3.0-stable patches

added patches:
	scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
	scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch

diff --git a/queue-3.0/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch b/queue-3.0/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
new file mode 100644 (file)
index 0000000..a1974b8
--- /dev/null
+++ b/queue-3.0/scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch
@@ -0,0 +1,43 @@
+From 16da05b1158d1bcb31656e636a8736a663b1cf1f Mon Sep 17 00:00:00 2001
+From: Andi Kleen <andi@firstfloor.org>
+Date: Mon, 3 Sep 2012 20:50:30 +0200
+Subject: SCSI: Fix incorrect memset in bnx2fc_parse_fcp_rsp
+
+From: Andi Kleen <andi@firstfloor.org>
+
+commit 16da05b1158d1bcb31656e636a8736a663b1cf1f upstream.
+
+gcc 4.8 warns because the memset only clears sizeof(char *) bytes, not
+the whole buffer. Use the correct buffer size and clear the whole sense
+buffer.
+
+/backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c: In
+function 'bnx2fc_parse_fcp_rsp':
+/backup/lsrc/git/linux-lto-2.6/drivers/scsi/bnx2fc/bnx2fc_io.c:1810:41:
+warning: argument to 'sizeof' in 'memset' call is the same expression as
+the destination; did you mean to provide an explicit length?
+[-Wsizeof-pointer-memaccess]
+   memset(sc_cmd->sense_buffer, 0, sizeof(sc_cmd->sense_buffer));
+                                         ^
+
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Acked-by: Bhanu Prakash Gollapudi <bprakash@broadcom.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Cc: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/bnx2fc/bnx2fc_io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/bnx2fc/bnx2fc_io.c
++++ b/drivers/scsi/bnx2fc/bnx2fc_io.c
+@@ -1618,7 +1618,7 @@ static void bnx2fc_parse_fcp_rsp(struct
+                       fcp_sns_len = SCSI_SENSE_BUFFERSIZE;
+               }
+ 
+-              memset(sc_cmd->sense_buffer, 0, sizeof(sc_cmd->sense_buffer));
++              memset(sc_cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
+               if (fcp_sns_len)
+                       memcpy(sc_cmd->sense_buffer, rq_data, fcp_sns_len);
+ 

diff --git a/queue-3.0/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch b/queue-3.0/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch
new file mode 100644 (file)
index 0000000..61a62a4
--- /dev/null
+++ b/queue-3.0/scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch
@@ -0,0 +1,44 @@
+From 7a6a731bd00ca90d0e250867c3b9c05b5ff0fa49 Mon Sep 17 00:00:00 2001
+From: Bjørn Mork <bjorn@mork.no>
+Date: Wed, 21 Nov 2012 09:54:48 +0100
+Subject: SCSI: megaraid_sas: fix memory leak if SGL has zero length entries
+
+From: Bjørn Mork <bjorn@mork.no>
+
+commit 7a6a731bd00ca90d0e250867c3b9c05b5ff0fa49 upstream.
+
+commit 98cb7e44 ([SCSI] megaraid_sas: Sanity check user
+supplied length before passing it to dma_alloc_coherent())
+introduced a memory leak.  Memory allocated for entries
+following zero length SGL entries will not be freed.
+
+Reference: http://bugs.debian.org/688198
+
+Signed-off-by: Bjørn Mork <bjorn@mork.no>
+Acked-by: Adam Radford <aradford@gmail.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/megaraid/megaraid_sas_base.c |   10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/scsi/megaraid/megaraid_sas_base.c
++++ b/drivers/scsi/megaraid/megaraid_sas_base.c
+@@ -4746,10 +4746,12 @@ megasas_mgmt_fw_ioctl(struct megasas_ins
+                                   sense, sense_handle);
+       }
+ 
+-      for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) {
+-              dma_free_coherent(&instance->pdev->dev,
+-                                  kern_sge32[i].length,
+-                                  kbuff_arr[i], kern_sge32[i].phys_addr);
++      for (i = 0; i < ioc->sge_count; i++) {
++              if (kbuff_arr[i])
++                      dma_free_coherent(&instance->pdev->dev,
++                                        kern_sge32[i].length,
++                                        kbuff_arr[i],
++                                        kern_sge32[i].phys_addr);
+       }
+ 
+       megasas_return_cmd(instance, cmd);

diff --git a/queue-3.0/series b/queue-3.0/series
index d0c5b09a5fcc929a6f84464385a4ce3395505364..3c27c6d8b351190965fa3a5293c82cad3ecf65d1 100644 (file)
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -26,3 +26,5 @@ dummy-fix-oops-when-loading-the-dummy-failed.patch
 ifb-fix-oops-when-loading-the-ifb-failed.patch
 vlan-fix-a-race-in-egress-prio-management.patch
 writeback-fix-periodic-writeback-after-fs-mount.patch
+scsi-megaraid_sas-fix-memory-leak-if-sgl-has-zero-length-entries.patch
+scsi-fix-incorrect-memset-in-bnx2fc_parse_fcp_rsp.patch