--- /dev/null
+From 18d8217bc441630c3c5ec7416c5a65c69e8a0979 Mon Sep 17 00:00:00 2001
+From: Ed Cashin <ecashin@coraid.com>
+Date: Thu, 10 Sep 2009 22:30:47 +0200
+Subject: aoe: end barrier bios with EOPNOTSUPP
+
+From: Ed Cashin <ecashin@coraid.com>
+
+commit 18d8217bc441630c3c5ec7416c5a65c69e8a0979 upstream.
+
+BugLink: http://bugzilla.kernel.org/show_bug.cgi?id=13942
+
+Bruno Premont noticed that aoe throws a BUG during umount of an XFS in
+2.6.31:
+
+[ 5259.349897] aoe: bi_io_vec is NULL
+[ 5259.349940] ------------[ cut here ]------------
+[ 5259.349958] kernel BUG at /usr/src/linux-2.6/drivers/block/aoe/aoeblk.c:177!
+[ 5259.349990] invalid opcode: 0000 [#1]
+
+The bio in question is a barrier. Jens Axboe suggested that such bios
+need to be recognized and ended with -EOPNOTSUPP by any driver that
+provides its own ->make_request_fn handler and does not handle
+barriers.
+
+In testing the changes below eliminate the BUG.
+
+(Better would be real barrier support, something that Ed says he'll add
+for later in the .32 cycle. For now, this at least gets rid of a bug
+with crashing on an empty barrier. Jens)
+
+Signed-off-by: Ed L. Cashin <ecashin@coraid.com>
+Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/block/aoe/aoeblk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/block/aoe/aoeblk.c
++++ b/drivers/block/aoe/aoeblk.c
+@@ -176,6 +176,9 @@ aoeblk_make_request(struct request_queue
+ BUG();
+ bio_endio(bio, -ENXIO);
+ return 0;
++ } else if (bio_rw_flagged(bio, BIO_RW_BARRIER)) {
++ bio_endio(bio, -EOPNOTSUPP);
++ return 0;
+ } else if (bio->bi_io_vec == NULL) {
+ printk(KERN_ERR "aoe: bi_io_vec is NULL\n");
+ BUG();
--- /dev/null
+From e0188829cb724e7d12a2d4e343b368ff1d6e1471 Mon Sep 17 00:00:00 2001
+From: Stanislav Brabec <sbrabec@suse.cz>
+Date: Tue, 8 Dec 2009 21:00:22 -0800
+Subject: b44 WOL setup: one-bit-off stack corruption kernel panic fix
+
+From: Stanislav Brabec <sbrabec@suse.cz>
+
+commit e0188829cb724e7d12a2d4e343b368ff1d6e1471 upstream.
+
+About 50% of shutdowns of b44 Ethernet adapter ends by kernel panic
+with kernels compiled with stack-protector.
+
+Checking b44_magic_pattern() return values, one call of
+b44_magic_pattern() returns 127. It means, that set_bit(128, pmask)
+was called on line 1509. It means that bit 0 of 17th byte of pmask was
+overwritten. But pmask has only 16 bytes. Stack corruption happens.
+
+It seems that set_bit() on line 1509 always writes one bit off.
+
+The fix does not only solve the stack corruption, but also makes Wake
+On LAN working on my onboard B44 on Asus A7V-333X mainboard.
+
+It seems that this problem affects all kernel versions since commit
+725ad800 ([PATCH] b44: add wol for old nic) on 2006-06-20.
+
+Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/b44.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/net/b44.c
++++ b/drivers/net/b44.c
+@@ -1502,8 +1502,7 @@ static int b44_magic_pattern(u8 *macaddr
+ for (k = 0; k< ethaddr_bytes; k++) {
+ ppattern[offset + magicsync +
+ (j * ETH_ALEN) + k] = macaddr[k];
+- len++;
+- set_bit(len, (unsigned long *) pmask);
++ set_bit(len++, (unsigned long *) pmask);
+ }
+ }
+ return len - 1;
--- /dev/null
+From 41f8910040639eb106b1a5b5301aab79ecde4940 Mon Sep 17 00:00:00 2001
+From: Jiri Pirko <jpirko@redhat.com>
+Date: Fri, 24 Apr 2009 03:57:29 +0000
+Subject: bonding: ignore updelay param when there is no active slave
+
+From: Jiri Pirko <jpirko@redhat.com>
+
+commit 41f8910040639eb106b1a5b5301aab79ecde4940 upstream.
+
+Pointed out by Sean E. Millichamp.
+
+Quote from Documentation/networking/bonding.txt:
+"Note that when a bonding interface has no active links, the
+driver will immediately reuse the first link that goes up, even if the
+updelay parameter has been specified (the updelay is ignored in this
+case). If there are slave interfaces waiting for the updelay timeout
+to expire, the interface that first went into that state will be
+immediately reused. This reduces down time of the network if the
+value of updelay has been overestimated, and since this occurs only in
+cases with no connectivity, there is no additional penalty for
+ignoring the updelay."
+
+This patch actually changes the behaviour in this way.
+
+Signed-off-by: Jiri Pirko <jpirko@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Jean Delvare <jdelvare@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/bonding/bond_main.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -2228,6 +2228,9 @@ static int bond_miimon_inspect(struct bo
+ {
+ struct slave *slave;
+ int i, link_state, commit = 0;
++ bool ignore_updelay;
++
++ ignore_updelay = !bond->curr_active_slave ? true : false;
+
+ bond_for_each_slave(bond, slave, i) {
+ slave->new_link = BOND_LINK_NOCHANGE;
+@@ -2292,6 +2295,7 @@ static int bond_miimon_inspect(struct bo
+ ": %s: link status up for "
+ "interface %s, enabling it in %d ms.\n",
+ bond->dev->name, slave->dev->name,
++ ignore_updelay ? 0 :
+ bond->params.updelay *
+ bond->params.miimon);
+ }
+@@ -2310,9 +2314,13 @@ static int bond_miimon_inspect(struct bo
+ continue;
+ }
+
++ if (ignore_updelay)
++ slave->delay = 0;
++
+ if (slave->delay <= 0) {
+ slave->new_link = BOND_LINK_UP;
+ commit++;
++ ignore_updelay = false;
+ continue;
+ }
+
--- /dev/null
+From 76595f79d76fbe6267a51b3a866a028d150f06d4 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Fri, 5 Mar 2010 13:44:16 -0800
+Subject: coredump: suppress uid comparison test if core output files are pipes
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+commit 76595f79d76fbe6267a51b3a866a028d150f06d4 upstream.
+
+Modify uid check in do_coredump so as to not apply it in the case of
+pipes.
+
+This just got noticed in testing. The end of do_coredump validates the
+uid of the inode for the created file against the uid of the crashing
+process to ensure that no one can pre-create a core file with different
+ownership and grab the information contained in the core when they
+shouldn' tbe able to. This causes failures when using pipes for a core
+dumps if the crashing process is not root, which is the uid of the pipe
+when it is created.
+
+The fix is simple. Since the check for matching uid's isn't relevant for
+pipes (a process can't create a pipe that the uermodehelper code will open
+anyway), we can just just skip it in the event ispipe is non-zero
+
+Reverts a pipe-affecting change which was accidentally made in
+
+: commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
+: Author: Ingo Molnar <mingo@elte.hu>
+: AuthorDate: Wed Nov 28 13:59:18 2007 +0100
+: Commit: Linus Torvalds <torvalds@woody.linux-foundation.org>
+: CommitDate: Wed Nov 28 10:58:01 2007 -0800
+:
+: vfs: coredumping fix
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Cc: Andi Kleen <andi@firstfloor.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: maximilian attems <max@stro.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/exec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1826,8 +1826,9 @@ int do_coredump(long signr, int exit_cod
+ /*
+ * Dont allow local users get cute and trick others to coredump
+ * into their pre-created files:
++ * Note, this is not relevant for pipes
+ */
+- if (inode->i_uid != current->fsuid)
++ if (!ispipe && (inode->i_uid != current->fsuid()))
+ goto close_fail;
+ if (!file->f_op)
+ goto close_fail;
kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch
fix-lookup_follow-on-automount-symlinks.patch
x86-ia32_aout-do-not-kill-argument-mapping.patch
+coredump-suppress-uid-comparison-test-if-core-output-files-are-pipes.patch
+bonding-ignore-updelay-param-when-there-is-no-active-slave.patch
+v4l-dvb-13961-em28xx-dvb-fix-memleak-in-dvb_fini.patch
+aoe-end-barrier-bios-with-eopnotsupp.patch
+b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch
--- /dev/null
+From 19f48cb105b7fa18d0dcab435919a3a29b7a7c4c Mon Sep 17 00:00:00 2001
+From: Francesco Lavra <francescolavra@interfree.it>
+Date: Thu, 31 Dec 2009 08:47:11 -0300
+Subject: V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini()
+
+From: Francesco Lavra <francescolavra@interfree.it>
+
+commit 19f48cb105b7fa18d0dcab435919a3a29b7a7c4c upstream.
+
+this patch fixes a memory leak which occurs when an em28xx card with DVB
+extension is unplugged or its DVB extension driver is unloaded. In
+dvb_fini(), dev->dvb must be freed before being set to NULL, as is done
+in dvb_init() in case of error.
+Note that this bug is also present in the latest stable kernel release.
+
+Signed-off-by: Francesco Lavra <francescolavra@interfree.it>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/em28xx/em28xx-dvb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/media/video/em28xx/em28xx-dvb.c
++++ b/drivers/media/video/em28xx/em28xx-dvb.c
+@@ -501,6 +501,7 @@ static int dvb_fini(struct em28xx *dev)
+
+ if (dev->dvb) {
+ unregister_dvb(dev->dvb);
++ kfree(dev->dvb);
+ dev->dvb = NULL;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
