--- /dev/null
+From ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Sat, 1 Sep 2012 12:34:07 -0400
+Subject: Fix order of arguments to compat_put_time[spec|val]
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d upstream.
+
+Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in
+net/socket.c") introduced a bug where the helper functions to take
+either a 64-bit or compat time[spec|val] got the arguments in the wrong
+order, passing the kernel stack pointer off as a user pointer (and vice
+versa).
+
+Because of the user address range check, that in turn then causes an
+EFAULT due to the user pointer range checking failing for the kernel
+address. Incorrectly resuling in a failed system call for 32-bit
+processes with a 64-bit kernel.
+
+On odder architectures like HP-PA (with separate user/kernel address
+spaces), it can be used read kernel memory.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -2605,7 +2605,7 @@ static int do_siocgstamp(struct net *net
+ err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
+ set_fs(old_fs);
+ if (!err)
+- err = compat_put_timeval(up, &ktv);
++ err = compat_put_timeval(&ktv, up);
+
+ return err;
+ }
+@@ -2621,7 +2621,7 @@ static int do_siocgstampns(struct net *n
+ err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
+ set_fs(old_fs);
+ if (!err)
+- err = compat_put_timespec(up, &kts);
++ err = compat_put_timespec(&kts, up);
+
+ return err;
+ }
--- /dev/null
+From ab6f148de28261682d300662e87b9477f7efc95b Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oliver@neukum.org>
+Date: Sun, 26 Aug 2012 20:41:38 +0000
+Subject: usbnet: fix deadlock in resume
+
+From: Oliver Neukum <oliver@neukum.org>
+
+commit ab6f148de28261682d300662e87b9477f7efc95b upstream.
+
+A usbnet device can share a multifunction device
+with a storage device. If the storage device is autoresumed
+the usbnet devices also needs to be autoresumed. Allocating
+memory with GFP_KERNEL can deadlock in this case.
+
+This should go back into all kernels that have
+commit 65841fd5132c3941cdf5df09e70df3ed28323212
+That is 3.5
+
+Signed-off-by: Oliver Neukum <oneukum@suse.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/usb/usbnet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/usb/usbnet.c
++++ b/drivers/net/usb/usbnet.c
+@@ -1580,7 +1580,7 @@ int usbnet_resume (struct usb_interface
+ netif_device_present(dev->net) &&
+ !timer_pending(&dev->delay) &&
+ !test_bit(EVENT_RX_HALT, &dev->flags))
+- rx_alloc_submit(dev, GFP_KERNEL);
++ rx_alloc_submit(dev, GFP_NOIO);
+
+ if (!(dev->txq.qlen >= TX_QLEN(dev)))
+ netif_tx_wake_all_queues(dev->net);
projects / thirdparty / kernel / stable-queue.git / commitdiff
