e2fd9d2c
+
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/tvaudio.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/drivers/media/video/tvaudio.c
++++ b/drivers/media/video/tvaudio.c
+@@ -1576,13 +1576,13 @@ static int tvaudio_get_ctrl(struct CHIPS
+ return 0;
+ }
+ case V4L2_CID_AUDIO_BASS:
+- if (desc->flags & CHIP_HAS_BASSTREBLE)
++ if (!(desc->flags & CHIP_HAS_BASSTREBLE))
+ break;
+ ctrl->value = chip->bass;
+ return 0;
+ case V4L2_CID_AUDIO_TREBLE:
+- if (desc->flags & CHIP_HAS_BASSTREBLE)
+- return -EINVAL;
++ if (!(desc->flags & CHIP_HAS_BASSTREBLE))
++ break;
+ ctrl->value = chip->treble;
+ return 0;
+ }
+@@ -1642,16 +1642,15 @@ static int tvaudio_set_ctrl(struct CHIPS
+ return 0;
+ }
+ case V4L2_CID_AUDIO_BASS:
+- if (desc->flags & CHIP_HAS_BASSTREBLE)
++ if (!(desc->flags & CHIP_HAS_BASSTREBLE))
+ break;
+ chip->bass = ctrl->value;
+ chip_write(chip,desc->bassreg,desc->bassfunc(chip->bass));
+
+ return 0;
+ case V4L2_CID_AUDIO_TREBLE:
+- if (desc->flags & CHIP_HAS_BASSTREBLE)
+- return -EINVAL;
+-
++ if (!(desc->flags & CHIP_HAS_BASSTREBLE))
++ break;
+ chip->treble = ctrl->value;
+ chip_write(chip,desc->treblereg,desc->treblefunc(chip->treble));
+
+@@ -1695,7 +1694,7 @@ static int chip_command(struct i2c_clien
+ break;
+ case V4L2_CID_AUDIO_BASS:
+ case V4L2_CID_AUDIO_TREBLE:
+- if (desc->flags & CHIP_HAS_BASSTREBLE)
++ if (!(desc->flags & CHIP_HAS_BASSTREBLE))
+ return -EINVAL;
+ break;
+ default:
projects / thirdparty / kernel / stable-queue.git / commitdiff
