From: Greg Kroah-Hartman Date: Sun, 1 Dec 2013 20:21:00 +0000 (-0800) Subject: 3.12-stable patches X-Git-Tag: v3.4.72~34 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=24840b32a27dcde336b1761ba9a0e365b80bff46;p=thirdparty%2Fkernel%2Fstable-queue.git 3.12-stable patches added patches: acpi-hotplug-fix-conflicted-pci-bridge-notify-handlers.patch audit-add-child-record-before-the-create-to-handle-case-where-create-fails.patch audit-fix-info-leak-in-audit_get-requests.patch audit-log-the-audit_names-record-type.patch audit-printk-user_avc-messages-when-audit-isn-t-enabled.patch audit-use-nlmsg_len-to-get-message-payload-length.patch avr32-fix-out-of-range-jump-in-large-kernels.patch avr32-setup-crt-for-early-panic.patch bcache-fix-dirty_data-accounting.patch cifs-fix-symbolic-links-usage.patch drm-qxl-fix-memory-leak-in-release-list-handling.patch ftrace-fix-function-graph-with-loading-of-modules.patch mwifiex-correct-packet-length-for-packets-from-sdio-interface.patch mwifiex-fix-wrong-eth_hdr-usage-for-bridged-packets-in-ap-mode.patch n_tty-ensure-reader-restarts-worker-for-next-reader.patch n_tty-fix-4096-byte-canonical-reads.patch n_tty-fix-echo-overrun-tail-computation.patch pci-remove-duplicate-pci_disable_device-from-pcie_portdrv_remove.patch prism54-set-netdev-type-to-wlan.patch qxl-avoid-an-oops-in-the-deferred-io-code.patch regulator-pfuze100-allow-misprogrammed-id.patch selinux-correct-locking-in-selinux_netlbl_socket_connect.patch sony-laptop-do-not-scribble-keyboard-backlight-registers-on.patch tty-incorrect-test-of-echo_buf-result-for-echo_op_start.patch tty-reset-hupped-state-on-open.patch --- diff --git a/queue-3.12/acpi-hotplug-fix-conflicted-pci-bridge-notify-handlers.patch b/queue-3.12/acpi-hotplug-fix-conflicted-pci-bridge-notify-handlers.patch new file mode 100644 index 00000000000..095926cb453 --- /dev/null +++ b/queue-3.12/acpi-hotplug-fix-conflicted-pci-bridge-notify-handlers.patch @@ -0,0 +1,65 @@ +From ca499fc87ed945094d952da0eb7eea7dbeb1feec Mon Sep 17 00:00:00 2001 +From: Toshi Kani +Date: Wed, 20 Nov 2013 14:25:34 +0100 +Subject: ACPI / hotplug: Fix conflicted PCI bridge notify handlers + +From: Toshi Kani + +commit ca499fc87ed945094d952da0eb7eea7dbeb1feec upstream. + +The PCI host bridge scan handler installs its own notify handler, +handle_hotplug_event_root(), by itself. Nevertheless, the ACPI +hotplug framework also installs the common notify handler, +acpi_hotplug_notify_cb(), for PCI root bridges. This causes +acpi_hotplug_notify_cb() to call _OST method with unsupported +error as hotplug.enabled is not set. + +To address this issue, introduce hotplug.ignore flag, which +indicates that the scan handler installs its own notify handler by +itself. The ACPI hotplug framework does not install the common +notify handler when this flag is set. + +Signed-off-by: Toshi Kani +[rjw: Changed the name of the new flag] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/pci_root.c | 3 +++ + drivers/acpi/scan.c | 2 +- + include/acpi/acpi_bus.h | 1 + + 3 files changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/acpi/pci_root.c ++++ b/drivers/acpi/pci_root.c +@@ -63,6 +63,9 @@ static struct acpi_scan_handler pci_root + .ids = root_device_ids, + .attach = acpi_pci_root_add, + .detach = acpi_pci_root_remove, ++ .hotplug = { ++ .ignore = true, ++ }, + }; + + static DEFINE_MUTEX(osc_lock); +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -1812,7 +1812,7 @@ static void acpi_scan_init_hotplug(acpi_ + */ + list_for_each_entry(hwid, &pnp.ids, list) { + handler = acpi_scan_match_handler(hwid->id, NULL); +- if (handler) { ++ if (handler && !handler->hotplug.ignore) { + acpi_install_notify_handler(handle, ACPI_SYSTEM_NOTIFY, + acpi_hotplug_notify_cb, handler); + break; +--- a/include/acpi/acpi_bus.h ++++ b/include/acpi/acpi_bus.h +@@ -100,6 +100,7 @@ enum acpi_hotplug_mode { + struct acpi_hotplug_profile { + struct kobject kobj; + bool enabled:1; ++ bool ignore:1; + enum acpi_hotplug_mode mode; + }; + diff --git a/queue-3.12/audit-add-child-record-before-the-create-to-handle-case-where-create-fails.patch b/queue-3.12/audit-add-child-record-before-the-create-to-handle-case-where-create-fails.patch new file mode 100644 index 00000000000..b42417dc505 --- /dev/null +++ b/queue-3.12/audit-add-child-record-before-the-create-to-handle-case-where-create-fails.patch @@ -0,0 +1,53 @@ +From 14e972b4517128ac8e30e3de2ee4fbd995084223 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Wed, 8 May 2013 10:25:58 -0400 +Subject: audit: add child record before the create to handle case where create fails + +From: Jeff Layton + +commit 14e972b4517128ac8e30e3de2ee4fbd995084223 upstream. + +Historically, when a syscall that creates a dentry fails, you get an audit +record that looks something like this (when trying to create a file named +"new" in "/tmp/tmp.SxiLnCcv63"): + + type=PATH msg=audit(1366128956.279:965): item=0 name="/tmp/tmp.SxiLnCcv63/new" inode=2138308 dev=fd:02 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:user_tmp_t:s15:c0.c1023 + +This record makes no sense since it's associating the inode information for +"/tmp/tmp.SxiLnCcv63" with the path "/tmp/tmp.SxiLnCcv63/new". The recent +patch I posted to fix the audit_inode call in do_last fixes this, by making it +look more like this: + + type=PATH msg=audit(1366128765.989:13875): item=0 name="/tmp/tmp.DJ1O8V3e4f/" inode=141 dev=fd:02 mode=040700 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:user_tmp_t:s15:c0.c1023 + +While this is more correct, if the creation of the file fails, then we +have no record of the filename that the user tried to create. + +This patch adds a call to audit_inode_child to may_create. This creates +an AUDIT_TYPE_CHILD_CREATE record that will sit in place until the +create succeeds. When and if the create does succeed, then this record +will be updated with the correct inode info from the create. + +This fixes what was broken in commit bfcec708. +Commit 79f6530c should also be backported to stable v3.7+. + +Signed-off-by: Jeff Layton +Signed-off-by: Eric Paris +Signed-off-by: Richard Guy Briggs +Signed-off-by: Eric Paris +Signed-off-by: Greg Kroah-Hartman + +--- + fs/namei.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2468,6 +2468,7 @@ static int may_delete(struct inode *dir, + */ + static inline int may_create(struct inode *dir, struct dentry *child) + { ++ audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE); + if (child->d_inode) + return -EEXIST; + if (IS_DEADDIR(dir)) diff --git a/queue-3.12/audit-fix-info-leak-in-audit_get-requests.patch b/queue-3.12/audit-fix-info-leak-in-audit_get-requests.patch new file mode 100644 index 00000000000..ff60d90d40a --- /dev/null +++ b/queue-3.12/audit-fix-info-leak-in-audit_get-requests.patch @@ -0,0 +1,33 @@ +From 64fbff9ae0a0a843365d922e0057fc785f23f0e3 Mon Sep 17 00:00:00 2001 +From: Mathias Krause +Date: Mon, 30 Sep 2013 22:04:24 +0200 +Subject: audit: fix info leak in AUDIT_GET requests + +From: Mathias Krause + +commit 64fbff9ae0a0a843365d922e0057fc785f23f0e3 upstream. + +We leak 4 bytes of kernel stack in response to an AUDIT_GET request as +we miss to initialize the mask member of status_set. Fix that. + +Cc: Al Viro +Cc: Eric Paris +Signed-off-by: Mathias Krause +Signed-off-by: Richard Guy Briggs +Signed-off-by: Eric Paris +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/audit.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -659,6 +659,7 @@ static int audit_receive_msg(struct sk_b + + switch (msg_type) { + case AUDIT_GET: ++ status_set.mask = 0; + status_set.enabled = audit_enabled; + status_set.failure = audit_failure; + status_set.pid = audit_pid; diff --git a/queue-3.12/audit-log-the-audit_names-record-type.patch b/queue-3.12/audit-log-the-audit_names-record-type.patch new file mode 100644 index 00000000000..014867aa8a3 --- /dev/null +++ b/queue-3.12/audit-log-the-audit_names-record-type.patch @@ -0,0 +1,60 @@ +From d3aea84a4ace5ff9ce7fb7714cee07bebef681c2 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Wed, 8 May 2013 10:32:23 -0400 +Subject: audit: log the audit_names record type + +From: Jeff Layton + +commit d3aea84a4ace5ff9ce7fb7714cee07bebef681c2 upstream. + +...to make it clear what the intent behind each record's operation was. + +In many cases you can infer this, based on the context of the syscall +and the result. In other cases it's not so obvious. For instance, in +the case where you have a file being renamed over another, you'll have +two different records with the same filename but different inode info. +By logging this information we can clearly tell which one was created +and which was deleted. + +This fixes what was broken in commit bfcec708. +Commit 79f6530c should also be backported to stable v3.7+. + +Signed-off-by: Jeff Layton +Signed-off-by: Eric Paris +Signed-off-by: Richard Guy Briggs +Signed-off-by: Eric Paris +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/audit.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -1537,6 +1537,26 @@ void audit_log_name(struct audit_context + } + } + ++ /* log the audit_names record type */ ++ audit_log_format(ab, " nametype="); ++ switch(n->type) { ++ case AUDIT_TYPE_NORMAL: ++ audit_log_format(ab, "NORMAL"); ++ break; ++ case AUDIT_TYPE_PARENT: ++ audit_log_format(ab, "PARENT"); ++ break; ++ case AUDIT_TYPE_CHILD_DELETE: ++ audit_log_format(ab, "DELETE"); ++ break; ++ case AUDIT_TYPE_CHILD_CREATE: ++ audit_log_format(ab, "CREATE"); ++ break; ++ default: ++ audit_log_format(ab, "UNKNOWN"); ++ break; ++ } ++ + audit_log_fcaps(ab, n); + audit_log_end(ab); + } diff --git a/queue-3.12/audit-printk-user_avc-messages-when-audit-isn-t-enabled.patch b/queue-3.12/audit-printk-user_avc-messages-when-audit-isn-t-enabled.patch new file mode 100644 index 00000000000..089e0dfe31d --- /dev/null +++ b/queue-3.12/audit-printk-user_avc-messages-when-audit-isn-t-enabled.patch @@ -0,0 +1,48 @@ +From 0868a5e150bc4c47e7a003367cd755811eb41e0b Mon Sep 17 00:00:00 2001 +From: Tyler Hicks +Date: Thu, 25 Jul 2013 18:02:55 -0700 +Subject: audit: printk USER_AVC messages when audit isn't enabled + +From: Tyler Hicks + +commit 0868a5e150bc4c47e7a003367cd755811eb41e0b upstream. + +When the audit=1 kernel parameter is absent and auditd is not running, +AUDIT_USER_AVC messages are being silently discarded. + +AUDIT_USER_AVC messages should be sent to userspace using printk(), as +mentioned in the commit message of 4a4cd633 ("AUDIT: Optimise the +audit-disabled case for discarding user messages"). + +When audit_enabled is 0, audit_receive_msg() discards all user messages +except for AUDIT_USER_AVC messages. However, audit_log_common_recv_msg() +refuses to allocate an audit_buffer if audit_enabled is 0. The fix is to +special case AUDIT_USER_AVC messages in both functions. + +It looks like commit 50397bd1 ("[AUDIT] clean up audit_receive_msg()") +introduced this bug. + +Signed-off-by: Tyler Hicks +Cc: Al Viro +Cc: Eric Paris +Cc: linux-audit@redhat.com +Acked-by: Kees Cook +Signed-off-by: Richard Guy Briggs +Signed-off-by: Eric Paris +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/audit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -613,7 +613,7 @@ static int audit_log_common_recv_msg(str + int rc = 0; + uid_t uid = from_kuid(&init_user_ns, current_uid()); + +- if (!audit_enabled) { ++ if (!audit_enabled && msg_type != AUDIT_USER_AVC) { + *ab = NULL; + return rc; + } diff --git a/queue-3.12/audit-use-nlmsg_len-to-get-message-payload-length.patch b/queue-3.12/audit-use-nlmsg_len-to-get-message-payload-length.patch new file mode 100644 index 00000000000..385c0da0236 --- /dev/null +++ b/queue-3.12/audit-use-nlmsg_len-to-get-message-payload-length.patch @@ -0,0 +1,50 @@ +From 4d8fe7376a12bf4524783dd95cbc00f1fece6232 Mon Sep 17 00:00:00 2001 +From: Mathias Krause +Date: Mon, 30 Sep 2013 22:04:25 +0200 +Subject: audit: use nlmsg_len() to get message payload length + +From: Mathias Krause + +commit 4d8fe7376a12bf4524783dd95cbc00f1fece6232 upstream. + +Using the nlmsg_len member of the netlink header to test if the message +is valid is wrong as it includes the size of the netlink header itself. +Thereby allowing to send short netlink messages that pass those checks. + +Use nlmsg_len() instead to test for the right message length. The result +of nlmsg_len() is guaranteed to be non-negative as the netlink message +already passed the checks of nlmsg_ok(). + +Also switch to min_t() to please checkpatch.pl. + +Cc: Al Viro +Cc: Eric Paris +Signed-off-by: Mathias Krause +Signed-off-by: Richard Guy Briggs +Signed-off-by: Eric Paris +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/audit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -670,7 +670,7 @@ static int audit_receive_msg(struct sk_b + &status_set, sizeof(status_set)); + break; + case AUDIT_SET: +- if (nlh->nlmsg_len < sizeof(struct audit_status)) ++ if (nlmsg_len(nlh) < sizeof(struct audit_status)) + return -EINVAL; + status_get = (struct audit_status *)data; + if (status_get->mask & AUDIT_STATUS_ENABLED) { +@@ -832,7 +832,7 @@ static int audit_receive_msg(struct sk_b + + memset(&s, 0, sizeof(s)); + /* guard against past and future API changes */ +- memcpy(&s, data, min(sizeof(s), (size_t)nlh->nlmsg_len)); ++ memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh))); + if ((s.enabled != 0 && s.enabled != 1) || + (s.log_passwd != 0 && s.log_passwd != 1)) + return -EINVAL; diff --git a/queue-3.12/avr32-fix-out-of-range-jump-in-large-kernels.patch b/queue-3.12/avr32-fix-out-of-range-jump-in-large-kernels.patch new file mode 100644 index 00000000000..b8c760e32f3 --- /dev/null +++ b/queue-3.12/avr32-fix-out-of-range-jump-in-large-kernels.patch @@ -0,0 +1,65 @@ +From d617b338bbfdd77e9cbd8e7dc949cee3dd73d575 Mon Sep 17 00:00:00 2001 +From: Andreas Bießmann +Date: Thu, 24 Oct 2013 12:31:04 +0200 +Subject: avr32: fix out-of-range jump in large kernels + +From: Andreas Bießmann + +commit d617b338bbfdd77e9cbd8e7dc949cee3dd73d575 upstream. + +This patch fixes following error (for big kernels): + +---8<--- +arch/avr32/boot/u-boot/head.o: In function `no_tag_table': +(.init.text+0x44): relocation truncated to fit: R_AVR32_22H_PCREL against symbol `panic' defined in .text.unlikely section in kernel/built-in.o +arch/avr32/kernel/built-in.o: In function `bad_return': +(.ex.text+0x236): relocation truncated to fit: R_AVR32_22H_PCREL against symbol `panic' defined in .text.unlikely section in kernel/built-in.o +--->8--- + +It comes up when the kernel increases and 'panic()' is too far away to fit in +the +/- 2MiB range. Which in turn issues from the 21-bit displacement in +'br{cond4}' mnemonic which is one of the two ways to do jumps (rjmp has just +10-bit displacement and therefore a way smaller range). This fact was stated +before in 8d29b7b9f81d6b83d869ff054e6c189d6da73f1f. +One solution to solve this is to add a local storage for the symbol address +and just load the $pc with that value. + +Signed-off-by: Andreas Bießmann +Acked-by: Hans-Christian Egtvedt +Cc: Haavard Skinnemoen +Signed-off-by: Greg Kroah-Hartman + +--- + arch/avr32/boot/u-boot/head.S | 5 ++++- + arch/avr32/kernel/entry-avr32b.S | 3 ++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +--- a/arch/avr32/boot/u-boot/head.S ++++ b/arch/avr32/boot/u-boot/head.S +@@ -73,8 +73,11 @@ init_sr: + .long 0x007f0000 /* Supervisor mode, everything masked */ + stack_addr: + .long init_thread_union ++panic_addr: ++ .long panic + + no_tag_table: + sub r12, pc, (. - 2f) +- bral panic ++ /* branch to panic() which can be far away with that construct */ ++ lddpc pc, panic_addr + 2: .asciz "Boot loader didn't provide correct magic number\n" +--- a/arch/avr32/kernel/entry-avr32b.S ++++ b/arch/avr32/kernel/entry-avr32b.S +@@ -401,9 +401,10 @@ handle_critical: + /* We should never get here... */ + bad_return: + sub r12, pc, (. - 1f) +- bral panic ++ lddpc pc, 2f + .align 2 + 1: .asciz "Return from critical exception!" ++2: .long panic + + .align 1 + do_bus_error_write: diff --git a/queue-3.12/avr32-setup-crt-for-early-panic.patch b/queue-3.12/avr32-setup-crt-for-early-panic.patch new file mode 100644 index 00000000000..4b2a0bee72c --- /dev/null +++ b/queue-3.12/avr32-setup-crt-for-early-panic.patch @@ -0,0 +1,121 @@ +From 7a2a74f4b856993218aa7cdeeb6c3103101340db Mon Sep 17 00:00:00 2001 +From: Andreas Bießmann +Date: Thu, 24 Oct 2013 12:31:03 +0200 +Subject: avr32: setup crt for early panic() + +From: Andreas Bießmann + +commit 7a2a74f4b856993218aa7cdeeb6c3103101340db upstream. + +Before the CRT was (fully) set up in kernel_entry (bss cleared before in +_start, but also not before jump to panic() in no_tag_table case). + +This patch fixes this up to have a fully working CRT when branching to panic() +in no_tag_table. + +Signed-off-by: Andreas Bießmann +Acked-by: Hans-Christian Egtvedt +Cc: Haavard Skinnemoen +Signed-off-by: Greg Kroah-Hartman + +--- + arch/avr32/boot/u-boot/head.S | 30 +++++++++++++++++++++++++----- + arch/avr32/kernel/head.S | 20 -------------------- + 2 files changed, 25 insertions(+), 25 deletions(-) + +--- a/arch/avr32/boot/u-boot/head.S ++++ b/arch/avr32/boot/u-boot/head.S +@@ -8,6 +8,8 @@ + * published by the Free Software Foundation. + */ + #include ++#include ++#include + + /* + * The kernel is loaded where we want it to be and all caches +@@ -20,11 +22,6 @@ + .section .init.text,"ax" + .global _start + _start: +- /* Check if the boot loader actually provided a tag table */ +- lddpc r0, magic_number +- cp.w r12, r0 +- brne no_tag_table +- + /* Initialize .bss */ + lddpc r2, bss_start_addr + lddpc r3, end_addr +@@ -34,6 +31,25 @@ _start: + cp r2, r3 + brlo 1b + ++ /* Initialize status register */ ++ lddpc r0, init_sr ++ mtsr SYSREG_SR, r0 ++ ++ /* Set initial stack pointer */ ++ lddpc sp, stack_addr ++ sub sp, -THREAD_SIZE ++ ++#ifdef CONFIG_FRAME_POINTER ++ /* Mark last stack frame */ ++ mov lr, 0 ++ mov r7, 0 ++#endif ++ ++ /* Check if the boot loader actually provided a tag table */ ++ lddpc r0, magic_number ++ cp.w r12, r0 ++ brne no_tag_table ++ + /* + * Save the tag table address for later use. This must be done + * _after_ .bss has been initialized... +@@ -53,6 +69,10 @@ bss_start_addr: + .long __bss_start + end_addr: + .long _end ++init_sr: ++ .long 0x007f0000 /* Supervisor mode, everything masked */ ++stack_addr: ++ .long init_thread_union + + no_tag_table: + sub r12, pc, (. - 2f) +--- a/arch/avr32/kernel/head.S ++++ b/arch/avr32/kernel/head.S +@@ -10,33 +10,13 @@ + #include + + #include +-#include +-#include + + .section .init.text,"ax" + .global kernel_entry + kernel_entry: +- /* Initialize status register */ +- lddpc r0, init_sr +- mtsr SYSREG_SR, r0 +- +- /* Set initial stack pointer */ +- lddpc sp, stack_addr +- sub sp, -THREAD_SIZE +- +-#ifdef CONFIG_FRAME_POINTER +- /* Mark last stack frame */ +- mov lr, 0 +- mov r7, 0 +-#endif +- + /* Start the show */ + lddpc pc, kernel_start_addr + + .align 2 +-init_sr: +- .long 0x007f0000 /* Supervisor mode, everything masked */ +-stack_addr: +- .long init_thread_union + kernel_start_addr: + .long start_kernel diff --git a/queue-3.12/bcache-fix-dirty_data-accounting.patch b/queue-3.12/bcache-fix-dirty_data-accounting.patch new file mode 100644 index 00000000000..3a29194df4e --- /dev/null +++ b/queue-3.12/bcache-fix-dirty_data-accounting.patch @@ -0,0 +1,56 @@ +From 1fa8455deb92e9ec7756df23030e73b2d28eeca7 Mon Sep 17 00:00:00 2001 +From: Kent Overstreet +Date: Sun, 10 Nov 2013 21:55:27 -0800 +Subject: bcache: Fix dirty_data accounting + +From: Kent Overstreet + +commit 1fa8455deb92e9ec7756df23030e73b2d28eeca7 upstream. + +Dirty data accounting wasn't quite right - firstly, we were adding the key we're +inserting after it could have merged with another dirty key already in the +btree, and secondly we could sometimes pass the wrong offset to +bcache_dev_sectors_dirty_add() for dirty data we were overwriting - which is +important when tracking dirty data by stripe. + +Signed-off-by: Kent Overstreet +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/bcache/btree.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1742,6 +1742,9 @@ static bool fix_overlapping_extents(stru + if (bkey_cmp(insert, k) < 0) { + bch_cut_front(insert, k); + } else { ++ if (bkey_cmp(&START_KEY(insert), &START_KEY(k)) > 0) ++ old_offset = KEY_START(insert); ++ + if (bkey_written(b, k) && + bkey_cmp(&START_KEY(insert), &START_KEY(k)) <= 0) { + /* +@@ -1803,6 +1806,10 @@ static bool btree_insert_key(struct btre + if (fix_overlapping_extents(b, k, &iter, op)) + return false; + ++ if (KEY_DIRTY(k)) ++ bcache_dev_sectors_dirty_add(b->c, KEY_INODE(k), ++ KEY_START(k), KEY_SIZE(k)); ++ + while (m != end(i) && + bkey_cmp(k, &START_KEY(m)) > 0) + prev = m, m = bkey_next(m); +@@ -1831,10 +1838,6 @@ static bool btree_insert_key(struct btre + insert: shift_keys(b, m, k); + copy: bkey_copy(m, k); + merged: +- if (KEY_DIRTY(k)) +- bcache_dev_sectors_dirty_add(b->c, KEY_INODE(k), +- KEY_START(k), KEY_SIZE(k)); +- + bch_check_keys(b, "%u for %s", status, op_type(op)); + + if (b->level && !KEY_OFFSET(k)) diff --git a/queue-3.12/cifs-fix-symbolic-links-usage.patch b/queue-3.12/cifs-fix-symbolic-links-usage.patch new file mode 100644 index 00000000000..f608fb84d59 --- /dev/null +++ b/queue-3.12/cifs-fix-symbolic-links-usage.patch @@ -0,0 +1,265 @@ +From eb85d94bdd91fb4dbea4ee465d4349cbea4eaaca Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Wed, 23 Oct 2013 17:49:47 +0400 +Subject: CIFS: Fix symbolic links usage + +From: Pavel Shilovsky + +commit eb85d94bdd91fb4dbea4ee465d4349cbea4eaaca upstream. + +Now we treat any reparse point as a symbolic link and map it to a Unix +one that is not true in a common case due to many reparse point types +supported by SMB servers. + +Distinguish reparse point types into two groups: +1) that can be accessed directly through a reparse point +(junctions, deduplicated files, NFS symlinks); +2) that need to be processed manually (Windows symbolic links, DFS); + +and map only Windows symbolic links to Unix ones. + +Acked-by: Jeff Layton +Reported-and-tested-by: Joao Correia +Signed-off-by: Pavel Shilovsky +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifsglob.h | 2 +- + fs/cifs/inode.c | 23 +++++++++++++---------- + fs/cifs/readdir.c | 40 ++++++++-------------------------------- + fs/cifs/smb1ops.c | 21 ++++++++++++++++++++- + fs/cifs/smb2inode.c | 16 ++++++++++++---- + fs/cifs/smb2proto.h | 2 +- + 6 files changed, 55 insertions(+), 49 deletions(-) + +--- a/fs/cifs/cifsglob.h ++++ b/fs/cifs/cifsglob.h +@@ -261,7 +261,7 @@ struct smb_version_operations { + /* query path data from the server */ + int (*query_path_info)(const unsigned int, struct cifs_tcon *, + struct cifs_sb_info *, const char *, +- FILE_ALL_INFO *, bool *); ++ FILE_ALL_INFO *, bool *, bool *); + /* query file data from the server */ + int (*query_file_info)(const unsigned int, struct cifs_tcon *, + struct cifs_fid *, FILE_ALL_INFO *); +--- a/fs/cifs/inode.c ++++ b/fs/cifs/inode.c +@@ -542,7 +542,8 @@ static int cifs_sfu_mode(struct cifs_fat + /* Fill a cifs_fattr struct with info from FILE_ALL_INFO */ + static void + cifs_all_info_to_fattr(struct cifs_fattr *fattr, FILE_ALL_INFO *info, +- struct cifs_sb_info *cifs_sb, bool adjust_tz) ++ struct cifs_sb_info *cifs_sb, bool adjust_tz, ++ bool symlink) + { + struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); + +@@ -569,7 +570,11 @@ cifs_all_info_to_fattr(struct cifs_fattr + fattr->cf_createtime = le64_to_cpu(info->CreationTime); + + fattr->cf_nlink = le32_to_cpu(info->NumberOfLinks); +- if (fattr->cf_cifsattrs & ATTR_DIRECTORY) { ++ ++ if (symlink) { ++ fattr->cf_mode = S_IFLNK; ++ fattr->cf_dtype = DT_LNK; ++ } else if (fattr->cf_cifsattrs & ATTR_DIRECTORY) { + fattr->cf_mode = S_IFDIR | cifs_sb->mnt_dir_mode; + fattr->cf_dtype = DT_DIR; + /* +@@ -578,10 +583,6 @@ cifs_all_info_to_fattr(struct cifs_fattr + */ + if (!tcon->unix_ext) + fattr->cf_flags |= CIFS_FATTR_UNKNOWN_NLINK; +- } else if (fattr->cf_cifsattrs & ATTR_REPARSE) { +- fattr->cf_mode = S_IFLNK; +- fattr->cf_dtype = DT_LNK; +- fattr->cf_nlink = le32_to_cpu(info->NumberOfLinks); + } else { + fattr->cf_mode = S_IFREG | cifs_sb->mnt_file_mode; + fattr->cf_dtype = DT_REG; +@@ -626,7 +627,8 @@ cifs_get_file_info(struct file *filp) + rc = server->ops->query_file_info(xid, tcon, &cfile->fid, &find_data); + switch (rc) { + case 0: +- cifs_all_info_to_fattr(&fattr, &find_data, cifs_sb, false); ++ cifs_all_info_to_fattr(&fattr, &find_data, cifs_sb, false, ++ false); + break; + case -EREMOTE: + cifs_create_dfs_fattr(&fattr, inode->i_sb); +@@ -673,6 +675,7 @@ cifs_get_inode_info(struct inode **inode + bool adjust_tz = false; + struct cifs_fattr fattr; + struct cifs_search_info *srchinf = NULL; ++ bool symlink = false; + + tlink = cifs_sb_tlink(cifs_sb); + if (IS_ERR(tlink)) +@@ -702,12 +705,12 @@ cifs_get_inode_info(struct inode **inode + } + data = (FILE_ALL_INFO *)buf; + rc = server->ops->query_path_info(xid, tcon, cifs_sb, full_path, +- data, &adjust_tz); ++ data, &adjust_tz, &symlink); + } + + if (!rc) { +- cifs_all_info_to_fattr(&fattr, (FILE_ALL_INFO *)data, cifs_sb, +- adjust_tz); ++ cifs_all_info_to_fattr(&fattr, data, cifs_sb, adjust_tz, ++ symlink); + } else if (rc == -EREMOTE) { + cifs_create_dfs_fattr(&fattr, sb); + rc = 0; +--- a/fs/cifs/readdir.c ++++ b/fs/cifs/readdir.c +@@ -134,22 +134,6 @@ out: + dput(dentry); + } + +-/* +- * Is it possible that this directory might turn out to be a DFS referral +- * once we go to try and use it? +- */ +-static bool +-cifs_dfs_is_possible(struct cifs_sb_info *cifs_sb) +-{ +-#ifdef CONFIG_CIFS_DFS_UPCALL +- struct cifs_tcon *tcon = cifs_sb_master_tcon(cifs_sb); +- +- if (tcon->Flags & SMB_SHARE_IS_IN_DFS) +- return true; +-#endif +- return false; +-} +- + static void + cifs_fill_common_info(struct cifs_fattr *fattr, struct cifs_sb_info *cifs_sb) + { +@@ -159,27 +143,19 @@ cifs_fill_common_info(struct cifs_fattr + if (fattr->cf_cifsattrs & ATTR_DIRECTORY) { + fattr->cf_mode = S_IFDIR | cifs_sb->mnt_dir_mode; + fattr->cf_dtype = DT_DIR; +- /* +- * Windows CIFS servers generally make DFS referrals look +- * like directories in FIND_* responses with the reparse +- * attribute flag also set (since DFS junctions are +- * reparse points). We must revalidate at least these +- * directory inodes before trying to use them (if +- * they are DFS we will get PATH_NOT_COVERED back +- * when queried directly and can then try to connect +- * to the DFS target) +- */ +- if (cifs_dfs_is_possible(cifs_sb) && +- (fattr->cf_cifsattrs & ATTR_REPARSE)) +- fattr->cf_flags |= CIFS_FATTR_NEED_REVAL; +- } else if (fattr->cf_cifsattrs & ATTR_REPARSE) { +- fattr->cf_mode = S_IFLNK; +- fattr->cf_dtype = DT_LNK; + } else { + fattr->cf_mode = S_IFREG | cifs_sb->mnt_file_mode; + fattr->cf_dtype = DT_REG; + } + ++ /* ++ * We need to revalidate it further to make a decision about whether it ++ * is a symbolic link, DFS referral or a reparse point with a direct ++ * access like junctions, deduplicated files, NFS symlinks. ++ */ ++ if (fattr->cf_cifsattrs & ATTR_REPARSE) ++ fattr->cf_flags |= CIFS_FATTR_NEED_REVAL; ++ + /* non-unix readdir doesn't provide nlink */ + fattr->cf_flags |= CIFS_FATTR_UNKNOWN_NLINK; + +--- a/fs/cifs/smb1ops.c ++++ b/fs/cifs/smb1ops.c +@@ -534,10 +534,12 @@ cifs_is_path_accessible(const unsigned i + static int + cifs_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, + struct cifs_sb_info *cifs_sb, const char *full_path, +- FILE_ALL_INFO *data, bool *adjustTZ) ++ FILE_ALL_INFO *data, bool *adjustTZ, bool *symlink) + { + int rc; + ++ *symlink = false; ++ + /* could do find first instead but this returns more info */ + rc = CIFSSMBQPathInfo(xid, tcon, full_path, data, 0 /* not legacy */, + cifs_sb->local_nls, cifs_sb->mnt_cifs_flags & +@@ -554,6 +556,23 @@ cifs_query_path_info(const unsigned int + CIFS_MOUNT_MAP_SPECIAL_CHR); + *adjustTZ = true; + } ++ ++ if (!rc && (le32_to_cpu(data->Attributes) & ATTR_REPARSE)) { ++ int tmprc; ++ int oplock = 0; ++ __u16 netfid; ++ ++ /* Need to check if this is a symbolic link or not */ ++ tmprc = CIFSSMBOpen(xid, tcon, full_path, FILE_OPEN, ++ FILE_READ_ATTRIBUTES, 0, &netfid, &oplock, ++ NULL, cifs_sb->local_nls, ++ cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR); ++ if (tmprc == -EOPNOTSUPP) ++ *symlink = true; ++ else ++ CIFSSMBClose(xid, tcon, netfid); ++ } ++ + return rc; + } + +--- a/fs/cifs/smb2inode.c ++++ b/fs/cifs/smb2inode.c +@@ -123,12 +123,13 @@ move_smb2_info_to_cifs(FILE_ALL_INFO *ds + int + smb2_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, + struct cifs_sb_info *cifs_sb, const char *full_path, +- FILE_ALL_INFO *data, bool *adjust_tz) ++ FILE_ALL_INFO *data, bool *adjust_tz, bool *symlink) + { + int rc; + struct smb2_file_all_info *smb2_data; + + *adjust_tz = false; ++ *symlink = false; + + smb2_data = kzalloc(sizeof(struct smb2_file_all_info) + MAX_NAME * 2, + GFP_KERNEL); +@@ -136,9 +137,16 @@ smb2_query_path_info(const unsigned int + return -ENOMEM; + + rc = smb2_open_op_close(xid, tcon, cifs_sb, full_path, +- FILE_READ_ATTRIBUTES, FILE_OPEN, +- OPEN_REPARSE_POINT, smb2_data, +- SMB2_OP_QUERY_INFO); ++ FILE_READ_ATTRIBUTES, FILE_OPEN, 0, ++ smb2_data, SMB2_OP_QUERY_INFO); ++ if (rc == -EOPNOTSUPP) { ++ *symlink = true; ++ /* Failed on a symbolic link - query a reparse point info */ ++ rc = smb2_open_op_close(xid, tcon, cifs_sb, full_path, ++ FILE_READ_ATTRIBUTES, FILE_OPEN, ++ OPEN_REPARSE_POINT, smb2_data, ++ SMB2_OP_QUERY_INFO); ++ } + if (rc) + goto out; + +--- a/fs/cifs/smb2proto.h ++++ b/fs/cifs/smb2proto.h +@@ -61,7 +61,7 @@ extern void move_smb2_info_to_cifs(FILE_ + extern int smb2_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, + struct cifs_sb_info *cifs_sb, + const char *full_path, FILE_ALL_INFO *data, +- bool *adjust_tz); ++ bool *adjust_tz, bool *symlink); + extern int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, + const char *full_path, __u64 size, + struct cifs_sb_info *cifs_sb, bool set_alloc); diff --git a/queue-3.12/drm-qxl-fix-memory-leak-in-release-list-handling.patch b/queue-3.12/drm-qxl-fix-memory-leak-in-release-list-handling.patch new file mode 100644 index 00000000000..170297a31a2 --- /dev/null +++ b/queue-3.12/drm-qxl-fix-memory-leak-in-release-list-handling.patch @@ -0,0 +1,31 @@ +From 1b28c3e628315ac0d9ef2d3fac0403f05ae692db Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Thu, 28 Nov 2013 05:39:03 +0000 +Subject: drm/qxl: fix memory leak in release list handling + +From: Dave Airlie + +commit 1b28c3e628315ac0d9ef2d3fac0403f05ae692db upstream. + +wow no idea how I got this far without seeing this, +leaking the entries in the list makes kmalloc-64 slab grow. + +References: https://bugzilla.kernel.org/show_bug.cgi?id=65121 +Reported-by: Matthew Stapleton +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/qxl/qxl_release.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/qxl/qxl_release.c ++++ b/drivers/gpu/drm/qxl/qxl_release.c +@@ -92,6 +92,7 @@ qxl_release_free(struct qxl_device *qdev + - DRM_FILE_OFFSET); + qxl_fence_remove_release(&bo->fence, release->id); + qxl_bo_unref(&bo); ++ kfree(entry); + } + spin_lock(&qdev->release_idr_lock); + idr_remove(&qdev->release_idr, release->id); diff --git a/queue-3.12/ftrace-fix-function-graph-with-loading-of-modules.patch b/queue-3.12/ftrace-fix-function-graph-with-loading-of-modules.patch new file mode 100644 index 00000000000..daab0029cb2 --- /dev/null +++ b/queue-3.12/ftrace-fix-function-graph-with-loading-of-modules.patch @@ -0,0 +1,244 @@ +From 8a56d7761d2d041ae5e8215d20b4167d8aa93f51 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (Red Hat)" +Date: Mon, 25 Nov 2013 20:59:46 -0500 +Subject: ftrace: Fix function graph with loading of modules + +From: "Steven Rostedt (Red Hat)" + +commit 8a56d7761d2d041ae5e8215d20b4167d8aa93f51 upstream. + +Commit 8c4f3c3fa9681 "ftrace: Check module functions being traced on reload" +fixed module loading and unloading with respect to function tracing, but +it missed the function graph tracer. If you perform the following + + # cd /sys/kernel/debug/tracing + # echo function_graph > current_tracer + # modprobe nfsd + # echo nop > current_tracer + +You'll get the following oops message: + + ------------[ cut here ]------------ + WARNING: CPU: 2 PID: 2910 at /linux.git/kernel/trace/ftrace.c:1640 __ftrace_hash_rec_update.part.35+0x168/0x1b9() + Modules linked in: nfsd exportfs nfs_acl lockd ipt_MASQUERADE sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables uinput snd_hda_codec_idt + CPU: 2 PID: 2910 Comm: bash Not tainted 3.13.0-rc1-test #7 + Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS SDBLI944.86P 05/08/2007 + 0000000000000668 ffff8800787efcf8 ffffffff814fe193 ffff88007d500000 + 0000000000000000 ffff8800787efd38 ffffffff8103b80a 0000000000000668 + ffffffff810b2b9a ffffffff81a48370 0000000000000001 ffff880037aea000 + Call Trace: + [] dump_stack+0x4f/0x7c + [] warn_slowpath_common+0x81/0x9b + [] ? __ftrace_hash_rec_update.part.35+0x168/0x1b9 + [] warn_slowpath_null+0x1a/0x1c + [] __ftrace_hash_rec_update.part.35+0x168/0x1b9 + [] ? __mutex_lock_slowpath+0x364/0x364 + [] ftrace_shutdown+0xd7/0x12b + [] unregister_ftrace_graph+0x49/0x78 + [] graph_trace_reset+0xe/0x10 + [] tracing_set_tracer+0xa7/0x26a + [] tracing_set_trace_write+0x8b/0xbd + [] ? ftrace_return_to_handler+0xb2/0xde + [] ? __sb_end_write+0x5e/0x5e + [] vfs_write+0xab/0xf6 + [] ftrace_graph_caller+0x85/0x85 + [] SyS_write+0x59/0x82 + [] ftrace_graph_caller+0x85/0x85 + [] system_call_fastpath+0x16/0x1b + ---[ end trace 940358030751eafb ]--- + +The above mentioned commit didn't go far enough. Well, it covered the +function tracer by adding checks in __register_ftrace_function(). The +problem is that the function graph tracer circumvents that (for a slight +efficiency gain when function graph trace is running with a function +tracer. The gain was not worth this). + +The problem came with ftrace_startup() which should always be called after +__register_ftrace_function(), if you want this bug to be completely fixed. + +Anyway, this solution moves __register_ftrace_function() inside of +ftrace_startup() and removes the need to call them both. + +Reported-by: Dave Wysochanski +Fixes: ed926f9b35cd ("ftrace: Use counters to enable functions to trace") +Signed-off-by: Steven Rostedt +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/ftrace.c | 64 +++++++++++++++++++++++++++----------------------- + 1 file changed, 35 insertions(+), 29 deletions(-) + +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -367,9 +367,6 @@ static int remove_ftrace_list_ops(struct + + static int __register_ftrace_function(struct ftrace_ops *ops) + { +- if (unlikely(ftrace_disabled)) +- return -ENODEV; +- + if (FTRACE_WARN_ON(ops == &global_ops)) + return -EINVAL; + +@@ -428,9 +425,6 @@ static int __unregister_ftrace_function( + { + int ret; + +- if (ftrace_disabled) +- return -ENODEV; +- + if (WARN_ON(!(ops->flags & FTRACE_OPS_FL_ENABLED))) + return -EBUSY; + +@@ -2088,10 +2082,15 @@ static void ftrace_startup_enable(int co + static int ftrace_startup(struct ftrace_ops *ops, int command) + { + bool hash_enable = true; ++ int ret; + + if (unlikely(ftrace_disabled)) + return -ENODEV; + ++ ret = __register_ftrace_function(ops); ++ if (ret) ++ return ret; ++ + ftrace_start_up++; + command |= FTRACE_UPDATE_CALLS; + +@@ -2113,12 +2112,17 @@ static int ftrace_startup(struct ftrace_ + return 0; + } + +-static void ftrace_shutdown(struct ftrace_ops *ops, int command) ++static int ftrace_shutdown(struct ftrace_ops *ops, int command) + { + bool hash_disable = true; ++ int ret; + + if (unlikely(ftrace_disabled)) +- return; ++ return -ENODEV; ++ ++ ret = __unregister_ftrace_function(ops); ++ if (ret) ++ return ret; + + ftrace_start_up--; + /* +@@ -2153,9 +2157,10 @@ static void ftrace_shutdown(struct ftrac + } + + if (!command || !ftrace_enabled) +- return; ++ return 0; + + ftrace_run_update_code(command); ++ return 0; + } + + static void ftrace_startup_sysctl(void) +@@ -3060,16 +3065,13 @@ static void __enable_ftrace_function_pro + if (i == FTRACE_FUNC_HASHSIZE) + return; + +- ret = __register_ftrace_function(&trace_probe_ops); +- if (!ret) +- ret = ftrace_startup(&trace_probe_ops, 0); ++ ret = ftrace_startup(&trace_probe_ops, 0); + + ftrace_probe_registered = 1; + } + + static void __disable_ftrace_function_probe(void) + { +- int ret; + int i; + + if (!ftrace_probe_registered) +@@ -3082,9 +3084,7 @@ static void __disable_ftrace_function_pr + } + + /* no more funcs left */ +- ret = __unregister_ftrace_function(&trace_probe_ops); +- if (!ret) +- ftrace_shutdown(&trace_probe_ops, 0); ++ ftrace_shutdown(&trace_probe_ops, 0); + + ftrace_probe_registered = 0; + } +@@ -4290,12 +4290,15 @@ core_initcall(ftrace_nodyn_init); + static inline int ftrace_init_dyn_debugfs(struct dentry *d_tracer) { return 0; } + static inline void ftrace_startup_enable(int command) { } + /* Keep as macros so we do not need to define the commands */ +-# define ftrace_startup(ops, command) \ +- ({ \ +- (ops)->flags |= FTRACE_OPS_FL_ENABLED; \ +- 0; \ ++# define ftrace_startup(ops, command) \ ++ ({ \ ++ int ___ret = __register_ftrace_function(ops); \ ++ if (!___ret) \ ++ (ops)->flags |= FTRACE_OPS_FL_ENABLED; \ ++ ___ret; \ + }) +-# define ftrace_shutdown(ops, command) do { } while (0) ++# define ftrace_shutdown(ops, command) __unregister_ftrace_function(ops) ++ + # define ftrace_startup_sysctl() do { } while (0) + # define ftrace_shutdown_sysctl() do { } while (0) + +@@ -4695,9 +4698,7 @@ int register_ftrace_function(struct ftra + + mutex_lock(&ftrace_lock); + +- ret = __register_ftrace_function(ops); +- if (!ret) +- ret = ftrace_startup(ops, 0); ++ ret = ftrace_startup(ops, 0); + + mutex_unlock(&ftrace_lock); + +@@ -4716,9 +4717,7 @@ int unregister_ftrace_function(struct ft + int ret; + + mutex_lock(&ftrace_lock); +- ret = __unregister_ftrace_function(ops); +- if (!ret) +- ftrace_shutdown(ops, 0); ++ ret = ftrace_shutdown(ops, 0); + mutex_unlock(&ftrace_lock); + + return ret; +@@ -4912,6 +4911,13 @@ ftrace_suspend_notifier_call(struct noti + return NOTIFY_DONE; + } + ++/* Just a place holder for function graph */ ++static struct ftrace_ops fgraph_ops __read_mostly = { ++ .func = ftrace_stub, ++ .flags = FTRACE_OPS_FL_STUB | FTRACE_OPS_FL_GLOBAL | ++ FTRACE_OPS_FL_RECURSION_SAFE, ++}; ++ + int register_ftrace_graph(trace_func_graph_ret_t retfunc, + trace_func_graph_ent_t entryfunc) + { +@@ -4938,7 +4944,7 @@ int register_ftrace_graph(trace_func_gra + ftrace_graph_return = retfunc; + ftrace_graph_entry = entryfunc; + +- ret = ftrace_startup(&global_ops, FTRACE_START_FUNC_RET); ++ ret = ftrace_startup(&fgraph_ops, FTRACE_START_FUNC_RET); + + out: + mutex_unlock(&ftrace_lock); +@@ -4955,7 +4961,7 @@ void unregister_ftrace_graph(void) + ftrace_graph_active--; + ftrace_graph_return = (trace_func_graph_ret_t)ftrace_stub; + ftrace_graph_entry = ftrace_graph_entry_stub; +- ftrace_shutdown(&global_ops, FTRACE_STOP_FUNC_RET); ++ ftrace_shutdown(&fgraph_ops, FTRACE_STOP_FUNC_RET); + unregister_pm_notifier(&ftrace_suspend_notifier); + unregister_trace_sched_switch(ftrace_graph_probe_sched_switch, NULL); + diff --git a/queue-3.12/mwifiex-correct-packet-length-for-packets-from-sdio-interface.patch b/queue-3.12/mwifiex-correct-packet-length-for-packets-from-sdio-interface.patch new file mode 100644 index 00000000000..d323dcf7183 --- /dev/null +++ b/queue-3.12/mwifiex-correct-packet-length-for-packets-from-sdio-interface.patch @@ -0,0 +1,35 @@ +From d03b4aa77e1187b77dfe37d14a923547f00baa66 Mon Sep 17 00:00:00 2001 +From: Avinash Patil +Date: Tue, 5 Nov 2013 15:01:44 -0800 +Subject: mwifiex: correct packet length for packets from SDIO interface + +From: Avinash Patil + +commit d03b4aa77e1187b77dfe37d14a923547f00baa66 upstream. + +While receiving a packet on SDIO interface, we allocate skb with +size multiple of SDIO block size. We need to resize this skb +after RX using packet length from RX header. + +Signed-off-by: Avinash Patil +Signed-off-by: Bing Zhao +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/mwifiex/sdio.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/wireless/mwifiex/sdio.c ++++ b/drivers/net/wireless/mwifiex/sdio.c +@@ -1029,7 +1029,10 @@ static int mwifiex_decode_rx_packet(stru + struct sk_buff *skb, u32 upld_typ) + { + u8 *cmd_buf; ++ __le16 *curr_ptr = (__le16 *)skb->data; ++ u16 pkt_len = le16_to_cpu(*curr_ptr); + ++ skb_trim(skb, pkt_len); + skb_pull(skb, INTF_HEADER_LEN); + + switch (upld_typ) { diff --git a/queue-3.12/mwifiex-fix-wrong-eth_hdr-usage-for-bridged-packets-in-ap-mode.patch b/queue-3.12/mwifiex-fix-wrong-eth_hdr-usage-for-bridged-packets-in-ap-mode.patch new file mode 100644 index 00000000000..42757c9c26f --- /dev/null +++ b/queue-3.12/mwifiex-fix-wrong-eth_hdr-usage-for-bridged-packets-in-ap-mode.patch @@ -0,0 +1,74 @@ +From 8d93f1f309d38b65fce0b9f0de91ba6c96990c07 Mon Sep 17 00:00:00 2001 +From: Ujjal Roy +Date: Tue, 5 Nov 2013 15:01:45 -0800 +Subject: mwifiex: fix wrong eth_hdr usage for bridged packets in AP mode + +From: Ujjal Roy + +commit 8d93f1f309d38b65fce0b9f0de91ba6c96990c07 upstream. + +The eth_hdr is never defined in this driver but it gets compiled +without any warning/error because kernel has defined eth_hdr. + +Fix it by defining our own p_ethhdr and use it instead of eth_hdr. + +Signed-off-by: Ujjal Roy +Signed-off-by: Amitkumar Karwar +Signed-off-by: Bing Zhao +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/mwifiex/uap_txrx.c | 29 ++++++++++++++++++++++++++--- + 1 file changed, 26 insertions(+), 3 deletions(-) + +--- a/drivers/net/wireless/mwifiex/uap_txrx.c ++++ b/drivers/net/wireless/mwifiex/uap_txrx.c +@@ -97,6 +97,7 @@ static void mwifiex_uap_queue_bridged_pk + struct mwifiex_txinfo *tx_info; + int hdr_chop; + struct timeval tv; ++ struct ethhdr *p_ethhdr; + u8 rfc1042_eth_hdr[ETH_ALEN] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; + + uap_rx_pd = (struct uap_rxpd *)(skb->data); +@@ -112,14 +113,36 @@ static void mwifiex_uap_queue_bridged_pk + } + + if (!memcmp(&rx_pkt_hdr->rfc1042_hdr, +- rfc1042_eth_hdr, sizeof(rfc1042_eth_hdr))) ++ rfc1042_eth_hdr, sizeof(rfc1042_eth_hdr))) { ++ /* Replace the 803 header and rfc1042 header (llc/snap) with ++ * an Ethernet II header, keep the src/dst and snap_type ++ * (ethertype). ++ * ++ * The firmware only passes up SNAP frames converting all RX ++ * data from 802.11 to 802.2/LLC/SNAP frames. ++ * ++ * To create the Ethernet II, just move the src, dst address ++ * right before the snap_type. ++ */ ++ p_ethhdr = (struct ethhdr *) ++ ((u8 *)(&rx_pkt_hdr->eth803_hdr) ++ + sizeof(rx_pkt_hdr->eth803_hdr) ++ + sizeof(rx_pkt_hdr->rfc1042_hdr) ++ - sizeof(rx_pkt_hdr->eth803_hdr.h_dest) ++ - sizeof(rx_pkt_hdr->eth803_hdr.h_source) ++ - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type)); ++ memcpy(p_ethhdr->h_source, rx_pkt_hdr->eth803_hdr.h_source, ++ sizeof(p_ethhdr->h_source)); ++ memcpy(p_ethhdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest, ++ sizeof(p_ethhdr->h_dest)); + /* Chop off the rxpd + the excess memory from + * 802.2/llc/snap header that was removed. + */ +- hdr_chop = (u8 *)eth_hdr - (u8 *)uap_rx_pd; +- else ++ hdr_chop = (u8 *)p_ethhdr - (u8 *)uap_rx_pd; ++ } else { + /* Chop off the rxpd */ + hdr_chop = (u8 *)&rx_pkt_hdr->eth803_hdr - (u8 *)uap_rx_pd; ++ } + + /* Chop off the leading header bytes so the it points + * to the start of either the reconstructed EthII frame diff --git a/queue-3.12/n_tty-ensure-reader-restarts-worker-for-next-reader.patch b/queue-3.12/n_tty-ensure-reader-restarts-worker-for-next-reader.patch new file mode 100644 index 00000000000..5e9f824217f --- /dev/null +++ b/queue-3.12/n_tty-ensure-reader-restarts-worker-for-next-reader.patch @@ -0,0 +1,42 @@ +From 42458f41d08f0873299e830464c1232a6839297d Mon Sep 17 00:00:00 2001 +From: Peter Hurley +Date: Thu, 7 Nov 2013 13:59:46 -0500 +Subject: n_tty: Ensure reader restarts worker for next reader + +From: Peter Hurley + +commit 42458f41d08f0873299e830464c1232a6839297d upstream. + +A departing reader must restart a flush_to_ldisc() worker _before_ +the next reader enters the read loop; this is to avoid the new reader +concluding no more i/o is available and prematurely exiting, when the +old reader simply hasn't re-started the worker yet. + +Signed-off-by: Peter Hurley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/n_tty.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -2253,6 +2253,9 @@ static ssize_t n_tty_read(struct tty_str + if (time) + timeout = time; + } ++ n_tty_set_room(tty); ++ up_read(&tty->termios_rwsem); ++ + mutex_unlock(&ldata->atomic_read_lock); + remove_wait_queue(&tty->read_wait, &wait); + +@@ -2263,8 +2266,6 @@ static ssize_t n_tty_read(struct tty_str + if (b - buf) + retval = b - buf; + +- n_tty_set_room(tty); +- up_read(&tty->termios_rwsem); + return retval; + } + diff --git a/queue-3.12/n_tty-fix-4096-byte-canonical-reads.patch b/queue-3.12/n_tty-fix-4096-byte-canonical-reads.patch new file mode 100644 index 00000000000..662e2cf1419 --- /dev/null +++ b/queue-3.12/n_tty-fix-4096-byte-canonical-reads.patch @@ -0,0 +1,43 @@ +From c77569d2f3ef7844ee4ac7005a57da6898b302a8 Mon Sep 17 00:00:00 2001 +From: Peter Hurley +Date: Fri, 22 Nov 2013 07:16:25 -0500 +Subject: n_tty: Fix 4096-byte canonical reads + +From: Peter Hurley + +commit c77569d2f3ef7844ee4ac7005a57da6898b302a8 upstream. + +Although the maximum allowable canonical line is specified to +be 255 bytes (MAX_CANON), the practical limit has actually been +the size of the line discipline read buffer (N_TTY_BUF_SIZE == 4096). + +Commit 32f13521ca68bc624ff6effc77f308a52b038bf0, +n_tty: Line copy to user buffer in canonical mode, limited the +line copy to 4095 bytes. With a completely full line discipline +read buffer and a userspace buffer > 4095, _no_ data was copied, +and the read() syscall returned 0, indicating EOF. + +Fix the interval arithmetic to compute the correct number of bytes +to copy to userspace in the range [1..4096]. + +Signed-off-by: Peter Hurley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/n_tty.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -2005,7 +2005,10 @@ static int canon_copy_from_read_buf(stru + found = 1; + + size = N_TTY_BUF_SIZE - tail; +- n = (found + eol + size) & (N_TTY_BUF_SIZE - 1); ++ n = eol - tail; ++ if (n > 4096) ++ n += 4096; ++ n += found; + c = n; + + if (found && read_buf(ldata, eol) == __DISABLED_CHAR) { diff --git a/queue-3.12/n_tty-fix-echo-overrun-tail-computation.patch b/queue-3.12/n_tty-fix-echo-overrun-tail-computation.patch new file mode 100644 index 00000000000..6f9d7017285 --- /dev/null +++ b/queue-3.12/n_tty-fix-echo-overrun-tail-computation.patch @@ -0,0 +1,35 @@ +From 6f2225363c205e186c1465c2c7c84f17c1635504 Mon Sep 17 00:00:00 2001 +From: Peter Hurley +Date: Fri, 8 Nov 2013 09:42:18 -0500 +Subject: n_tty: Fix echo overrun tail computation + +From: Peter Hurley + +commit 6f2225363c205e186c1465c2c7c84f17c1635504 upstream. + +Commit cbfd0340ae1993378fd47179db949e050e16e697, +'n_tty: Process echoes in blocks', introduced an error when +consuming the echo buffer tail to prevent buffer overrun, where +the incorrect operation code byte is checked to determine how +far to advance the tail to the next echo byte. + +Check the correct byte for the echo operation code byte. + +Signed-off-by: Peter Hurley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/n_tty.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -768,7 +768,7 @@ static size_t __process_echoes(struct tt + * data at the tail to prevent a subsequent overrun */ + while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { + if (echo_buf(ldata, tail) == ECHO_OP_START) { +- if (echo_buf(ldata, tail) == ECHO_OP_ERASE_TAB) ++ if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB) + tail += 3; + else + tail += 2; diff --git a/queue-3.12/pci-remove-duplicate-pci_disable_device-from-pcie_portdrv_remove.patch b/queue-3.12/pci-remove-duplicate-pci_disable_device-from-pcie_portdrv_remove.patch new file mode 100644 index 00000000000..d1fa10e3845 --- /dev/null +++ b/queue-3.12/pci-remove-duplicate-pci_disable_device-from-pcie_portdrv_remove.patch @@ -0,0 +1,42 @@ +From e7cc5cf74544d97d7b69e2701595037474db1f96 Mon Sep 17 00:00:00 2001 +From: Yinghai Lu +Date: Mon, 18 Nov 2013 17:02:45 -0700 +Subject: PCI: Remove duplicate pci_disable_device() from pcie_portdrv_remove() + +From: Yinghai Lu + +commit e7cc5cf74544d97d7b69e2701595037474db1f96 upstream. + +The pcie_portdrv .probe() method calls pci_enable_device() once, in +pcie_port_device_register(), but the .remove() method calls +pci_disable_device() twice, in pcie_port_device_remove() and in +pcie_portdrv_remove(). + +That causes a "disabling already-disabled device" warning when removing a +PCIe port device. This happens all the time when removing Thunderbolt +devices, but is also easy to reproduce with, e.g., +"echo 0000:00:1c.3 > /sys/bus/pci/drivers/pcieport/unbind" + +This patch removes the disable from pcie_portdrv_remove(). + +[bhelgaas: changelog, tag for stable] +Reported-by: David Bulkow +Reported-by: Mika Westerberg +Signed-off-by: Yinghai Lu +Signed-off-by: Bjorn Helgaas +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/pcie/portdrv_pci.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/pci/pcie/portdrv_pci.c ++++ b/drivers/pci/pcie/portdrv_pci.c +@@ -223,7 +223,6 @@ static int pcie_portdrv_probe(struct pci + static void pcie_portdrv_remove(struct pci_dev *dev) + { + pcie_port_device_remove(dev); +- pci_disable_device(dev); + } + + static int error_detected_iter(struct device *device, void *data) diff --git a/queue-3.12/prism54-set-netdev-type-to-wlan.patch b/queue-3.12/prism54-set-netdev-type-to-wlan.patch new file mode 100644 index 00000000000..2c4c6b7d8ab --- /dev/null +++ b/queue-3.12/prism54-set-netdev-type-to-wlan.patch @@ -0,0 +1,45 @@ +From 8e3ffa471091c560deb6738ed9ab7445b7a5fd04 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Fri, 8 Nov 2013 13:39:44 -0600 +Subject: prism54: set netdev type to "wlan" + +From: Dan Williams + +commit 8e3ffa471091c560deb6738ed9ab7445b7a5fd04 upstream. + +Userspace uses the netdev devtype for stuff like device naming and type +detection. Be nice and set it. Remove the pointless #if/#endif around +SET_NETDEV_DEV too. + +Signed-off-by: Dan Williams +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/prism54/islpci_dev.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/prism54/islpci_dev.c ++++ b/drivers/net/wireless/prism54/islpci_dev.c +@@ -811,6 +811,10 @@ static const struct net_device_ops islpc + .ndo_validate_addr = eth_validate_addr, + }; + ++static struct device_type wlan_type = { ++ .name = "wlan", ++}; ++ + struct net_device * + islpci_setup(struct pci_dev *pdev) + { +@@ -821,9 +825,8 @@ islpci_setup(struct pci_dev *pdev) + return ndev; + + pci_set_drvdata(pdev, ndev); +-#if defined(SET_NETDEV_DEV) + SET_NETDEV_DEV(ndev, &pdev->dev); +-#endif ++ SET_NETDEV_DEVTYPE(ndev, &wlan_type); + + /* setup the structure members */ + ndev->base_addr = pci_resource_start(pdev, 0); diff --git a/queue-3.12/qxl-avoid-an-oops-in-the-deferred-io-code.patch b/queue-3.12/qxl-avoid-an-oops-in-the-deferred-io-code.patch new file mode 100644 index 00000000000..bf13458d73f --- /dev/null +++ b/queue-3.12/qxl-avoid-an-oops-in-the-deferred-io-code.patch @@ -0,0 +1,32 @@ +From cc87509d87696d7cd393882f5dedea01e03e41a9 Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Mon, 4 Nov 2013 16:38:08 +1000 +Subject: qxl: avoid an oops in the deferred io code. + +From: Dave Airlie + +commit cc87509d87696d7cd393882f5dedea01e03e41a9 upstream. + +If we are using deferred io due to plymouth or X.org fbdev driver +we will oops in memcpy due to this pointless multiply here, + +removing it fixes fbdev to start and not oops. + +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/qxl/qxl_fb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/qxl/qxl_fb.c ++++ b/drivers/gpu/drm/qxl/qxl_fb.c +@@ -108,7 +108,7 @@ static void qxl_fb_dirty_flush(struct fb + u32 x1, x2, y1, y2; + + /* TODO: hard coding 32 bpp */ +- int stride = qfbdev->qfb.base.pitches[0] * 4; ++ int stride = qfbdev->qfb.base.pitches[0]; + + x1 = qfbdev->dirty.x1; + x2 = qfbdev->dirty.x2; diff --git a/queue-3.12/regulator-pfuze100-allow-misprogrammed-id.patch b/queue-3.12/regulator-pfuze100-allow-misprogrammed-id.patch new file mode 100644 index 00000000000..4ecc753b112 --- /dev/null +++ b/queue-3.12/regulator-pfuze100-allow-misprogrammed-id.patch @@ -0,0 +1,41 @@ +From 88baf7148e899db7e0b676e4363647f50e48eaed Mon Sep 17 00:00:00 2001 +From: Tim Harvey +Date: Tue, 5 Nov 2013 21:17:25 -0800 +Subject: regulator: pfuze100: allow misprogrammed ID + +From: Tim Harvey + +commit 88baf7148e899db7e0b676e4363647f50e48eaed upstream. + +prior to week 08 of 2013 Freescale misprogrammed between 1 and 3% of +PFUZE1000 parts with a ID=0x8 instead of the expected ID=0x0 + +Signed-off-by: Tim Harvey +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/regulator/pfuze100-regulator.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/drivers/regulator/pfuze100-regulator.c ++++ b/drivers/regulator/pfuze100-regulator.c +@@ -308,9 +308,15 @@ static int pfuze_identify(struct pfuze_c + if (ret) + return ret; + +- if (value & 0x0f) { +- dev_warn(pfuze_chip->dev, "Illegal ID: %x\n", value); +- return -ENODEV; ++ switch (value & 0x0f) { ++ /* Freescale misprogrammed 1-3% of parts prior to week 8 of 2013 as ID=8 */ ++ case 0x8: ++ dev_info(pfuze_chip->dev, "Assuming misprogrammed ID=0x8"); ++ case 0x0: ++ break; ++ default: ++ dev_warn(pfuze_chip->dev, "Illegal ID: %x\n", value); ++ return -ENODEV; + } + + ret = regmap_read(pfuze_chip->regmap, PFUZE100_REVID, &value); diff --git a/queue-3.12/selinux-correct-locking-in-selinux_netlbl_socket_connect.patch b/queue-3.12/selinux-correct-locking-in-selinux_netlbl_socket_connect.patch new file mode 100644 index 00000000000..9f2d7cd10a5 --- /dev/null +++ b/queue-3.12/selinux-correct-locking-in-selinux_netlbl_socket_connect.patch @@ -0,0 +1,78 @@ +From 42d64e1add3a1ce8a787116036163b8724362145 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Thu, 26 Sep 2013 17:00:46 -0400 +Subject: selinux: correct locking in selinux_netlbl_socket_connect) + +From: Paul Moore + +commit 42d64e1add3a1ce8a787116036163b8724362145 upstream. + +The SELinux/NetLabel glue code has a locking bug that affects systems +with NetLabel enabled, see the kernel error message below. This patch +corrects this problem by converting the bottom half socket lock to a +more conventional, and correct for this call-path, lock_sock() call. + + =============================== + [ INFO: suspicious RCU usage. ] + 3.11.0-rc3+ #19 Not tainted + ------------------------------- + net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage! + + other info that might help us debug this: + + rcu_scheduler_active = 1, debug_locks = 0 + 2 locks held by ping/731: + #0: (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect + #1: (rcu_read_lock){.+.+..}, at: [<...>] netlbl_conn_setattr + + stack backtrace: + CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19 + Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 + 0000000000000001 ffff88006f659d28 ffffffff81726b6a ffff88003732c500 + ffff88006f659d58 ffffffff810e4457 ffff88006b845a00 0000000000000000 + 000000000000000c ffff880075aa2f50 ffff88006f659d90 ffffffff8169bec7 + Call Trace: + [] dump_stack+0x54/0x74 + [] lockdep_rcu_suspicious+0xe7/0x120 + [] cipso_v4_sock_setattr+0x187/0x1a0 + [] netlbl_conn_setattr+0x187/0x190 + [] ? netlbl_conn_setattr+0x5/0x190 + [] selinux_netlbl_socket_connect+0xae/0xc0 + [] selinux_socket_connect+0x135/0x170 + [] ? might_fault+0x57/0xb0 + [] security_socket_connect+0x16/0x20 + [] SYSC_connect+0x73/0x130 + [] ? sysret_check+0x22/0x5d + [] ? trace_hardirqs_on_caller+0xfd/0x1c0 + [] ? trace_hardirqs_on_thunk+0x3a/0x3f + [] SyS_connect+0xe/0x10 + [] system_call_fastpath+0x16/0x1b + +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/netlabel.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/security/selinux/netlabel.c ++++ b/security/selinux/netlabel.c +@@ -442,8 +442,7 @@ int selinux_netlbl_socket_connect(struct + sksec->nlbl_state != NLBL_CONNLABELED) + return 0; + +- local_bh_disable(); +- bh_lock_sock_nested(sk); ++ lock_sock(sk); + + /* connected sockets are allowed to disconnect when the address family + * is set to AF_UNSPEC, if that is what is happening we want to reset +@@ -464,7 +463,6 @@ int selinux_netlbl_socket_connect(struct + sksec->nlbl_state = NLBL_CONNLABELED; + + socket_connect_return: +- bh_unlock_sock(sk); +- local_bh_enable(); ++ release_sock(sk); + return rc; + } diff --git a/queue-3.12/series b/queue-3.12/series index d78b230826d..ca6728b2926 100644 --- a/queue-3.12/series +++ b/queue-3.12/series @@ -96,3 +96,28 @@ blk-core-fix-memory-corruption-if-blkcg_init_queue-fails.patch pm-hibernate-avoid-overflow-in-hibernate_preallocate_memory.patch pm-runtime-use-pm_runtime_put_sync-in-__device_release_driver.patch pm-hibernate-do-not-crash-kernel-in-free_basic_memory_bitmaps.patch +qxl-avoid-an-oops-in-the-deferred-io-code.patch +drm-qxl-fix-memory-leak-in-release-list-handling.patch +bcache-fix-dirty_data-accounting.patch +cifs-fix-symbolic-links-usage.patch +mwifiex-correct-packet-length-for-packets-from-sdio-interface.patch +mwifiex-fix-wrong-eth_hdr-usage-for-bridged-packets-in-ap-mode.patch +audit-printk-user_avc-messages-when-audit-isn-t-enabled.patch +audit-use-nlmsg_len-to-get-message-payload-length.patch +audit-fix-info-leak-in-audit_get-requests.patch +audit-add-child-record-before-the-create-to-handle-case-where-create-fails.patch +audit-log-the-audit_names-record-type.patch +pci-remove-duplicate-pci_disable_device-from-pcie_portdrv_remove.patch +acpi-hotplug-fix-conflicted-pci-bridge-notify-handlers.patch +selinux-correct-locking-in-selinux_netlbl_socket_connect.patch +avr32-setup-crt-for-early-panic.patch +avr32-fix-out-of-range-jump-in-large-kernels.patch +n_tty-fix-4096-byte-canonical-reads.patch +tty-incorrect-test-of-echo_buf-result-for-echo_op_start.patch +n_tty-fix-echo-overrun-tail-computation.patch +tty-reset-hupped-state-on-open.patch +n_tty-ensure-reader-restarts-worker-for-next-reader.patch +prism54-set-netdev-type-to-wlan.patch +regulator-pfuze100-allow-misprogrammed-id.patch +sony-laptop-do-not-scribble-keyboard-backlight-registers-on.patch +ftrace-fix-function-graph-with-loading-of-modules.patch diff --git a/queue-3.12/sony-laptop-do-not-scribble-keyboard-backlight-registers-on.patch b/queue-3.12/sony-laptop-do-not-scribble-keyboard-backlight-registers-on.patch new file mode 100644 index 00000000000..1196577e706 --- /dev/null +++ b/queue-3.12/sony-laptop-do-not-scribble-keyboard-backlight-registers-on.patch @@ -0,0 +1,75 @@ +From b975dc3689fc6a3718ad288ce080924f9cb7e176 Mon Sep 17 00:00:00 2001 +From: Mattia Dongili +Date: Tue, 26 Nov 2013 07:43:50 +0900 +Subject: sony-laptop: do not scribble keyboard backlight registers on + resume + +From: Mattia Dongili + +commit b975dc3689fc6a3718ad288ce080924f9cb7e176 upstream. + +Follow-up to commit 294d31e8227c ("sony-laptop: don't change keyboard +backlight settings"): avoid messing up the state on resume. Leave it to +what was before suspending as it's anyway likely that we still don't +know what value we should write to the EC registers. This fix is also +required in 3.12 + +Tested-by: Karol Babioch +Signed-off-by: Mattia Dongili +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/platform/x86/sony-laptop.c | 27 --------------------------- + 1 file changed, 27 deletions(-) + +--- a/drivers/platform/x86/sony-laptop.c ++++ b/drivers/platform/x86/sony-laptop.c +@@ -140,7 +140,6 @@ MODULE_PARM_DESC(kbd_backlight_timeout, + "on the model (default: no change from current value)"); + + #ifdef CONFIG_PM_SLEEP +-static void sony_nc_kbd_backlight_resume(void); + static void sony_nc_thermal_resume(void); + #endif + static int sony_nc_kbd_backlight_setup(struct platform_device *pd, +@@ -1486,13 +1485,6 @@ static void sony_nc_function_resume(void + case 0x0135: + sony_nc_rfkill_update(); + break; +- case 0x0137: +- case 0x0143: +- case 0x014b: +- case 0x014c: +- case 0x0163: +- sony_nc_kbd_backlight_resume(); +- break; + default: + continue; + } +@@ -1894,25 +1886,6 @@ static void sony_nc_kbd_backlight_cleanu + } + } + +-#ifdef CONFIG_PM_SLEEP +-static void sony_nc_kbd_backlight_resume(void) +-{ +- int ignore = 0; +- +- if (!kbdbl_ctl) +- return; +- +- if (kbdbl_ctl->mode == 0) +- sony_call_snc_handle(kbdbl_ctl->handle, kbdbl_ctl->base, +- &ignore); +- +- if (kbdbl_ctl->timeout != 0) +- sony_call_snc_handle(kbdbl_ctl->handle, +- (kbdbl_ctl->base + 0x200) | +- (kbdbl_ctl->timeout << 0x10), &ignore); +-} +-#endif +- + struct battery_care_control { + struct device_attribute attrs[2]; + unsigned int handle; diff --git a/queue-3.12/tty-incorrect-test-of-echo_buf-result-for-echo_op_start.patch b/queue-3.12/tty-incorrect-test-of-echo_buf-result-for-echo_op_start.patch new file mode 100644 index 00000000000..935d8188427 --- /dev/null +++ b/queue-3.12/tty-incorrect-test-of-echo_buf-result-for-echo_op_start.patch @@ -0,0 +1,30 @@ +From c476f6584b0011741b4f0316f1ac4aa3a99403e1 Mon Sep 17 00:00:00 2001 +From: Roel Kluin +Date: Fri, 11 Oct 2013 22:08:49 +0200 +Subject: tty: incorrect test of echo_buf() result for ECHO_OP_START + +From: Roel Kluin + +commit c476f6584b0011741b4f0316f1ac4aa3a99403e1 upstream. + +test echo_buf() result for ECHO_OP_START + +Signed-off-by: Roel Kluin +Acked-by: Peter Hurley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/n_tty.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/n_tty.c ++++ b/drivers/tty/n_tty.c +@@ -767,7 +767,7 @@ static size_t __process_echoes(struct tt + * of echo overrun before the next commit), then discard enough + * data at the tail to prevent a subsequent overrun */ + while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { +- if (echo_buf(ldata, tail == ECHO_OP_START)) { ++ if (echo_buf(ldata, tail) == ECHO_OP_START) { + if (echo_buf(ldata, tail) == ECHO_OP_ERASE_TAB) + tail += 3; + else diff --git a/queue-3.12/tty-reset-hupped-state-on-open.patch b/queue-3.12/tty-reset-hupped-state-on-open.patch new file mode 100644 index 00000000000..b79598e081b --- /dev/null +++ b/queue-3.12/tty-reset-hupped-state-on-open.patch @@ -0,0 +1,37 @@ +From d4855e1fc03c2bb32dd64badf51cec5a2a26ab2a Mon Sep 17 00:00:00 2001 +From: Peter Hurley +Date: Tue, 19 Nov 2013 08:46:27 -0500 +Subject: tty: Reset hupped state on open + +From: Peter Hurley + +commit d4855e1fc03c2bb32dd64badf51cec5a2a26ab2a upstream. + +A common security idiom is to hangup the current tty (via vhangup()) +after forking but before execing a root shell. This hangs up any +existing opens which other processes may have and ensures subsequent +opens have the necessary permissions to open the root shell tty/pty. + +Reset the TTY_HUPPED state after the driver has successfully +returned the opened tty (perform the reset while the tty is locked +to avoid racing with concurrent hangups). + +Reported-by: Heorhi Valakhanovich +Signed-off-by: Peter Hurley +Tested-by: Heorhi Valakhanovich +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/tty_io.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -2086,6 +2086,7 @@ retry_open: + filp->f_op = &tty_fops; + goto retry_open; + } ++ clear_bit(TTY_HUPPED, &tty->flags); + tty_unlock(tty); + +