From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 24 May 2012 05:10:33 +0000 (-0700)
Subject: 3.4-stable patches
X-Git-Tag: v3.0.33~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=273ec00a3ad50c415c50c4d8b6897d3a695d25f6;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	isdn-gigaset-fix-capi-disconnect-b3-handling.patch
	isdn-gigaset-improve-error-handling-querying-firmware-version.patch
	isdn-gigaset-ratelimit-capi-message-dumps.patch
	vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch
---

diff --git a/queue-3.4/isdn-gigaset-fix-capi-disconnect-b3-handling.patch b/queue-3.4/isdn-gigaset-fix-capi-disconnect-b3-handling.patch
new file mode 100644
index 00000000000..c9ddebc7e25
--- /dev/null
+++ b/queue-3.4/isdn-gigaset-fix-capi-disconnect-b3-handling.patch
@@ -0,0 +1,43 @@
+From 62a1cfe052346b96a552b6a9178d412c709711bb Mon Sep 17 00:00:00 2001
+From: Tilman Schmidt <tilman@imap.cc>
+Date: Wed, 25 Apr 2012 13:02:20 +0000
+Subject: isdn/gigaset: fix CAPI disconnect B3 handling
+
+From: Tilman Schmidt <tilman@imap.cc>
+
+commit 62a1cfe052346b96a552b6a9178d412c709711bb upstream.
+
+If DISCONNECT_B3_IND was synthesized because of a DISCONNECT_REQ
+with existing logical connections, the connection state wasn't
+updated accordingly. Also the emitted DISCONNECT_B3_IND message
+wasn't included in the debug log as requested.
+This patch fixes both of these issues.
+
+Signed-off-by: Tilman Schmidt <tilman@imap.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/isdn/gigaset/capi.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/isdn/gigaset/capi.c
++++ b/drivers/isdn/gigaset/capi.c
+@@ -1887,6 +1887,9 @@ static void do_disconnect_req(struct gig
+ 
+ 	/* check for active logical connection */
+ 	if (bcs->apconnstate >= APCONN_ACTIVE) {
++		/* clear it */
++		bcs->apconnstate = APCONN_SETUP;
++
+ 		/*
+ 		 * emit DISCONNECT_B3_IND with cause 0x3301
+ 		 * use separate cmsg structure, as the content of iif->acmsg
+@@ -1911,6 +1914,7 @@ static void do_disconnect_req(struct gig
+ 		}
+ 		capi_cmsg2message(b3cmsg,
+ 				  __skb_put(b3skb, CAPI_DISCONNECT_B3_IND_BASELEN));
++		dump_cmsg(DEBUG_CMD, __func__, b3cmsg);
+ 		kfree(b3cmsg);
+ 		capi_ctr_handle_message(&iif->ctr, ap->id, b3skb);
+ 	}
diff --git a/queue-3.4/isdn-gigaset-improve-error-handling-querying-firmware-version.patch b/queue-3.4/isdn-gigaset-improve-error-handling-querying-firmware-version.patch
new file mode 100644
index 00000000000..0ce9a1b9965
--- /dev/null
+++ b/queue-3.4/isdn-gigaset-improve-error-handling-querying-firmware-version.patch
@@ -0,0 +1,43 @@
+From e055d03dc088a990fe5ea24a2d64033a168da23c Mon Sep 17 00:00:00 2001
+From: Tilman Schmidt <tilman@imap.cc>
+Date: Wed, 25 Apr 2012 13:02:20 +0000
+Subject: isdn/gigaset: improve error handling querying firmware version
+
+From: Tilman Schmidt <tilman@imap.cc>
+
+commit e055d03dc088a990fe5ea24a2d64033a168da23c upstream.
+
+An out-of-place "OK" response to the "AT+GMR" (get firmware version)
+command turns out to be, more often than not, a delayed response to
+a previous command rather than an actual error, so continue waiting
+for the version number in that case.
+
+Signed-off-by: Tilman Schmidt <tilman@imap.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/isdn/gigaset/ev-layer.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/isdn/gigaset/ev-layer.c
++++ b/drivers/isdn/gigaset/ev-layer.c
+@@ -190,6 +190,7 @@ struct reply_t gigaset_tab_nocid[] =
+ 								  ACT_INIT} },
+ 	{RSP_OK,	121, 121, -1,			  0,  0, {ACT_GOTVER,
+ 								  ACT_INIT} },
++	{RSP_NONE,	121, 121, -1,			120,  0, {ACT_GETSTRING} },
+ 
+ /* leave dle mode */
+ 	{RSP_INIT,	  0,   0, SEQ_DLE0,		201,  5, {0},	"^SDLE=0\r"},
+@@ -1314,8 +1315,9 @@ static void do_action(int action, struct
+ 		s = ev->ptr;
+ 
+ 		if (!strcmp(s, "OK")) {
++			/* OK without version string: assume old response */
+ 			*p_genresp = 1;
+-			*p_resp_code = RSP_ERROR;
++			*p_resp_code = RSP_NONE;
+ 			break;
+ 		}
+ 
diff --git a/queue-3.4/isdn-gigaset-ratelimit-capi-message-dumps.patch b/queue-3.4/isdn-gigaset-ratelimit-capi-message-dumps.patch
new file mode 100644
index 00000000000..4a81d4c4d6c
--- /dev/null
+++ b/queue-3.4/isdn-gigaset-ratelimit-capi-message-dumps.patch
@@ -0,0 +1,85 @@
+From 8e618aad5348b6e6c5a90e8d97ea643197963b20 Mon Sep 17 00:00:00 2001
+From: Tilman Schmidt <tilman@imap.cc>
+Date: Wed, 25 Apr 2012 13:02:19 +0000
+Subject: isdn/gigaset: ratelimit CAPI message dumps
+
+From: Tilman Schmidt <tilman@imap.cc>
+
+commit 8e618aad5348b6e6c5a90e8d97ea643197963b20 upstream.
+
+Introduce a global ratelimit for CAPI message dumps to protect
+against possible log flood.
+Drop the ratelimit for ignored messages which is now covered by the
+global one.
+
+Signed-off-by: Tilman Schmidt <tilman@imap.cc>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/isdn/gigaset/capi.c |   22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+--- a/drivers/isdn/gigaset/capi.c
++++ b/drivers/isdn/gigaset/capi.c
+@@ -14,6 +14,7 @@
+ #include "gigaset.h"
+ #include <linux/proc_fs.h>
+ #include <linux/seq_file.h>
++#include <linux/ratelimit.h>
+ #include <linux/isdn/capilli.h>
+ #include <linux/isdn/capicmd.h>
+ #include <linux/isdn/capiutil.h>
+@@ -223,10 +224,14 @@ get_appl(struct gigaset_capi_ctr *iif, u
+ static inline void dump_cmsg(enum debuglevel level, const char *tag, _cmsg *p)
+ {
+ #ifdef CONFIG_GIGASET_DEBUG
++	/* dump at most 20 messages in 20 secs */
++	static DEFINE_RATELIMIT_STATE(msg_dump_ratelimit, 20 * HZ, 20);
+ 	_cdebbuf *cdb;
+ 
+ 	if (!(gigaset_debuglevel & level))
+ 		return;
++	if (!___ratelimit(&msg_dump_ratelimit, tag))
++		return;
+ 
+ 	cdb = capi_cmsg2str(p);
+ 	if (cdb) {
+@@ -2059,12 +2064,6 @@ static void do_reset_b3_req(struct gigas
+ }
+ 
+ /*
+- * dump unsupported/ignored messages at most twice per minute,
+- * some apps send those very frequently
+- */
+-static unsigned long ignored_msg_dump_time;
+-
+-/*
+  * unsupported CAPI message handler
+  */
+ static void do_unsupported(struct gigaset_capi_ctr *iif,
+@@ -2073,8 +2072,7 @@ static void do_unsupported(struct gigase
+ {
+ 	/* decode message */
+ 	capi_message2cmsg(&iif->acmsg, skb->data);
+-	if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000))
+-		dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
++	dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+ 	send_conf(iif, ap, skb, CapiMessageNotSupportedInCurrentState);
+ }
+ 
+@@ -2085,11 +2083,9 @@ static void do_nothing(struct gigaset_ca
+ 		       struct gigaset_capi_appl *ap,
+ 		       struct sk_buff *skb)
+ {
+-	if (printk_timed_ratelimit(&ignored_msg_dump_time, 30 * 1000)) {
+-		/* decode message */
+-		capi_message2cmsg(&iif->acmsg, skb->data);
+-		dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+-	}
++	/* decode message */
++	capi_message2cmsg(&iif->acmsg, skb->data);
++	dump_cmsg(DEBUG_CMD, __func__, &iif->acmsg);
+ 	dev_kfree_skb_any(skb);
+ }
+ 
diff --git a/queue-3.4/series b/queue-3.4/series
new file mode 100644
index 00000000000..fb435f9f4ca
--- /dev/null
+++ b/queue-3.4/series
@@ -0,0 +1,4 @@
+isdn-gigaset-ratelimit-capi-message-dumps.patch
+isdn-gigaset-fix-capi-disconnect-b3-handling.patch
+isdn-gigaset-improve-error-handling-querying-firmware-version.patch
+vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch
diff --git a/queue-3.4/vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch b/queue-3.4/vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch
new file mode 100644
index 00000000000..d517d8ad663
--- /dev/null
+++ b/queue-3.4/vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch
@@ -0,0 +1,106 @@
+From a70b52ec1aaeaf60f4739edb1b422827cb6f3893 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 21 May 2012 16:06:20 -0700
+Subject: vfs: make AIO use the proper rw_verify_area() area helpers
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit a70b52ec1aaeaf60f4739edb1b422827cb6f3893 upstream.
+
+We had for some reason overlooked the AIO interface, and it didn't use
+the proper rw_verify_area() helper function that checks (for example)
+mandatory locking on the file, and that the size of the access doesn't
+cause us to overflow the provided offset limits etc.
+
+Instead, AIO did just the security_file_permission() thing (that
+rw_verify_area() also does) directly.
+
+This fixes it to do all the proper helper functions, which not only
+means that now mandatory file locking works with AIO too, we can
+actually remove lines of code.
+
+Reported-by: Manish Honap <manish_honap_vit@yahoo.co.in>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/aio.c |   30 ++++++++++++++----------------
+ 1 file changed, 14 insertions(+), 16 deletions(-)
+
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -1456,6 +1456,10 @@ static ssize_t aio_setup_vectored_rw(int
+ 	if (ret < 0)
+ 		goto out;
+ 
++	ret = rw_verify_area(type, kiocb->ki_filp, &kiocb->ki_pos, ret);
++	if (ret < 0)
++		goto out;
++
+ 	kiocb->ki_nr_segs = kiocb->ki_nbytes;
+ 	kiocb->ki_cur_seg = 0;
+ 	/* ki_nbytes/left now reflect bytes instead of segs */
+@@ -1467,11 +1471,17 @@ out:
+ 	return ret;
+ }
+ 
+-static ssize_t aio_setup_single_vector(struct kiocb *kiocb)
++static ssize_t aio_setup_single_vector(int type, struct file * file, struct kiocb *kiocb)
+ {
++	int bytes;
++
++	bytes = rw_verify_area(type, file, &kiocb->ki_pos, kiocb->ki_left);
++	if (bytes < 0)
++		return bytes;
++
+ 	kiocb->ki_iovec = &kiocb->ki_inline_vec;
+ 	kiocb->ki_iovec->iov_base = kiocb->ki_buf;
+-	kiocb->ki_iovec->iov_len = kiocb->ki_left;
++	kiocb->ki_iovec->iov_len = bytes;
+ 	kiocb->ki_nr_segs = 1;
+ 	kiocb->ki_cur_seg = 0;
+ 	return 0;
+@@ -1496,10 +1506,7 @@ static ssize_t aio_setup_iocb(struct kio
+ 		if (unlikely(!access_ok(VERIFY_WRITE, kiocb->ki_buf,
+ 			kiocb->ki_left)))
+ 			break;
+-		ret = security_file_permission(file, MAY_READ);
+-		if (unlikely(ret))
+-			break;
+-		ret = aio_setup_single_vector(kiocb);
++		ret = aio_setup_single_vector(READ, file, kiocb);
+ 		if (ret)
+ 			break;
+ 		ret = -EINVAL;
+@@ -1514,10 +1521,7 @@ static ssize_t aio_setup_iocb(struct kio
+ 		if (unlikely(!access_ok(VERIFY_READ, kiocb->ki_buf,
+ 			kiocb->ki_left)))
+ 			break;
+-		ret = security_file_permission(file, MAY_WRITE);
+-		if (unlikely(ret))
+-			break;
+-		ret = aio_setup_single_vector(kiocb);
++		ret = aio_setup_single_vector(WRITE, file, kiocb);
+ 		if (ret)
+ 			break;
+ 		ret = -EINVAL;
+@@ -1528,9 +1532,6 @@ static ssize_t aio_setup_iocb(struct kio
+ 		ret = -EBADF;
+ 		if (unlikely(!(file->f_mode & FMODE_READ)))
+ 			break;
+-		ret = security_file_permission(file, MAY_READ);
+-		if (unlikely(ret))
+-			break;
+ 		ret = aio_setup_vectored_rw(READ, kiocb, compat);
+ 		if (ret)
+ 			break;
+@@ -1542,9 +1543,6 @@ static ssize_t aio_setup_iocb(struct kio
+ 		ret = -EBADF;
+ 		if (unlikely(!(file->f_mode & FMODE_WRITE)))
+ 			break;
+-		ret = security_file_permission(file, MAY_WRITE);
+-		if (unlikely(ret))
+-			break;
+ 		ret = aio_setup_vectored_rw(WRITE, kiocb, compat);
+ 		if (ret)
+ 			break;