--- /dev/null
+From 0ca69886a8273ac1350143d562280bfcbe4760dc Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Fri, 14 Jan 2011 09:14:33 +1100
+Subject: md: Ensure no IO request to get md device before it is properly initialised.
+
+From: NeilBrown <neilb@suse.de>
+
+commit 0ca69886a8273ac1350143d562280bfcbe4760dc upstream.
+
+When an md device is in the process of coming on line it is possible
+for an IO request (typically a partition table probe) to get through
+before the array is fully initialised, which can cause unexpected
+behaviour (e.g. a crash).
+
+So explicitly record when the array is ready for IO and don't allow IO
+through until then.
+
+There is no possibility for a similar problem when the array is going
+off-line as there must only be one 'open' at that time, and it is busy
+off-lining the array and so cannot send IO requests. So no memory
+barrier is needed in md_stop()
+
+This has been a bug since commit 409c57f3801 in 2.6.30 which
+introduced md_make_request. Before then, each personality would
+register its own make_request_fn when it was ready.
+This is suitable for any stable kernel from 2.6.30.y onwards.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Reported-by: "Hawrylewicz Czarnowski, Przemyslaw" <przemyslaw.hawrylewicz.czarnowski@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/md/md.c | 8 ++++++--
+ drivers/md/md.h | 3 ++-
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -288,10 +288,12 @@ static int md_make_request(struct reques
+ int rv;
+ int cpu;
+
+- if (mddev == NULL || mddev->pers == NULL) {
++ if (mddev == NULL || mddev->pers == NULL
++ || !mddev->ready) {
+ bio_io_error(bio);
+ return 0;
+ }
++ smp_rmb(); /* Ensure implications of 'active' are visible */
+ rcu_read_lock();
+ if (mddev->suspended) {
+ DEFINE_WAIT(__wait);
+@@ -4564,7 +4566,8 @@ int md_run(mddev_t *mddev)
+ mddev->safemode_timer.data = (unsigned long) mddev;
+ mddev->safemode_delay = (200 * HZ)/1000 +1; /* 200 msec delay */
+ mddev->in_sync = 1;
+-
++ smp_wmb();
++ mddev->ready = 1;
+ list_for_each_entry(rdev, &mddev->disks, same_set)
+ if (rdev->raid_disk >= 0) {
+ char nm[20];
+@@ -4725,6 +4728,7 @@ EXPORT_SYMBOL_GPL(md_stop_writes);
+
+ void md_stop(mddev_t *mddev)
+ {
++ mddev->ready = 0;
+ mddev->pers->stop(mddev);
+ if (mddev->pers->sync_request && mddev->to_remove == NULL)
+ mddev->to_remove = &md_redundancy_group;
+--- a/drivers/md/md.h
++++ b/drivers/md/md.h
+@@ -148,7 +148,8 @@ struct mddev_s
+ * are happening, so run/
+ * takeover/stop are not safe
+ */
+-
++ int ready; /* See when safe to pass
++ * IO requests down */
+ struct gendisk *gendisk;
+
+ struct kobject kobj;
--- /dev/null
+From 6c9879101442b08581e8a0e3ae6b7f643a78fd63 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Fri, 14 Jan 2011 09:13:53 +1100
+Subject: md: fix regression resulting in delays in clearing bits in a bitmap
+
+From: NeilBrown <neilb@suse.de>
+
+commit 6c9879101442b08581e8a0e3ae6b7f643a78fd63 upstream.
+
+commit 589a594be1fb (2.6.37-rc4) fixed a problem were md_thread would
+sometimes call the ->run function at a bad time.
+
+If an error is detected during array start up after the md_thread has
+been started, the md_thread is killed. This resulted in the ->run
+function being called once. However the array may not be in a state
+that it is safe to call ->run.
+
+However the fix imposed meant that ->run was not called on a timeout.
+This means that when an array goes idle, bitmap bits do not get
+cleared promptly. While the array is busy the bits will still be
+cleared when appropriate so this is not very serious. There is no
+risk to data.
+
+Change the test so that we only avoid calling ->run when the thread
+is being stopped. This more explicitly addresses the problem situation.
+
+This is suitable for 2.6.37-stable and any -stable kernel to which
+589a594be1fb was applied.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/md/md.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -6042,7 +6042,8 @@ static int md_thread(void * arg)
+ || kthread_should_stop(),
+ thread->timeout);
+
+- if (test_and_clear_bit(THREAD_WAKEUP, &thread->flags))
++ clear_bit(THREAD_WAKEUP, &thread->flags);
++ if (!kthread_should_stop())
+ thread->run(thread->mddev);
+ }
+
--- /dev/null
+From bf572541ab44240163eaa2d486b06f306a31d45a Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Wed, 12 Jan 2011 09:03:35 +1100
+Subject: md: fix regression with re-adding devices to arrays with no metadata
+
+From: NeilBrown <neilb@suse.de>
+
+commit bf572541ab44240163eaa2d486b06f306a31d45a upstream.
+
+Commit 1a855a0606 (2.6.37-rc4) fixed a problem where devices were
+re-added when they shouldn't be but caused a regression in a less
+common case that means sometimes devices cannot be re-added when they
+should be.
+
+In particular, when re-adding a device to an array without metadata
+we should always access the device, but after the above commit we
+didn't.
+
+This patch sets the In_sync flag in that case so that the re-add
+succeeds.
+
+This patch is suitable for any -stable kernel to which 1a855a0606 was
+applied.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/md/md.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -5159,9 +5159,10 @@ static int add_new_disk(mddev_t * mddev,
+ /* set saved_raid_disk if appropriate */
+ if (!mddev->persistent) {
+ if (info->state & (1<<MD_DISK_SYNC) &&
+- info->raid_disk < mddev->raid_disks)
++ info->raid_disk < mddev->raid_disks) {
+ rdev->raid_disk = info->raid_disk;
+- else
++ set_bit(In_sync, &rdev->flags);
++ } else
+ rdev->raid_disk = -1;
+ } else
+ super_types[mddev->major_version].
--- /dev/null
+From bf2cb0dab8c97f00a71875d9b13dbac17a2f47ca Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Fri, 14 Jan 2011 09:14:34 +1100
+Subject: md: Fix removal of extra drives when converting RAID6 to RAID5
+
+From: NeilBrown <neilb@suse.de>
+
+commit bf2cb0dab8c97f00a71875d9b13dbac17a2f47ca upstream.
+
+When a RAID6 is converted to a RAID5, the extra drive should
+be discarded. However it isn't due to a typo in a comparison.
+
+This bug was introduced in commit e93f68a1fc6 in 2.6.35-rc4
+and is suitable for any -stable since than.
+
+As the extra drive is not removed, the 'degraded' counter is wrong and
+so the RAID5 will not respond correctly to a subsequent failure.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/md/md.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -3117,7 +3117,7 @@ level_store(mddev_t *mddev, const char *
+ char nm[20];
+ if (rdev->raid_disk < 0)
+ continue;
+- if (rdev->new_raid_disk > mddev->raid_disks)
++ if (rdev->new_raid_disk >= mddev->raid_disks)
+ rdev->new_raid_disk = -1;
+ if (rdev->new_raid_disk == rdev->raid_disk)
+ continue;
--- /dev/null
+From e91ece5590b3c728624ab57043fc7a05069c604a Mon Sep 17 00:00:00 2001
+From: Chris Mason <chris.mason@oracle.com>
+Date: Mon, 7 Feb 2011 19:21:48 -0500
+Subject: md_make_request: don't touch the bio after calling make_request
+
+From: Chris Mason <chris.mason@oracle.com>
+
+commit e91ece5590b3c728624ab57043fc7a05069c604a upstream.
+
+md_make_request was calling bio_sectors() for part_stat_add
+after it was calling the make_request function. This is
+bad because the make_request function can free the bio and
+because the bi_size field can change around.
+
+The fix here was suggested by Jens Axboe. It saves the
+sector count before the make_request call. I hit this
+with CONFIG_DEBUG_PAGEALLOC turned on while trying to break
+his pretty fusionio card.
+
+Signed-off-by: Chris Mason <chris.mason@oracle.com>
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/md/md.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -287,6 +287,7 @@ static int md_make_request(struct reques
+ mddev_t *mddev = q->queuedata;
+ int rv;
+ int cpu;
++ unsigned int sectors;
+
+ if (mddev == NULL || mddev->pers == NULL
+ || !mddev->ready) {
+@@ -311,12 +312,16 @@ static int md_make_request(struct reques
+ atomic_inc(&mddev->active_io);
+ rcu_read_unlock();
+
++ /*
++ * save the sectors now since our bio can
++ * go away inside make_request
++ */
++ sectors = bio_sectors(bio);
+ rv = mddev->pers->make_request(mddev, bio);
+
+ cpu = part_stat_lock();
+ part_stat_inc(cpu, &mddev->gendisk->part0, ios[rw]);
+- part_stat_add(cpu, &mddev->gendisk->part0, sectors[rw],
+- bio_sectors(bio));
++ part_stat_add(cpu, &mddev->gendisk->part0, sectors[rw], sectors);
+ part_stat_unlock();
+
+ if (atomic_dec_and_test(&mddev->active_io) && mddev->suspended)
--- /dev/null
+From b7c7d01aaed1f71d9afe815a569f0a81465a1744 Mon Sep 17 00:00:00 2001
+From: Eugene Teo <eugeneteo@kernel.org>
+Date: Mon, 24 Jan 2011 21:05:17 -0800
+Subject: net: clear heap allocation for ethtool_get_regs()
+
+From: Eugene Teo <eugeneteo@kernel.org>
+
+commit b7c7d01aaed1f71d9afe815a569f0a81465a1744 upstream.
+
+There is a conflict between commit b00916b1 and a77f5db3. This patch resolves
+the conflict by clearing the heap allocation in ethtool_get_regs().
+
+Signed-off-by: Eugene Teo <eugeneteo@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/core/ethtool.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/core/ethtool.c
++++ b/net/core/ethtool.c
+@@ -817,7 +817,7 @@ static int ethtool_get_regs(struct net_d
+ if (regs.len > reglen)
+ regs.len = reglen;
+
+- regbuf = vmalloc(reglen);
++ regbuf = vzalloc(reglen);
+ if (!regbuf)
+ return -ENOMEM;
+
--- /dev/null
+From 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
+Date: Fri, 21 Jan 2011 16:40:31 +0900
+Subject: nilfs2: fix crash after one superblock became unavailable
+
+From: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
+
+commit 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 upstream.
+
+Fixes the following kernel oops in nilfs_setup_super() which could
+arise if one of two super-blocks is unavailable.
+
+> BUG: unable to handle kernel NULL pointer dereference at (null)
+> Pid: 3529, comm: mount.nilfs2 Not tainted 2.6.37 #1 /
+> EIP: 0060:[<c03196bc>] EFLAGS: 00010202 CPU: 3
+> EIP is at memcpy+0xc/0x1b
+> Call Trace:
+> [<f953720e>] ? nilfs_setup_super+0x6c/0xa5 [nilfs2]
+> [<f95369e9>] ? nilfs_get_root_dentry+0x81/0xcb [nilfs2]
+> [<f9537a08>] ? nilfs_mount+0x4f9/0x62c [nilfs2]
+> [<c02745cf>] ? kstrdup+0x36/0x3f
+> [<f953750f>] ? nilfs_mount+0x0/0x62c [nilfs2]
+> [<c0293940>] ? vfs_kern_mount+0x4d/0x12c
+> [<c02a5100>] ? get_fs_type+0x76/0x8f
+> [<c0293a68>] ? do_kern_mount+0x33/0xbf
+> [<c02a784a>] ? do_mount+0x2ed/0x714
+> [<c02a6171>] ? copy_mount_options+0x28/0xfc
+> [<c02a7ce3>] ? sys_mount+0x72/0xaf
+> [<c0473085>] ? syscall_call+0x7/0xb
+
+Reported-by: Wakko Warner <wakko@animx.eu.org>
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
+Tested-by: Wakko Warner <wakko@animx.eu.org>
+LKML-Reference: <20110121024918.GA29598@animx.eu.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nilfs2/super.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/nilfs2/super.c
++++ b/fs/nilfs2/super.c
+@@ -688,7 +688,8 @@ skip_mount_setup:
+ sbp[0]->s_state =
+ cpu_to_le16(le16_to_cpu(sbp[0]->s_state) & ~NILFS_VALID_FS);
+ /* synchronize sbp[1] with sbp[0] */
+- memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
++ if (sbp[1])
++ memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
+ return nilfs_commit_super(sbi, NILFS_SB_COMMIT_ALL);
+ }
+
--- /dev/null
+From 77c5fd19075d299fe820bb59bb21b0b113676e20 Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Sun, 9 Jan 2011 17:48:20 -0500
+Subject: pata_mpc52xx: inherit from ata_bmdma_port_ops
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 77c5fd19075d299fe820bb59bb21b0b113676e20 upstream.
+
+pata_mpc52xx supports BMDMA but inherits ata_sff_port_ops which
+triggers BUG_ON() when a DMA command is issued. Fix it.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Reported-by: Roman Fietze <roman.fietze@telemotive.de>
+Cc: Sergei Shtylyov <sshtylyov@mvista.com>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/pata_mpc52xx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ata/pata_mpc52xx.c
++++ b/drivers/ata/pata_mpc52xx.c
+@@ -610,7 +610,7 @@ static struct scsi_host_template mpc52xx
+ };
+
+ static struct ata_port_operations mpc52xx_ata_port_ops = {
+- .inherits = &ata_sff_port_ops,
++ .inherits = &ata_bmdma_port_ops,
+ .sff_dev_select = mpc52xx_ata_dev_select,
+ .set_piomode = mpc52xx_ata_set_piomode,
+ .set_dmamode = mpc52xx_ata_set_dmamode,
--- /dev/null
+From c3810c88788d505d4ffd786addd111b745e42161 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Tue, 25 Jan 2011 20:50:07 +0100
+Subject: PM / Runtime: Don't enable interrupts while running in_interrupt
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit c3810c88788d505d4ffd786addd111b745e42161 upstream.
+
+This patch (as1445) fixes a bug in the runtime PM core left over from
+the addition of the no_callbacks flag. If this flag is set then it is
+possible for rpm_suspend() to be called in_interrupt, so when
+releasing spinlocks it's important not to re-enable interrupts.
+
+To avoid an unnecessary save-and-restore of the interrupt flag, the
+patch also inlines a pm_request_idle() call.
+
+This fixes Bugzilla #27482.
+
+(The offending code was added in 2.6.37, so it's not necessary to apply
+this to any earlier stable kernels.)
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-by: tim blechmann <tim@klingt.org>
+Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/base/power/runtime.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/base/power/runtime.c
++++ b/drivers/base/power/runtime.c
+@@ -404,12 +404,15 @@ static int rpm_suspend(struct device *de
+ goto out;
+ }
+
++ /* Maybe the parent is now able to suspend. */
+ if (parent && !parent->power.ignore_children) {
+- spin_unlock_irq(&dev->power.lock);
++ spin_unlock(&dev->power.lock);
+
+- pm_request_idle(parent);
++ spin_lock(&parent->power.lock);
++ rpm_idle(parent, RPM_ASYNC);
++ spin_unlock(&parent->power.lock);
+
+- spin_lock_irq(&dev->power.lock);
++ spin_lock(&dev->power.lock);
+ }
+
+ out:
--- /dev/null
+From 350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8 Mon Sep 17 00:00:00 2001
+From: Eric Paris <eparis@redhat.com>
+Date: Thu, 16 Dec 2010 11:46:51 -0500
+Subject: SELinux: define permissions for DCB netlink messages
+
+From: Eric Paris <eparis@redhat.com>
+
+commit 350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8 upstream.
+
+Commit 2f90b865 added two new netlink message types to the netlink route
+socket. SELinux has hooks to define if netlink messages are allowed to
+be sent or received, but it did not know about these two new message
+types. By default we allow such actions so noone likely noticed. This
+patch adds the proper definitions and thus proper permissions
+enforcement.
+
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Cc: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ security/selinux/nlmsgtab.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/security/selinux/nlmsgtab.c
++++ b/security/selinux/nlmsgtab.c
+@@ -65,6 +65,8 @@ static struct nlmsg_perm nlmsg_route_per
+ { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+ { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+ { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
++ { RTM_GETDCB, NETLINK_ROUTE_SOCKET__NLMSG_READ },
++ { RTM_SETDCB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+ };
+
+ static struct nlmsg_perm nlmsg_firewall_perms[] =
--- /dev/null
+From 415103f9932d45f7927f4b17e3a9a13834cdb9a1 Mon Sep 17 00:00:00 2001
+From: Eric Paris <eparis@redhat.com>
+Date: Thu, 2 Dec 2010 16:13:40 -0500
+Subject: SELinux: do not compute transition labels on mountpoint labeled filesystems
+
+From: Eric Paris <eparis@redhat.com>
+
+commit 415103f9932d45f7927f4b17e3a9a13834cdb9a1 upstream.
+
+selinux_inode_init_security computes transitions sids even for filesystems
+that use mount point labeling. It shouldn't do that. It should just use
+the mount point label always and no matter what.
+
+This causes 2 problems. 1) it makes file creation slower than it needs to be
+since we calculate the transition sid and 2) it allows files to be created
+with a different label than the mount point!
+
+# id -Z
+staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
+# sesearch --type --class file --source sysadm_t --target tmp_t
+Found 1 semantic te rules:
+ type_transition sysadm_t tmp_t : file user_tmp_t;
+
+# mount -o loop,context="system_u:object_r:tmp_t:s0" /tmp/fs /mnt/tmp
+
+# ls -lZ /mnt/tmp
+drwx------. root root system_u:object_r:tmp_t:s0 lost+found
+# touch /mnt/tmp/file1
+# ls -lZ /mnt/tmp
+-rw-r--r--. root root staff_u:object_r:user_tmp_t:s0 file1
+drwx------. root root system_u:object_r:tmp_t:s0 lost+found
+
+Whoops, we have a mount point labeled filesystem tmp_t with a user_tmp_t
+labeled file!
+
+Signed-off-by: Eric Paris <eparis@redhat.com>
+Reviewed-by: Reviewed-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ security/selinux/hooks.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -2525,7 +2525,10 @@ static int selinux_inode_init_security(s
+ sid = tsec->sid;
+ newsid = tsec->create_sid;
+
+- if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
++ if ((sbsec->flags & SE_SBINITIALIZED) &&
++ (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
++ newsid = sbsec->mntpoint_sid;
++ else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
+ rc = security_transition_sid(sid, dsec->sid,
+ inode_mode_to_security_class(inode->i_mode),
+ &newsid);
fs-direct-io.c-don-t-try-to-allocate-more-than-bio_max_pages-in-a-bio.patch
kernel-smp.c-fix-smp_call_function_many-smp-race.patch
hostap_cs-fix-sleeping-function-called-from-invalid-context.patch
+md-fix-regression-with-re-adding-devices-to-arrays-with-no-metadata.patch
+md-fix-regression-resulting-in-delays-in-clearing-bits-in-a-bitmap.patch
+md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch
+md-fix-removal-of-extra-drives-when-converting-raid6-to-raid5.patch
+pata_mpc52xx-inherit-from-ata_bmdma_port_ops.patch
+md_make_request-don-t-touch-the-bio-after-calling-make_request.patch
+pm-runtime-don-t-enable-interrupts-while-running-in_interrupt.patch
+net-clear-heap-allocation-for-ethtool_get_regs.patch
+nilfs2-fix-crash-after-one-superblock-became-unavailable.patch
+tpm-fix-panic-caused-by-tpm-autodetect-itpm-devices.patch
+tpm-long-default-timeout-fix.patch
+tpm_tis-use-timeouts-returned-from-tpm.patch
+selinux-define-permissions-for-dcb-netlink-messages.patch
+selinux-do-not-compute-transition-labels-on-mountpoint-labeled-filesystems.patch
--- /dev/null
+From e5cce6c13c25d9ac56955a3ae2fd562719848172 Mon Sep 17 00:00:00 2001
+From: Olof Johansson <olof@lixom.net>
+Date: Thu, 6 Jan 2011 21:24:01 -0600
+Subject: tpm: fix panic caused by "tpm: Autodetect itpm devices"
+
+From: Olof Johansson <olof@lixom.net>
+
+commit e5cce6c13c25d9ac56955a3ae2fd562719848172 upstream.
+
+commit 3f0d3d016d89a5efb8b926d4707eb21fa13f3d27 adds a check for
+PNP device id to the common tpm_tis_init() function, which in some
+cases (force=1) will be called without the device being a member of
+a pnp_dev. Oopsing and panics ensue.
+
+Move the test up to before the call to tpm_tis_init(), since it
+just modifies a global variable anyway.
+
+Signed-off-by: Olof Johansson <olof@lixom.net>
+Acked-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
+Signed-off-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/tpm/tpm_tis.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/char/tpm/tpm_tis.c
++++ b/drivers/char/tpm/tpm_tis.c
+@@ -493,9 +493,6 @@ static int tpm_tis_init(struct device *d
+ "1.2 TPM (device-id 0x%X, rev-id %d)\n",
+ vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));
+
+- if (is_itpm(to_pnp_dev(dev)))
+- itpm = 1;
+-
+ if (itpm)
+ dev_info(dev, "Intel iTPM workaround enabled\n");
+
+@@ -637,6 +634,9 @@ static int __devinit tpm_tis_pnp_init(st
+ else
+ interrupts = 0;
+
++ if (is_itpm(pnp_dev))
++ itpm = 1;
++
+ return tpm_tis_init(&pnp_dev->dev, start, len, irq);
+ }
+
--- /dev/null
+From c4ff4b829ef9e6353c0b133b7adb564a68054979 Mon Sep 17 00:00:00 2001
+From: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
+Date: Fri, 12 Nov 2010 22:30:02 +0100
+Subject: TPM: Long default timeout fix
+
+From: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
+
+commit c4ff4b829ef9e6353c0b133b7adb564a68054979 upstream.
+
+If duration variable value is 0 at this point, it's because
+chip->vendor.duration wasn't filled by tpm_get_timeouts() yet.
+This patch sets then the lowest timeout just to give enough
+time for tpm_get_timeouts() to further succeed.
+
+This fix avoids long boot times in case another entity attempts
+to send commands to the TPM when the TPM isn't accessible.
+
+Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
+Signed-off-by: James Morris <jmorris@namei.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/tpm/tpm.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/char/tpm/tpm.c
++++ b/drivers/char/tpm/tpm.c
+@@ -364,12 +364,14 @@ unsigned long tpm_calc_ordinal_duration(
+ tpm_protected_ordinal_duration[ordinal &
+ TPM_PROTECTED_ORDINAL_MASK];
+
+- if (duration_idx != TPM_UNDEFINED)
++ if (duration_idx != TPM_UNDEFINED) {
+ duration = chip->vendor.duration[duration_idx];
+- if (duration <= 0)
++ /* if duration is 0, it's because chip->vendor.duration wasn't */
++ /* filled yet, so we set the lowest timeout just to give enough */
++ /* time for tpm_get_timeouts() to succeed */
++ return (duration <= 0 ? HZ : duration);
++ } else
+ return 2 * 60 * HZ;
+- else
+- return duration;
+ }
+ EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration);
+
--- /dev/null
+From 9b29050f8f75916f974a2d231ae5d3cd59792296 Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Date: Tue, 11 Jan 2011 14:37:29 -0500
+Subject: tpm_tis: Use timeouts returned from TPM
+
+From: Stefan Berger <stefanb@linux.vnet.ibm.com>
+
+commit 9b29050f8f75916f974a2d231ae5d3cd59792296 upstream.
+
+The current TPM TIS driver in git discards the timeout values returned
+from the TPM. The check of the response packet needs to consider that
+the return_code field is 0 on success and the size of the expected
+packet is equivalent to the header size + u32 length indicator for the
+TPM_GetCapability() result + 3 timeout indicators of type u32.
+
+I am also adding a sysfs entry 'timeouts' showing the timeouts that are
+being used.
+
+Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Tested-by: Guillaume Chazarain <guichaz@gmail.com>
+Signed-off-by: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/tpm/tpm.c | 18 ++++++++++++++++--
+ drivers/char/tpm/tpm.h | 2 ++
+ drivers/char/tpm/tpm_tis.c | 4 +++-
+ 3 files changed, 21 insertions(+), 3 deletions(-)
+
+--- a/drivers/char/tpm/tpm.c
++++ b/drivers/char/tpm/tpm.c
+@@ -577,9 +577,11 @@ duration:
+ if (rc)
+ return;
+
+- if (be32_to_cpu(tpm_cmd.header.out.return_code)
+- != 3 * sizeof(u32))
++ if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 ||
++ be32_to_cpu(tpm_cmd.header.out.length)
++ != sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32))
+ return;
++
+ duration_cap = &tpm_cmd.params.getcap_out.cap.duration;
+ chip->vendor.duration[TPM_SHORT] =
+ usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short));
+@@ -923,6 +925,18 @@ ssize_t tpm_show_caps_1_2(struct device
+ }
+ EXPORT_SYMBOL_GPL(tpm_show_caps_1_2);
+
++ssize_t tpm_show_timeouts(struct device *dev, struct device_attribute *attr,
++ char *buf)
++{
++ struct tpm_chip *chip = dev_get_drvdata(dev);
++
++ return sprintf(buf, "%d %d %d\n",
++ jiffies_to_usecs(chip->vendor.duration[TPM_SHORT]),
++ jiffies_to_usecs(chip->vendor.duration[TPM_MEDIUM]),
++ jiffies_to_usecs(chip->vendor.duration[TPM_LONG]));
++}
++EXPORT_SYMBOL_GPL(tpm_show_timeouts);
++
+ ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr,
+ const char *buf, size_t count)
+ {
+--- a/drivers/char/tpm/tpm.h
++++ b/drivers/char/tpm/tpm.h
+@@ -56,6 +56,8 @@ extern ssize_t tpm_show_owned(struct dev
+ char *);
+ extern ssize_t tpm_show_temp_deactivated(struct device *,
+ struct device_attribute *attr, char *);
++extern ssize_t tpm_show_timeouts(struct device *,
++ struct device_attribute *attr, char *);
+
+ struct tpm_chip;
+
+--- a/drivers/char/tpm/tpm_tis.c
++++ b/drivers/char/tpm/tpm_tis.c
+@@ -376,6 +376,7 @@ static DEVICE_ATTR(temp_deactivated, S_I
+ NULL);
+ static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL);
+ static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
++static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
+
+ static struct attribute *tis_attrs[] = {
+ &dev_attr_pubek.attr,
+@@ -385,7 +386,8 @@ static struct attribute *tis_attrs[] = {
+ &dev_attr_owned.attr,
+ &dev_attr_temp_deactivated.attr,
+ &dev_attr_caps.attr,
+- &dev_attr_cancel.attr, NULL,
++ &dev_attr_cancel.attr,
++ &dev_attr_timeouts.attr, NULL,
+ };
+
+ static struct attribute_group tis_attr_grp = {
projects / thirdparty / kernel / stable-queue.git / commitdiff
