From: Greg Kroah-Hartman Date: Sat, 18 Apr 2009 00:48:12 +0000 (-0700) Subject: add a bunch of .29 patches in .27 X-Git-Tag: v2.6.29.2~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=387a1562f4171c82f71ddc8994ae14edffcc1274;p=thirdparty%2Fkernel%2Fstable-queue.git add a bunch of .29 patches in .27 --- diff --git a/queue-2.6.27/0008-USB-EHCI-add-software-retry-for-transaction-errors.patch b/queue-2.6.27/0008-USB-EHCI-add-software-retry-for-transaction-errors.patch new file mode 100644 index 00000000000..5e1586af621 --- /dev/null +++ b/queue-2.6.27/0008-USB-EHCI-add-software-retry-for-transaction-errors.patch @@ -0,0 +1,101 @@ +From 39f8c8a3ef3864bb8ed42c5d2159d6a9b0f0b36c Mon Sep 17 00:00:00 2001 +From: Alan Stern +Date: Thu, 26 Mar 2009 18:25:05 +0000 +Subject: USB: EHCI: add software retry for transaction errors + +upstream commit: a2c2706e1043c17139c2dafd171c4a5cf008ef7e + +This patch (as1204) adds a software retry mechanism to ehci-hcd. It +gets invoked when the driver encounters transaction errors on an +asynchronous endpoint. On many systems, hardware deficiencies cause +such errors to occur if one device is unplugged while the host is +communicating with another device. With the patch, the failed +transactions are retried and generally succeed the second or third +time through. + +This is based on code originally written by Koichiro Saito. + +Signed-off-by: Alan Stern +Tested by: Koichiro Saito +CC: David Brownell +Cc: stable +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Chris Wright +--- + drivers/usb/host/ehci-q.c | 32 ++++++++++++++++++++++++++++++++ + drivers/usb/host/ehci.h | 3 +++ + 2 files changed, 35 insertions(+) + +--- a/drivers/usb/host/ehci.h ++++ b/drivers/usb/host/ehci.h +@@ -500,6 +500,9 @@ struct ehci_qh { + #define QH_STATE_UNLINK_WAIT 4 /* LINKED and on reclaim q */ + #define QH_STATE_COMPLETING 5 /* don't touch token.HALT */ + ++ u8 xacterrs; /* XactErr retry counter */ ++#define QH_XACTERR_MAX 32 /* XactErr retry limit */ ++ + /* periodic schedule info */ + u8 usecs; /* intr bandwidth */ + u8 gap_uf; /* uframes split/csplit gap */ +--- a/drivers/usb/host/ehci-q.c ++++ b/drivers/usb/host/ehci-q.c +@@ -333,12 +333,40 @@ qh_completions (struct ehci_hcd *ehci, s + token = hc32_to_cpu(ehci, qtd->hw_token); + + /* always clean up qtds the hc de-activated */ ++ retry_xacterr: + if ((token & QTD_STS_ACTIVE) == 0) { + + /* on STALL, error, and short reads this urb must + * complete and all its qtds must be recycled. + */ + if ((token & QTD_STS_HALT) != 0) { ++ ++ /* retry transaction errors until we ++ * reach the software xacterr limit ++ */ ++ if ((token & QTD_STS_XACT) && ++ QTD_CERR(token) == 0 && ++ --qh->xacterrs > 0 && ++ !urb->unlinked) { ++ ehci_dbg(ehci, ++ "detected XactErr len %d/%d retry %d\n", ++ qtd->length - QTD_LENGTH(token), qtd->length, ++ QH_XACTERR_MAX - qh->xacterrs); ++ ++ /* reset the token in the qtd and the ++ * qh overlay (which still contains ++ * the qtd) so that we pick up from ++ * where we left off ++ */ ++ token &= ~QTD_STS_HALT; ++ token |= QTD_STS_ACTIVE | ++ (EHCI_TUNE_CERR << 10); ++ qtd->hw_token = cpu_to_hc32(ehci, ++ token); ++ wmb(); ++ qh->hw_token = cpu_to_hc32(ehci, token); ++ goto retry_xacterr; ++ } + stopped = 1; + + /* magic dummy for some short reads; qh won't advance. +@@ -421,6 +449,9 @@ halt: + /* remove qtd; it's recycled after possible urb completion */ + list_del (&qtd->qtd_list); + last = qtd; ++ ++ /* reinit the xacterr counter for the next qtd */ ++ qh->xacterrs = QH_XACTERR_MAX; + } + + /* last urb's completion might still need calling */ +@@ -862,6 +893,7 @@ static void qh_link_async (struct ehci_h + head->qh_next.qh = qh; + head->hw_next = dma; + ++ qh->xacterrs = QH_XACTERR_MAX; + qh->qh_state = QH_STATE_LINKED; + /* qtd completions reported later by interrupt */ + } diff --git a/queue-2.6.27/0009-USB-fix-USB_STORAGE_CYPRESS_ATACB.patch b/queue-2.6.27/0009-USB-fix-USB_STORAGE_CYPRESS_ATACB.patch new file mode 100644 index 00000000000..cceda456996 --- /dev/null +++ b/queue-2.6.27/0009-USB-fix-USB_STORAGE_CYPRESS_ATACB.patch @@ -0,0 +1,72 @@ +From 760053b6503cd73758f4994a8305d4bc6f97fcfc Mon Sep 17 00:00:00 2001 +From: Boaz Harrosh +Date: Thu, 26 Mar 2009 18:25:07 +0000 +Subject: USB: fix USB_STORAGE_CYPRESS_ATACB + +upstream commit: 1f4159c1620f74377e26d8a569d10ca5907ef475 + +commit 64a87b24: [SCSI] Let scsi_cmnd->cmnd use request->cmd buffer +changed the scsi_eh_prep_cmnd logic by making it clear +the ->cmnd buffer. But the sat to cypress atacb translation supposed +the ->cmnd buffer wasn't modified. + +This patch makes it set the ->cmnd buffer after scsi_eh_prep_cmnd call. +The problem and a fix was reported by Matthieu CASTET + +It also removes all the hackery fiddling of scsi_cmnd and scsi_eh_save by +requesting from scsi_eh_prep_cmnd to prepare a read into ->sense_buffer, +which is much more suitable a buffer for HW transfers, then after the command +execution the regs read is copied into regs buffer before actual preparation +of sense_buffer. + +Also fix an alien comment character to my utf-8 editor. + +Signed-off-by: Boaz Harrosh +Signed-off-by: Matthieu CASTET +Cc: stable +Cc: James Bottomley +Cc: Matthew Dharm +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Chris Wright +--- + drivers/usb/storage/cypress_atacb.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/drivers/usb/storage/cypress_atacb.c ++++ b/drivers/usb/storage/cypress_atacb.c +@@ -133,19 +133,18 @@ void cypress_atacb_passthrough(struct sc + + /* build the command for + * reading the ATA registers */ +- scsi_eh_prep_cmnd(srb, &ses, NULL, 0, 0); +- srb->sdb.length = sizeof(regs); +- sg_init_one(&ses.sense_sgl, regs, srb->sdb.length); +- srb->sdb.table.sgl = &ses.sense_sgl; +- srb->sc_data_direction = DMA_FROM_DEVICE; +- srb->sdb.table.nents = 1; ++ scsi_eh_prep_cmnd(srb, &ses, NULL, 0, sizeof(regs)); ++ + /* we use the same command as before, but we set + * the read taskfile bit, for not executing atacb command, + * but reading register selected in srb->cmnd[4] + */ ++ srb->cmd_len = 16; ++ srb->cmnd = ses.cmnd; + srb->cmnd[2] = 1; + + usb_stor_transparent_scsi_command(srb, us); ++ memcpy(regs, srb->sense_buffer, sizeof(regs)); + tmp_result = srb->result; + scsi_eh_restore_cmnd(srb, &ses); + /* we fail to get registers, report invalid command */ +@@ -162,8 +161,8 @@ void cypress_atacb_passthrough(struct sc + + /* XXX we should generate sk, asc, ascq from status and error + * regs +- * (see 11.1 Error translation ­ ATA device error to SCSI error map) +- * and ata_to_sense_error from libata. ++ * (see 11.1 Error translation ATA device error to SCSI error ++ * map, and ata_to_sense_error from libata.) + */ + + /* Sense data is current and format is descriptor. */ diff --git a/queue-2.6.27/0010-USB-usb-storage-increase-max_sectors-for-tape-driv.patch b/queue-2.6.27/0010-USB-usb-storage-increase-max_sectors-for-tape-driv.patch new file mode 100644 index 00000000000..69930b904d3 --- /dev/null +++ b/queue-2.6.27/0010-USB-usb-storage-increase-max_sectors-for-tape-driv.patch @@ -0,0 +1,39 @@ +From 7127941c0e5fb2e3c15c4507aeab939e5e686dcd Mon Sep 17 00:00:00 2001 +From: Alan Stern +Date: Thu, 26 Mar 2009 18:25:09 +0000 +Subject: USB: usb-storage: increase max_sectors for tape drives + +upstream commit: 5c16034d73da2c1b663aa25dedadbc533b3d811c + +This patch (as1203) increases the max_sector limit for USB tape +drives. By default usb-storage sets max_sectors to 240 (i.e., 120 KB) +for all devices. But tape drives need a higher limit, since tapes can +and do have very large block sizes. Without the ability to transfer +an entire large block in a single command, such tapes can't be used. + +This fixes Bugzilla #12207. + +Signed-off-by: Alan Stern +Reported-and-tested-by: Phil Mitchell +Cc: stable +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Chris Wright +--- + drivers/usb/storage/scsiglue.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/usb/storage/scsiglue.c ++++ b/drivers/usb/storage/scsiglue.c +@@ -135,6 +135,12 @@ static int slave_configure(struct scsi_d + if (sdev->request_queue->max_sectors > max_sectors) + blk_queue_max_sectors(sdev->request_queue, + max_sectors); ++ } else if (sdev->type == TYPE_TAPE) { ++ /* Tapes need much higher max_sector limits, so just ++ * raise it to the maximum possible (4 GB / 512) and ++ * let the queue segment size sort out the real limit. ++ */ ++ blk_queue_max_sectors(sdev->request_queue, 0x7FFFFF); + } + + /* We can't put these settings in slave_alloc() because that gets diff --git a/queue-2.6.27/0011-USB-gadget-fix-rndis-regression.patch b/queue-2.6.27/0011-USB-gadget-fix-rndis-regression.patch new file mode 100644 index 00000000000..a84663eae00 --- /dev/null +++ b/queue-2.6.27/0011-USB-gadget-fix-rndis-regression.patch @@ -0,0 +1,39 @@ +From e6c7f8a29d45054727c7f9334c4a42729af436cd Mon Sep 17 00:00:00 2001 +From: David Brownell +Date: Thu, 26 Mar 2009 18:25:12 +0000 +Subject: USB: gadget: fix rndis regression + +upstream commit: 090b90118207e786d2990310d063fda5d52cce6e + +Restore some code that was wrongly dropped from the RNDIS +driver, and caused interop problems observed with OpenMoko. + +The issue is with hardware which needs help conforming to part +of the USB 2.0 spec (section 8.5.3.2); some can automagically +send a ZLP in response to an unexpected IN, but not all chips +will do that. We don't need to check the packet length ourselves +the way earlier code did, since the UDC must already check it. +But we do need to tell the UDC when it must force a short packet +termination of the data stage. + +(Based on a patch from Aric D. Blumer ) + +Signed-off-by: David Brownell +Cc: stable +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Chris Wright +--- + drivers/usb/gadget/f_rndis.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/gadget/f_rndis.c ++++ b/drivers/usb/gadget/f_rndis.c +@@ -437,7 +437,7 @@ invalid: + DBG(cdev, "rndis req%02x.%02x v%04x i%04x l%d\n", + ctrl->bRequestType, ctrl->bRequest, + w_value, w_index, w_length); +- req->zero = 0; ++ req->zero = (value < w_length); + req->length = value; + value = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); + if (value < 0) diff --git a/queue-2.6.27/0012-USB-add-quirk-to-avoid-config-and-interface-strings.patch b/queue-2.6.27/0012-USB-add-quirk-to-avoid-config-and-interface-strings.patch new file mode 100644 index 00000000000..78d226386dd --- /dev/null +++ b/queue-2.6.27/0012-USB-add-quirk-to-avoid-config-and-interface-strings.patch @@ -0,0 +1,85 @@ +From a9620fdcb8dab4d05f5677110c54b74e7ce1d621 Mon Sep 17 00:00:00 2001 +From: Alan Stern +Date: Thu, 26 Mar 2009 18:25:19 +0000 +Subject: USB: add quirk to avoid config and interface strings + +upstream commit: 1662e3a7f076e51e3073faf9ce77157b529c475b + +Apparently the Configuration and Interface strings aren't used as +often as the Vendor, Product, and Serial strings. In at least one +device (a Saitek Cyborg Gold 3D joystick), attempts to read the +Configuration string cause the device to stop responding to Control +requests. + +This patch (as1226) adds a quirks flag, telling the kernel not to +read a device's Configuration or Interface strings, together with a +new quirk for the offending joystick. + +Reported-by: Melchior FRANZ +Tested-by: Melchior FRANZ +Signed-off-by: Alan Stern +Cc: stable [2.6.28 and 2.6.29, nothing earlier] +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Chris Wright +--- + drivers/usb/core/message.c | 3 ++- + drivers/usb/core/quirks.c | 4 ++++ + drivers/usb/core/sysfs.c | 4 +++- + include/linux/usb/quirks.h | 3 +++ + 4 files changed, 12 insertions(+), 2 deletions(-) + +--- a/drivers/usb/core/message.c ++++ b/drivers/usb/core/message.c +@@ -1623,7 +1623,8 @@ free_interfaces: + } + kfree(new_interfaces); + +- if (cp->string == NULL) ++ if (cp->string == NULL && ++ !(dev->quirks & USB_QUIRK_CONFIG_INTF_STRINGS)) + cp->string = usb_cache_string(dev, cp->desc.iConfiguration); + + /* Now that all the interfaces are set up, register them +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -54,6 +54,10 @@ static const struct usb_device_id usb_qu + { USB_DEVICE(0x0638, 0x0a13), .driver_info = + USB_QUIRK_STRING_FETCH_255 }, + ++ /* Saitek Cyborg Gold Joystick */ ++ { USB_DEVICE(0x06a3, 0x0006), .driver_info = ++ USB_QUIRK_CONFIG_INTF_STRINGS }, ++ + /* M-Systems Flash Disk Pioneers */ + { USB_DEVICE(0x08ec, 0x1000), .driver_info = USB_QUIRK_RESET_RESUME }, + +--- a/drivers/usb/core/sysfs.c ++++ b/drivers/usb/core/sysfs.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include "usb.h" + + /* Active configuration fields */ +@@ -823,7 +824,8 @@ int usb_create_sysfs_intf_files(struct u + * and missing in others. Hence its attribute cannot be created + * before the uevent is broadcast. + */ +- if (alt->string == NULL) ++ if (alt->string == NULL && ++ !(udev->quirks & USB_QUIRK_CONFIG_INTF_STRINGS)) + alt->string = usb_cache_string(udev, alt->desc.iInterface); + if (alt->string) + retval = device_create_file(&intf->dev, &dev_attr_interface); +--- a/include/linux/usb/quirks.h ++++ b/include/linux/usb/quirks.h +@@ -16,4 +16,7 @@ + /* device can't handle Set-Interface requests */ + #define USB_QUIRK_NO_SET_INTF 0x00000004 + ++/* device can't handle its Configuration or Interface strings */ ++#define USB_QUIRK_CONFIG_INTF_STRINGS 0x00000008 ++ + #endif /* __LINUX_USB_QUIRKS_H */ diff --git a/queue-2.6.27/0016-cifs-fix-buffer-format-byte-on-NT-Rename-hardlink.patch b/queue-2.6.27/0016-cifs-fix-buffer-format-byte-on-NT-Rename-hardlink.patch new file mode 100644 index 00000000000..bbe79189bbf --- /dev/null +++ b/queue-2.6.27/0016-cifs-fix-buffer-format-byte-on-NT-Rename-hardlink.patch @@ -0,0 +1,37 @@ +From 46d2a92135c95066364a8603297b637314a85090 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 26 Mar 2009 23:05:21 +0000 +Subject: cifs: fix buffer format byte on NT Rename/hardlink + +upstream commit: fcc7c09d94be7b75c9ea2beb22d0fae191c6b4b9 + +Discovered at Connnectathon 2009... + +The buffer format byte and the pad are transposed in NT_RENAME calls +(which are used to set hardlinks). Most servers seem to ignore this +fact, but NetApp filers throw back an error due to this problem. This +patch fixes it. + +CC: Stable +Signed-off-by: Jeff Layton +Signed-off-by: Steve French +Signed-off-by: Chris Wright +--- + fs/cifs/cifssmb.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/fs/cifs/cifssmb.c ++++ b/fs/cifs/cifssmb.c +@@ -2348,8 +2348,10 @@ winCreateHardLinkRetry: + PATH_MAX, nls_codepage, remap); + name_len++; /* trailing null */ + name_len *= 2; +- pSMB->OldFileName[name_len] = 0; /* pad */ +- pSMB->OldFileName[name_len + 1] = 0x04; ++ ++ /* protocol specifies ASCII buffer format (0x04) for unicode */ ++ pSMB->OldFileName[name_len] = 0x04; ++ pSMB->OldFileName[name_len + 1] = 0x00; /* pad */ + name_len2 = + cifsConvertToUCS((__le16 *)&pSMB->OldFileName[name_len + 2], + toName, PATH_MAX, nls_codepage, remap); diff --git a/queue-2.6.27/0019-b43-fix-b43_plcp_get_bitrate_idx_ofdm-return-type.patch b/queue-2.6.27/0019-b43-fix-b43_plcp_get_bitrate_idx_ofdm-return-type.patch new file mode 100644 index 00000000000..5d24ec46884 --- /dev/null +++ b/queue-2.6.27/0019-b43-fix-b43_plcp_get_bitrate_idx_ofdm-return-type.patch @@ -0,0 +1,32 @@ +From bf2d225b466496ff6704288bbd79fe744b399811 Mon Sep 17 00:00:00 2001 +From: Lorenzo Nava +Date: Sat, 28 Mar 2009 01:45:06 +0000 +Subject: b43: fix b43_plcp_get_bitrate_idx_ofdm return type + +upstream commit: a3c0b87c4f21911fb7185902dd13f0e3cd7f33f7 + +This patch fixes the return type of b43_plcp_get_bitrate_idx_ofdm. If +the plcp contains an error, the function return value is 255 instead +of -1, and the packet was not dropped. This causes a warning in +__ieee80211_rx function because rate idx is out of range. + +Cc: stable@kernel.org +Signed-off-by: Lorenzo Nava +Signed-off-by: Michael Buesch +Signed-off-by: John W. Linville +Signed-off-by: Chris Wright +--- + drivers/net/wireless/b43/xmit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/b43/xmit.c ++++ b/drivers/net/wireless/b43/xmit.c +@@ -51,7 +51,7 @@ static int b43_plcp_get_bitrate_idx_cck( + } + + /* Extract the bitrate index out of an OFDM PLCP header. */ +-static u8 b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool aphy) ++static int b43_plcp_get_bitrate_idx_ofdm(struct b43_plcp_hdr6 *plcp, bool aphy) + { + int base = aphy ? 0 : 4; + diff --git a/queue-2.6.27/0022-CIFS-Fix-memory-overwrite-when-saving-nativeFileSys.patch b/queue-2.6.27/0022-CIFS-Fix-memory-overwrite-when-saving-nativeFileSys.patch new file mode 100644 index 00000000000..bedc38484b2 --- /dev/null +++ b/queue-2.6.27/0022-CIFS-Fix-memory-overwrite-when-saving-nativeFileSys.patch @@ -0,0 +1,43 @@ +From 15bd8021d870d2c4fbf8c16578d72d03cfddd3a7 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Thu, 26 Mar 2009 23:05:15 +0000 +Subject: CIFS: Fix memory overwrite when saving nativeFileSystem field during mount + +upstream commit: b363b3304bcf68c4541683b2eff70b29f0446a5b + +CIFS can allocate a few bytes to little for the nativeFileSystem field +during tree connect response processing during mount. This can result +in a "Redzone overwritten" message to be logged. + +Signed-off-by: Sridhar Vinay +Acked-by: Shirish Pargaonkar +CC: Stable +Signed-off-by: Steve French +[chrisw: minor backport to CHANGES file] +Signed-off-by: Chris Wright +--- + fs/cifs/CHANGES | 3 +++ + fs/cifs/connect.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/cifs/CHANGES ++++ b/fs/cifs/CHANGES +@@ -1,4 +1,7 @@ + Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS. ++Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too ++little memory for the "nativeFileSystem" field returned by the server ++during mount). + + Version 1.54 + ------------ +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -3549,7 +3549,7 @@ CIFSTCon(unsigned int xid, struct cifsSe + BCC(smb_buffer_response)) { + kfree(tcon->nativeFileSystem); + tcon->nativeFileSystem = +- kzalloc(length + 2, GFP_KERNEL); ++ kzalloc(2*(length + 1), GFP_KERNEL); + if (tcon->nativeFileSystem) + cifs_strfromUCS_le( + tcon->nativeFileSystem, diff --git a/queue-2.6.27/0032-Add-a-missing-unlock_kernel-in-raw_open.patch b/queue-2.6.27/0032-Add-a-missing-unlock_kernel-in-raw_open.patch new file mode 100644 index 00000000000..0560eb53b7f --- /dev/null +++ b/queue-2.6.27/0032-Add-a-missing-unlock_kernel-in-raw_open.patch @@ -0,0 +1,25 @@ +From ce6d13d7f44cb05c007ed804c0c20cfda9d2f94a Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Mon, 30 Mar 2009 18:50:16 +0000 +Subject: Add a missing unlock_kernel() in raw_open() + +upstream commit: 996ff68d8b358885c1de82a45517c607999947c7 + +Cc: stable@kernel.org +Signed-off-by: Dan Carpenter +Signed-off-by: Jonathan Corbet +Signed-off-by: Chris Wright +--- + drivers/char/raw.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/char/raw.c ++++ b/drivers/char/raw.c +@@ -90,6 +90,7 @@ out1: + blkdev_put(bdev); + out: + mutex_unlock(&raw_mutex); ++ unlock_kernel(); + return err; + } + diff --git a/queue-2.6.27/0033-x86-PAT-PCI-Change-vma-prot-in-pci_mmap-to-reflec.patch b/queue-2.6.27/0033-x86-PAT-PCI-Change-vma-prot-in-pci_mmap-to-reflec.patch new file mode 100644 index 00000000000..72826e2e4e3 --- /dev/null +++ b/queue-2.6.27/0033-x86-PAT-PCI-Change-vma-prot-in-pci_mmap-to-reflec.patch @@ -0,0 +1,44 @@ +From e1b427acc979431fc7f57a06d0c636c542fdffcc Mon Sep 17 00:00:00 2001 +From: Pallipadi, Venkatesh +Date: Mon, 30 Mar 2009 18:50:19 +0000 +Subject: x86, PAT, PCI: Change vma prot in pci_mmap to reflect inherited prot + +upstream commit: 9cdec049389ce2c324fd1ec508a71528a27d4a07 + +While looking at the issue in the thread: + + http://marc.info/?l=dri-devel&m=123606627824556&w=2 + +noticed a bug in pci PAT code and memory type setting. + +PCI mmap code did not set the proper protection in vma, when it +inherited protection in reserve_memtype. This bug only affects +the case where there exists a WC mapping before X does an mmap +with /proc or /sys pci interface. This will cause X userlevel +mmap from /proc or /sysfs to fail on fork. + +Reported-by: Kevin Winchester +Signed-off-by: Venkatesh Pallipadi +Signed-off-by: Suresh Siddha +Cc: Jesse Barnes +Cc: Dave Airlie +Cc: +LKML-Reference: <20090323190720.GA16831@linux-os.sc.intel.com> +Signed-off-by: Ingo Molnar +Signed-off-by: Chris Wright +--- + arch/x86/pci/i386.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/pci/i386.c ++++ b/arch/x86/pci/i386.c +@@ -326,6 +326,9 @@ int pci_mmap_page_range(struct pci_dev * + return -EINVAL; + } + flags = new_flags; ++ vma->vm_page_prot = __pgprot( ++ (pgprot_val(vma->vm_page_prot) & ~_PAGE_CACHE_MASK) | ++ flags); + } + + if (((vma->vm_pgoff < max_low_pfn_mapped) || diff --git a/queue-2.6.27/0037-x86-mtrr-don-t-modify-RdDram-WrDram-bits-of-fixed.patch b/queue-2.6.27/0037-x86-mtrr-don-t-modify-RdDram-WrDram-bits-of-fixed.patch new file mode 100644 index 00000000000..ecd54e6de90 --- /dev/null +++ b/queue-2.6.27/0037-x86-mtrr-don-t-modify-RdDram-WrDram-bits-of-fixed.patch @@ -0,0 +1,164 @@ +From 67df6428d5c5a27061d94c6c9d0e844401638be5 Mon Sep 17 00:00:00 2001 +From: Andreas Herrmann +Date: Mon, 30 Mar 2009 18:50:32 +0000 +Subject: x86: mtrr: don't modify RdDram/WrDram bits of fixed MTRRs + +upstream commit: 3ff42da5048649503e343a32be37b14a6a4e8aaf + +Impact: bug fix + BIOS workaround + +BIOS is expected to clear the SYSCFG[MtrrFixDramModEn] on AMD CPUs +after fixed MTRRs are configured. + +Some BIOSes do not clear SYSCFG[MtrrFixDramModEn] on BP (and on APs). + +This can lead to obfuscation in Linux when this bit is not cleared on +BP but cleared on APs. A consequence of this is that the saved +fixed-MTRR state (from BP) differs from the fixed-MTRRs of APs -- +because RdDram/WrDram bits are read as zero when +SYSCFG[MtrrFixDramModEn] is cleared -- and Linux tries to sync +fixed-MTRR state from BP to AP. This implies that Linux sets +SYSCFG[MtrrFixDramEn] and activates those bits. + +More important is that (some) systems change these bits in SMM when +ACPI is enabled. Hence it is racy if Linux modifies RdMem/WrMem bits, +too. + +(1) The patch modifies an old fix from Bernhard Kaindl to get + suspend/resume working on some Acer Laptops. Bernhard's patch + tried to sync RdMem/WrMem bits of fixed MTRR registers and that + helped on those old Laptops. (Don't ask me why -- can't test it + myself). But this old problem was not the motivation for the + patch. (See http://lkml.org/lkml/2007/4/3/110) + +(2) The more important effect is to fix issues on some more current systems. + + On those systems Linux panics or just freezes, see + + http://bugzilla.kernel.org/show_bug.cgi?id=11541 + (and also duplicates of this bug: + http://bugzilla.kernel.org/show_bug.cgi?id=11737 + http://bugzilla.kernel.org/show_bug.cgi?id=11714) + + The affected systems boot only using acpi=ht, acpi=off or + when the kernel is built with CONFIG_MTRR=n. + + The acpi options prevent full enablement of ACPI. Obviously when + ACPI is enabled the BIOS/SMM modfies RdMem/WrMem bits. When + CONFIG_MTRR=y Linux also accesses and modifies those bits when it + needs to sync fixed-MTRRs across cores (Bernhard's fix, see (1)). + How do you synchronize that? You can't. As a consequence Linux + shouldn't touch those bits at all (Rationale are AMD's BKDGs which + recommend to clear the bit that makes RdMem/WrMem accessible). + This is the purpose of this patch. And (so far) this suffices to + fix (1) and (2). + +I suggest not to touch RdDram/WrDram bits of fixed-MTRRs and +SYSCFG[MtrrFixDramEn] and to clear SYSCFG[MtrrFixDramModEn] as +suggested by AMD K8, and AMD family 10h/11h BKDGs. +BIOS is expected to do this anyway. This should avoid that +Linux and SMM tread on each other's toes ... + +Signed-off-by: Andreas Herrmann +Cc: trenn@suse.de +Cc: Yinghai Lu +LKML-Reference: <20090312163937.GH20716@alberich.amd.com> +Cc: +Signed-off-by: Ingo Molnar +Signed-off-by: Chris Wright +--- + arch/x86/kernel/cpu/mtrr/generic.c | 51 +++++++++++++++++++++---------------- + 1 file changed, 30 insertions(+), 21 deletions(-) + +--- a/arch/x86/kernel/cpu/mtrr/generic.c ++++ b/arch/x86/kernel/cpu/mtrr/generic.c +@@ -45,6 +45,32 @@ u64 mtrr_tom2; + static int mtrr_show; + module_param_named(show, mtrr_show, bool, 0); + ++/** ++ * BIOS is expected to clear MtrrFixDramModEn bit, see for example ++ * "BIOS and Kernel Developer's Guide for the AMD Athlon 64 and AMD ++ * Opteron Processors" (26094 Rev. 3.30 February 2006), section ++ * "13.2.1.2 SYSCFG Register": "The MtrrFixDramModEn bit should be set ++ * to 1 during BIOS initalization of the fixed MTRRs, then cleared to ++ * 0 for operation." ++ */ ++static inline void k8_check_syscfg_dram_mod_en(void) ++{ ++ u32 lo, hi; ++ ++ if (!((boot_cpu_data.x86_vendor == X86_VENDOR_AMD) && ++ (boot_cpu_data.x86 >= 0x0f))) ++ return; ++ ++ rdmsr(MSR_K8_SYSCFG, lo, hi); ++ if (lo & K8_MTRRFIXRANGE_DRAM_MODIFY) { ++ printk(KERN_ERR FW_WARN "MTRR: CPU %u: SYSCFG[MtrrFixDramModEn]" ++ " not cleared by BIOS, clearing this bit\n", ++ smp_processor_id()); ++ lo &= ~K8_MTRRFIXRANGE_DRAM_MODIFY; ++ mtrr_wrmsr(MSR_K8_SYSCFG, lo, hi); ++ } ++} ++ + /* + * Returns the effective MTRR type for the region + * Error returns: +@@ -178,6 +204,8 @@ get_fixed_ranges(mtrr_type * frs) + unsigned int *p = (unsigned int *) frs; + int i; + ++ k8_check_syscfg_dram_mod_en(); ++ + rdmsr(MTRRfix64K_00000_MSR, p[0], p[1]); + + for (i = 0; i < 2; i++) +@@ -312,27 +340,10 @@ void mtrr_wrmsr(unsigned msr, unsigned a + } + + /** +- * Enable and allow read/write of extended fixed-range MTRR bits on K8 CPUs +- * see AMD publication no. 24593, chapter 3.2.1 for more information +- */ +-static inline void k8_enable_fixed_iorrs(void) +-{ +- unsigned lo, hi; +- +- rdmsr(MSR_K8_SYSCFG, lo, hi); +- mtrr_wrmsr(MSR_K8_SYSCFG, lo +- | K8_MTRRFIXRANGE_DRAM_ENABLE +- | K8_MTRRFIXRANGE_DRAM_MODIFY, hi); +-} +- +-/** + * set_fixed_range - checks & updates a fixed-range MTRR if it differs from the value it should have + * @msr: MSR address of the MTTR which should be checked and updated + * @changed: pointer which indicates whether the MTRR needed to be changed + * @msrwords: pointer to the MSR values which the MSR should have +- * +- * If K8 extentions are wanted, update the K8 SYSCFG MSR also. +- * See AMD publication no. 24593, chapter 7.8.1, page 233 for more information. + */ + static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) + { +@@ -341,10 +352,6 @@ static void set_fixed_range(int msr, boo + rdmsr(msr, lo, hi); + + if (lo != msrwords[0] || hi != msrwords[1]) { +- if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD && +- (boot_cpu_data.x86 >= 0x0f && boot_cpu_data.x86 <= 0x11) && +- ((msrwords[0] | msrwords[1]) & K8_MTRR_RDMEM_WRMEM_MASK)) +- k8_enable_fixed_iorrs(); + mtrr_wrmsr(msr, msrwords[0], msrwords[1]); + *changed = true; + } +@@ -428,6 +435,8 @@ static int set_fixed_ranges(mtrr_type * + bool changed = false; + int block=-1, range; + ++ k8_check_syscfg_dram_mod_en(); ++ + while (fixed_range_blocks[++block].ranges) + for (range=0; range < fixed_range_blocks[block].ranges; range++) + set_fixed_range(fixed_range_blocks[block].base_msr + range, diff --git a/queue-2.6.27/series b/queue-2.6.27/series new file mode 100644 index 00000000000..ec4964e115a --- /dev/null +++ b/queue-2.6.27/series @@ -0,0 +1,11 @@ +0008-USB-EHCI-add-software-retry-for-transaction-errors.patch +0009-USB-fix-USB_STORAGE_CYPRESS_ATACB.patch +0010-USB-usb-storage-increase-max_sectors-for-tape-driv.patch +0011-USB-gadget-fix-rndis-regression.patch +0012-USB-add-quirk-to-avoid-config-and-interface-strings.patch +0016-cifs-fix-buffer-format-byte-on-NT-Rename-hardlink.patch +0019-b43-fix-b43_plcp_get_bitrate_idx_ofdm-return-type.patch +0022-CIFS-Fix-memory-overwrite-when-saving-nativeFileSys.patch +0032-Add-a-missing-unlock_kernel-in-raw_open.patch +0033-x86-PAT-PCI-Change-vma-prot-in-pci_mmap-to-reflec.patch +0037-x86-mtrr-don-t-modify-RdDram-WrDram-bits-of-fixed.patch