From: Greg Kroah-Hartman Date: Wed, 7 Mar 2007 00:06:05 +0000 (-0800) Subject: 2.6.20-stable patches added X-Git-Tag: v2.6.20.2~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=40313dc065ec4295b42c4bd484806bc7abc6e5a4;p=thirdparty%2Fkernel%2Fstable-queue.git 2.6.20-stable patches added --- diff --git a/queue-2.6.20/bcm43xx-fix-for-oops-on-ampdu-status.patch b/queue-2.6.20/bcm43xx-fix-for-oops-on-ampdu-status.patch new file mode 100644 index 00000000000..9cf559f5e45 --- /dev/null +++ b/queue-2.6.20/bcm43xx-fix-for-oops-on-ampdu-status.patch @@ -0,0 +1,59 @@ +From stable-bounces@linux.kernel.org Tue Feb 6 09:48:54 2007 +From: Larry Finger +Date: Tue, 06 Feb 2007 11:47:08 -0600 +Subject: bcm43xx: Fix for oops on ampdu status +To: stable@kernel.org +Message-ID: <45c8bf1c.IH7oaV4p9jun1avR%Larry.Finger@lwfinger.net> + + +From: Michael Buesch + +If bcm43xx were to process an afterburner (ampdu) status response, Linux would oops. The +ampdu and intermediate status bits are properly named. + +Signed-off-by: Michael Buesch +Signed-off-by: Larry Finger +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/bcm43xx/bcm43xx_main.c | 8 +++----- + drivers/net/wireless/bcm43xx/bcm43xx_xmit.h | 10 ++-------- + 2 files changed, 5 insertions(+), 13 deletions(-) + +--- linux-2.6.20.1.orig/drivers/net/wireless/bcm43xx/bcm43xx_main.c ++++ linux-2.6.20.1/drivers/net/wireless/bcm43xx/bcm43xx_main.c +@@ -1453,12 +1453,10 @@ static void handle_irq_transmit_status(s + + bcm43xx_debugfs_log_txstat(bcm, &stat); + +- if (stat.flags & BCM43xx_TXSTAT_FLAG_IGNORE) ++ if (stat.flags & BCM43xx_TXSTAT_FLAG_AMPDU) ++ continue; ++ if (stat.flags & BCM43xx_TXSTAT_FLAG_INTER) + continue; +- if (!(stat.flags & BCM43xx_TXSTAT_FLAG_ACK)) { +- //TODO: packet was not acked (was lost) +- } +- //TODO: There are more (unknown) flags to test. see bcm43xx_main.h + + if (bcm43xx_using_pio(bcm)) + bcm43xx_pio_handle_xmitstatus(bcm, &stat); +--- linux-2.6.20.1.orig/drivers/net/wireless/bcm43xx/bcm43xx_xmit.h ++++ linux-2.6.20.1/drivers/net/wireless/bcm43xx/bcm43xx_xmit.h +@@ -137,14 +137,8 @@ struct bcm43xx_xmitstatus { + u16 unknown; //FIXME + }; + +-#define BCM43xx_TXSTAT_FLAG_ACK 0x01 +-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x02 +-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x04 +-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x08 +-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x10 +-#define BCM43xx_TXSTAT_FLAG_IGNORE 0x20 +-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x40 +-//TODO #define BCM43xx_TXSTAT_FLAG_??? 0x80 ++#define BCM43xx_TXSTAT_FLAG_AMPDU 0x10 ++#define BCM43xx_TXSTAT_FLAG_INTER 0x20 + + u8 bcm43xx_plcp_get_ratecode_cck(const u8 bitrate); + u8 bcm43xx_plcp_get_ratecode_ofdm(const u8 bitrate); diff --git a/queue-2.6.20/bcm43xx-fix-for-oops-on-resume.patch b/queue-2.6.20/bcm43xx-fix-for-oops-on-resume.patch new file mode 100644 index 00000000000..65095a1c29e --- /dev/null +++ b/queue-2.6.20/bcm43xx-fix-for-oops-on-resume.patch @@ -0,0 +1,28 @@ +From stable-bounces@linux.kernel.org Tue Feb 6 09:44:09 2007 +From: Larry Finger +Date: Tue, 06 Feb 2007 11:42:43 -0600 +Subject: bcm43xx: Fix for oops on resume +To: stable@kernel.org +Message-ID: <45c8be13.DBM29/YHWCi+ZIW2%Larry.Finger@lwfinger.net> + + +There is a kernel oops on bcm43xx when resuming due to an overly tight timeout loop. + +Signed-off-by: Larry Finger +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/bcm43xx/bcm43xx.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.20.1.orig/drivers/net/wireless/bcm43xx/bcm43xx.h ++++ linux-2.6.20.1/drivers/net/wireless/bcm43xx/bcm43xx.h +@@ -21,7 +21,7 @@ + #define PFX KBUILD_MODNAME ": " + + #define BCM43xx_SWITCH_CORE_MAX_RETRIES 50 +-#define BCM43xx_IRQWAIT_MAX_RETRIES 50 ++#define BCM43xx_IRQWAIT_MAX_RETRIES 100 + + #define BCM43xx_IO_SIZE 8192 + diff --git a/queue-2.6.20/ide-fix-drive-side-80c-cable-check.patch b/queue-2.6.20/ide-fix-drive-side-80c-cable-check.patch new file mode 100644 index 00000000000..5c4b6247474 --- /dev/null +++ b/queue-2.6.20/ide-fix-drive-side-80c-cable-check.patch @@ -0,0 +1,35 @@ +From stable-bounces@linux.kernel.org Mon Feb 5 04:48:48 2007 +From: Tejun Heo +Date: Mon, 5 Feb 2007 21:47:13 +0900 +Subject: ide: fix drive side 80c cable check +To: Alan +Cc: linux-ide@vger.kernel.org, stable@kernel.org, bzolnier@gmail.com +Message-ID: <20070205124713.GL1625@htj.dyndns.org> +Content-Disposition: inline + + +eighty_ninty_three() had word 93 validitity check but not the 80c bit +test itself (bit 12). This increases the chance of incorrect wire +detection especially because host side cable detection is often +unreliable and we sometimes soley depend on drive side cable +detection. Fix it. + +Signed-off-by: Tejun Heo +Acked-by: Alan +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ide/ide-iops.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- linux-2.6.20.1.orig/drivers/ide/ide-iops.c ++++ linux-2.6.20.1/drivers/ide/ide-iops.c +@@ -607,6 +607,8 @@ u8 eighty_ninty_three (ide_drive_t *driv + if(!(drive->id->hw_config & 0x4000)) + return 0; + #endif /* CONFIG_IDEDMA_IVB */ ++ if (!(drive->id->hw_config & 0x2000)) ++ return 0; + return 1; + } + diff --git a/queue-2.6.20/keys-fix-key-serial-number-collision-handling.patch b/queue-2.6.20/keys-fix-key-serial-number-collision-handling.patch new file mode 100644 index 00000000000..2e2ab72ef42 --- /dev/null +++ b/queue-2.6.20/keys-fix-key-serial-number-collision-handling.patch @@ -0,0 +1,98 @@ +From stable-bounces@linux.kernel.org Fri Feb 9 06:31:02 2007 +From: Chuck Ebbert +Date: Fri, 09 Feb 2007 09:30:37 -0500 +Subject: Keys: Fix key serial number collision handling +To: linux-stable +Message-ID: <45CC858D.3090900@redhat.com> + +From: David Howells + +[PATCH] Keys: Fix key serial number collision handling + +Fix the key serial number collision avoidance code in key_alloc_serial(). + +This didn't use to be so much of a problem as the key serial numbers were +allocated from a simple incremental counter, and it would have to go through +two billion keys before it could possibly encounter a collision. However, now +that random numbers are used instead, collisions are much more likely. + +This is fixed by finding a hole in the rbtree where the next unused serial +number ought to be and using that by going almost back to the top of the +insertion routine and redoing the insertion with the new serial number rather +than trying to be clever and attempting to work out the insertion point +pointer directly. + +This fixes kernel BZ #7727. + +Signed-off-by: David Howells +Cc: Chuck Ebbert +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + security/keys/key.c | 33 ++++++++++++++------------------- + 1 file changed, 14 insertions(+), 19 deletions(-) + +--- linux-2.6.20.1.orig/security/keys/key.c ++++ linux-2.6.20.1/security/keys/key.c +@@ -188,6 +188,7 @@ static inline void key_alloc_serial(stru + + spin_lock(&key_serial_lock); + ++attempt_insertion: + parent = NULL; + p = &key_serial_tree.rb_node; + +@@ -202,39 +203,33 @@ static inline void key_alloc_serial(stru + else + goto serial_exists; + } +- goto insert_here; ++ ++ /* we've found a suitable hole - arrange for this key to occupy it */ ++ rb_link_node(&key->serial_node, parent, p); ++ rb_insert_color(&key->serial_node, &key_serial_tree); ++ ++ spin_unlock(&key_serial_lock); ++ return; + + /* we found a key with the proposed serial number - walk the tree from + * that point looking for the next unused serial number */ + serial_exists: + for (;;) { + key->serial++; +- if (key->serial < 2) +- key->serial = 2; +- +- if (!rb_parent(parent)) +- p = &key_serial_tree.rb_node; +- else if (rb_parent(parent)->rb_left == parent) +- p = &(rb_parent(parent)->rb_left); +- else +- p = &(rb_parent(parent)->rb_right); ++ if (key->serial < 3) { ++ key->serial = 3; ++ goto attempt_insertion; ++ } + + parent = rb_next(parent); + if (!parent) +- break; ++ goto attempt_insertion; + + xkey = rb_entry(parent, struct key, serial_node); + if (key->serial < xkey->serial) +- goto insert_here; ++ goto attempt_insertion; + } + +- /* we've found a suitable hole - arrange for this key to occupy it */ +-insert_here: +- rb_link_node(&key->serial_node, parent, p); +- rb_insert_color(&key->serial_node, &key_serial_tree); +- +- spin_unlock(&key_serial_lock); +- + } /* end key_alloc_serial() */ + + /*****************************************************************************/ diff --git a/queue-2.6.20/knfsd-fix-a-race-in-closing-nfsd-connections.patch b/queue-2.6.20/knfsd-fix-a-race-in-closing-nfsd-connections.patch new file mode 100644 index 00000000000..5da4d15d9c8 --- /dev/null +++ b/queue-2.6.20/knfsd-fix-a-race-in-closing-nfsd-connections.patch @@ -0,0 +1,207 @@ +From stable-bounces@linux.kernel.org Tue Feb 6 16:12:22 2007 +From: NeilBrown +Date: Wed, 7 Feb 2007 11:10:26 +1100 +Subject: knfsd: Fix a race in closing NFSd connections. +To: Andrew Morton +Cc: nfs@lists.sourceforge.net, stable@kernel.org, linux-kernel@vger.kernel.org +Message-ID: <1070207001026.9413@suse.de> + +If you lose this race, it can iput a socket inode twice and you +get a BUG in fs/inode.c + +When I added the option for user-space to close a socket, +I added some cruft to svc_delete_socket so that I could call +that function when closing a socket per user-space request. + +This was the wrong thing to do. I should have just set SK_CLOSE +and let normal mechanisms do the work. + +Not only wrong, but buggy. The locking is all wrong and it openned +up a race where-by a socket could be closed twice. + +So this patch: + Introduces svc_close_socket which sets SK_CLOSE then either leave + the close up to a thread, or calls svc_delete_socket if it can + get SK_BUSY. + + Adds a bias to sk_busy which is removed when SK_DEAD is set, + This avoid races around shutting down the socket. + + Changes several 'spin_lock' to 'spin_lock_bh' where the _bh + was missing. + +Bugzilla-url: http://bugzilla.kernel.org/show_bug.cgi?id=7916 + +Signed-off-by: Neil Brown +Signed-off-by: Greg Kroah-Hartman + + +--- + include/linux/sunrpc/svcsock.h | 2 - + net/sunrpc/svc.c | 4 +-- + net/sunrpc/svcsock.c | 52 +++++++++++++++++++++++++++++------------ + 3 files changed, 41 insertions(+), 17 deletions(-) + +--- linux-2.6.20.1.orig/include/linux/sunrpc/svcsock.h ++++ linux-2.6.20.1/include/linux/sunrpc/svcsock.h +@@ -63,7 +63,7 @@ struct svc_sock { + * Function prototypes. + */ + int svc_makesock(struct svc_serv *, int, unsigned short); +-void svc_delete_socket(struct svc_sock *); ++void svc_close_socket(struct svc_sock *); + int svc_recv(struct svc_rqst *, long); + int svc_send(struct svc_rqst *); + void svc_drop(struct svc_rqst *); +--- linux-2.6.20.1.orig/net/sunrpc/svc.c ++++ linux-2.6.20.1/net/sunrpc/svc.c +@@ -386,7 +386,7 @@ svc_destroy(struct svc_serv *serv) + svsk = list_entry(serv->sv_tempsocks.next, + struct svc_sock, + sk_list); +- svc_delete_socket(svsk); ++ svc_close_socket(svsk); + } + if (serv->sv_shutdown) + serv->sv_shutdown(serv); +@@ -395,7 +395,7 @@ svc_destroy(struct svc_serv *serv) + svsk = list_entry(serv->sv_permsocks.next, + struct svc_sock, + sk_list); +- svc_delete_socket(svsk); ++ svc_close_socket(svsk); + } + + cache_clean_deferred(serv); +--- linux-2.6.20.1.orig/net/sunrpc/svcsock.c ++++ linux-2.6.20.1/net/sunrpc/svcsock.c +@@ -62,6 +62,12 @@ + * after a clear, the socket must be read/accepted + * if this succeeds, it must be set again. + * SK_CLOSE can set at any time. It is never cleared. ++ * sk_inuse contains a bias of '1' until SK_DEAD is set. ++ * so when sk_inuse hits zero, we know the socket is dead ++ * and no-one is using it. ++ * SK_DEAD can only be set while SK_BUSY is held which ensures ++ * no other thread will be using the socket or will try to ++ * set SK_DEAD. + * + */ + +@@ -70,6 +76,7 @@ + + static struct svc_sock *svc_setup_socket(struct svc_serv *, struct socket *, + int *errp, int pmap_reg); ++static void svc_delete_socket(struct svc_sock *svsk); + static void svc_udp_data_ready(struct sock *, int); + static int svc_udp_recvfrom(struct svc_rqst *); + static int svc_udp_sendto(struct svc_rqst *); +@@ -329,8 +336,9 @@ void svc_reserve(struct svc_rqst *rqstp, + static inline void + svc_sock_put(struct svc_sock *svsk) + { +- if (atomic_dec_and_test(&svsk->sk_inuse) && +- test_bit(SK_DEAD, &svsk->sk_flags)) { ++ if (atomic_dec_and_test(&svsk->sk_inuse)) { ++ BUG_ON(! test_bit(SK_DEAD, &svsk->sk_flags)); ++ + dprintk("svc: releasing dead socket\n"); + if (svsk->sk_sock->file) + sockfd_put(svsk->sk_sock); +@@ -520,7 +528,7 @@ svc_sock_names(char *buf, struct svc_ser + + if (!serv) + return 0; +- spin_lock(&serv->sv_lock); ++ spin_lock_bh(&serv->sv_lock); + list_for_each_entry(svsk, &serv->sv_permsocks, sk_list) { + int onelen = one_sock_name(buf+len, svsk); + if (toclose && strcmp(toclose, buf+len) == 0) +@@ -528,12 +536,12 @@ svc_sock_names(char *buf, struct svc_ser + else + len += onelen; + } +- spin_unlock(&serv->sv_lock); ++ spin_unlock_bh(&serv->sv_lock); + if (closesk) + /* Should unregister with portmap, but you cannot + * unregister just one protocol... + */ +- svc_delete_socket(closesk); ++ svc_close_socket(closesk); + else if (toclose) + return -ENOENT; + return len; +@@ -683,6 +691,11 @@ svc_udp_recvfrom(struct svc_rqst *rqstp) + return svc_deferred_recv(rqstp); + } + ++ if (test_bit(SK_CLOSE, &svsk->sk_flags)) { ++ svc_delete_socket(svsk); ++ return 0; ++ } ++ + clear_bit(SK_DATA, &svsk->sk_flags); + while ((skb = skb_recv_datagram(svsk->sk_sk, 0, 1, &err)) == NULL) { + if (err == -EAGAIN) { +@@ -1176,7 +1189,8 @@ svc_tcp_sendto(struct svc_rqst *rqstp) + rqstp->rq_sock->sk_server->sv_name, + (sent<0)?"got error":"sent only", + sent, xbufp->len); +- svc_delete_socket(rqstp->rq_sock); ++ set_bit(SK_CLOSE, &rqstp->rq_sock->sk_flags); ++ svc_sock_enqueue(rqstp->rq_sock); + sent = -EAGAIN; + } + return sent; +@@ -1495,7 +1509,7 @@ svc_setup_socket(struct svc_serv *serv, + svsk->sk_odata = inet->sk_data_ready; + svsk->sk_owspace = inet->sk_write_space; + svsk->sk_server = serv; +- atomic_set(&svsk->sk_inuse, 0); ++ atomic_set(&svsk->sk_inuse, 1); + svsk->sk_lastrecv = get_seconds(); + spin_lock_init(&svsk->sk_defer_lock); + INIT_LIST_HEAD(&svsk->sk_deferred); +@@ -1618,7 +1632,7 @@ bummer: + /* + * Remove a dead socket + */ +-void ++static void + svc_delete_socket(struct svc_sock *svsk) + { + struct svc_serv *serv; +@@ -1644,16 +1658,26 @@ svc_delete_socket(struct svc_sock *svsk) + * while still attached to a queue, the queue itself + * is about to be destroyed (in svc_destroy). + */ +- if (!test_and_set_bit(SK_DEAD, &svsk->sk_flags)) ++ if (!test_and_set_bit(SK_DEAD, &svsk->sk_flags)) { ++ BUG_ON(atomic_read(&svsk->sk_inuse)<2); ++ atomic_dec(&svsk->sk_inuse); + if (test_bit(SK_TEMP, &svsk->sk_flags)) + serv->sv_tmpcnt--; ++ } + +- /* This atomic_inc should be needed - svc_delete_socket +- * should have the semantic of dropping a reference. +- * But it doesn't yet.... +- */ +- atomic_inc(&svsk->sk_inuse); + spin_unlock_bh(&serv->sv_lock); ++} ++ ++void svc_close_socket(struct svc_sock *svsk) ++{ ++ set_bit(SK_CLOSE, &svsk->sk_flags); ++ if (test_and_set_bit(SK_BUSY, &svsk->sk_flags)) ++ /* someone else will have to effect the close */ ++ return; ++ ++ atomic_inc(&svsk->sk_inuse); ++ svc_delete_socket(svsk); ++ clear_bit(SK_BUSY, &svsk->sk_flags); + svc_sock_put(svsk); + } + diff --git a/queue-2.6.20/pata_amd-fix-an-obvious-bug-in-cable-detection.patch b/queue-2.6.20/pata_amd-fix-an-obvious-bug-in-cable-detection.patch new file mode 100644 index 00000000000..e06e261d279 --- /dev/null +++ b/queue-2.6.20/pata_amd-fix-an-obvious-bug-in-cable-detection.patch @@ -0,0 +1,40 @@ +From stable-bounces@linux.kernel.org Mon Feb 5 00:02:58 2007 +From: Tejun Heo +Date: Mon, 5 Feb 2007 17:01:28 +0900 +Subject: pata_amd: fix an obvious bug in cable detection +To: Jeff Garzik , Alan Cox , linux-ide@vger.kernel.org +Cc: stable@kernel.org +Message-ID: <20070205080128.GH1625@htj.dyndns.org> +Content-Disposition: inline + + +80c test mask is at bits 18 and 19 of EIDE Controller Configuration +not 22 and 23. Fix it. + +Signed-off-by: Tejun Heo +Acked-by: Alan Cox + +--- + drivers/ata/pata_amd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- linux-2.6.20.1.orig/drivers/ata/pata_amd.c ++++ linux-2.6.20.1/drivers/ata/pata_amd.c +@@ -128,7 +128,7 @@ static void timing_setup(struct ata_port + + static int amd_pre_reset(struct ata_port *ap) + { +- static const u32 bitmask[2] = {0x03, 0xC0}; ++ static const u32 bitmask[2] = {0x03, 0x0C}; + static const struct pci_bits amd_enable_bits[] = { + { 0x40, 1, 0x02, 0x02 }, + { 0x40, 1, 0x01, 0x01 } +@@ -247,7 +247,7 @@ static void amd133_set_dmamode(struct at + */ + + static int nv_pre_reset(struct ata_port *ap) { +- static const u8 bitmask[2] = {0x03, 0xC0}; ++ static const u8 bitmask[2] = {0x03, 0x0C}; + static const struct pci_bits nv_enable_bits[] = { + { 0x50, 1, 0x02, 0x02 }, + { 0x50, 1, 0x01, 0x01 } diff --git a/queue-2.6.20/prism54-correct-assignment-of-dot1xenable-in-we-19-codepaths.patch b/queue-2.6.20/prism54-correct-assignment-of-dot1xenable-in-we-19-codepaths.patch new file mode 100644 index 00000000000..176cb674a4a --- /dev/null +++ b/queue-2.6.20/prism54-correct-assignment-of-dot1xenable-in-we-19-codepaths.patch @@ -0,0 +1,54 @@ +From stable-bounces@linux.kernel.org Tue Feb 13 13:05:56 2007 +From: Dan Williams +Date: Tue, 13 Feb 2007 16:07:27 -0500 +Subject: prism54: correct assignment of DOT1XENABLE in WE-19 codepaths +To: stable@kernel.org +Message-ID: <1171400848.5329.55.camel@localhost.localdomain> + + +Correct assignment of DOT1XENABLE in WE-19 codepaths. +RX_UNENCRYPTED_EAPOL = 1 really means setting DOT1XENABLE _off_, and +vice versa. The original WE-19 patch erroneously reversed that. This +patch fixes association with unencrypted and WEP networks when using +wpa_supplicant. + +It also adds two missing break statements that, left out, could result +in incorrect card configuration. + +Applies to (I think) 2.6.19 and later. + +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/prism54/isl_ioctl.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- linux-2.6.20.1.orig/drivers/net/wireless/prism54/isl_ioctl.c ++++ linux-2.6.20.1/drivers/net/wireless/prism54/isl_ioctl.c +@@ -1395,11 +1395,16 @@ static int prism54_set_auth(struct net_d + break; + + case IW_AUTH_RX_UNENCRYPTED_EAPOL: +- dot1x = param->value ? 1 : 0; ++ /* dot1x should be the opposite of RX_UNENCRYPTED_EAPOL; ++ * turn off dot1x when allowing recepit of unencrypted eapol ++ * frames, turn on dot1x when we disallow receipt ++ */ ++ dot1x = param->value ? 0x00 : 0x01; + break; + + case IW_AUTH_PRIVACY_INVOKED: + privinvoked = param->value ? 1 : 0; ++ break; + + case IW_AUTH_DROP_UNENCRYPTED: + exunencrypt = param->value ? 1 : 0; +@@ -1589,6 +1594,7 @@ static int prism54_set_encodeext(struct + } + key.type = DOT11_PRIV_TKIP; + key.length = KEY_SIZE_TKIP; ++ break; + default: + return -EINVAL; + } diff --git a/queue-2.6.20/rtc-pcf8563-detect-polarity-of-century-bit-automatically.patch b/queue-2.6.20/rtc-pcf8563-detect-polarity-of-century-bit-automatically.patch new file mode 100644 index 00000000000..ad9d587ba9d --- /dev/null +++ b/queue-2.6.20/rtc-pcf8563-detect-polarity-of-century-bit-automatically.patch @@ -0,0 +1,145 @@ +From stable-bounces@linux.kernel.org Sat Feb 3 06:18:09 2007 +From: Atsushi Nemoto +Date: Sat, 03 Feb 2007 23:16:36 +0900 (JST) +Subject: rtc-pcf8563: detect polarity of century bit automatically +To: akpm@linux-foundation.org +Cc: jean-baptiste.maneyrol@teamlog.com, a.zummo@towertech.it, dbrownell@users.sourceforge.net, torvalds@linux-foundation.org, stable@kernel.org +Message-ID: <20070203.231636.41198366.anemo@mba.ocn.ne.jp> + + +From: Atsushi Nemoto + +The usage of the century bit was inverted on 2.6.19 following to PCF8563's +description, but it was not match to usage suggested by RTC8564's +datasheet. Anyway what MO_C=1 means can vary on each platform. This patch +is to detect its polarity in get_datetime routine. The default value of +c_polarity is 0 (MO_C=1 means 19xx) so that this patch does not change +current behavior even if get_datetime was not called before set_datetime. + +Signed-off-by: Atsushi Nemoto +Cc: Jean-Baptiste Maneyrol +Cc: David Brownell +Cc: Alessandro Zummo +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/rtc/rtc-pcf8563.c | 40 ++++++++++++++++++++++++++++++++++------ + 1 file changed, 34 insertions(+), 6 deletions(-) + +--- linux-2.6.20.1.orig/drivers/rtc/rtc-pcf8563.c ++++ linux-2.6.20.1/drivers/rtc/rtc-pcf8563.c +@@ -53,6 +53,25 @@ I2C_CLIENT_INSMOD; + #define PCF8563_SC_LV 0x80 /* low voltage */ + #define PCF8563_MO_C 0x80 /* century */ + ++struct pcf8563 { ++ struct i2c_client client; ++ /* ++ * The meaning of MO_C bit varies by the chip type. ++ * From PCF8563 datasheet: this bit is toggled when the years ++ * register overflows from 99 to 00 ++ * 0 indicates the century is 20xx ++ * 1 indicates the century is 19xx ++ * From RTC8564 datasheet: this bit indicates change of ++ * century. When the year digit data overflows from 99 to 00, ++ * this bit is set. By presetting it to 0 while still in the ++ * 20th century, it will be set in year 2000, ... ++ * There seems no reliable way to know how the system use this ++ * bit. So let's do it heuristically, assuming we are live in ++ * 1970...2069. ++ */ ++ int c_polarity; /* 0: MO_C=1 means 19xx, otherwise MO_C=1 means 20xx */ ++}; ++ + static int pcf8563_probe(struct i2c_adapter *adapter, int address, int kind); + static int pcf8563_detach(struct i2c_client *client); + +@@ -62,6 +81,7 @@ static int pcf8563_detach(struct i2c_cli + */ + static int pcf8563_get_datetime(struct i2c_client *client, struct rtc_time *tm) + { ++ struct pcf8563 *pcf8563 = container_of(client, struct pcf8563, client); + unsigned char buf[13] = { PCF8563_REG_ST1 }; + + struct i2c_msg msgs[] = { +@@ -94,8 +114,12 @@ static int pcf8563_get_datetime(struct i + tm->tm_mday = BCD2BIN(buf[PCF8563_REG_DM] & 0x3F); + tm->tm_wday = buf[PCF8563_REG_DW] & 0x07; + tm->tm_mon = BCD2BIN(buf[PCF8563_REG_MO] & 0x1F) - 1; /* rtc mn 1-12 */ +- tm->tm_year = BCD2BIN(buf[PCF8563_REG_YR]) +- + (buf[PCF8563_REG_MO] & PCF8563_MO_C ? 0 : 100); ++ tm->tm_year = BCD2BIN(buf[PCF8563_REG_YR]); ++ if (tm->tm_year < 70) ++ tm->tm_year += 100; /* assume we are in 1970...2069 */ ++ /* detect the polarity heuristically. see note above. */ ++ pcf8563->c_polarity = (buf[PCF8563_REG_MO] & PCF8563_MO_C) ? ++ (tm->tm_year >= 100) : (tm->tm_year < 100); + + dev_dbg(&client->dev, "%s: tm is secs=%d, mins=%d, hours=%d, " + "mday=%d, mon=%d, year=%d, wday=%d\n", +@@ -114,6 +138,7 @@ static int pcf8563_get_datetime(struct i + + static int pcf8563_set_datetime(struct i2c_client *client, struct rtc_time *tm) + { ++ struct pcf8563 *pcf8563 = container_of(client, struct pcf8563, client); + int i, err; + unsigned char buf[9]; + +@@ -135,7 +160,7 @@ static int pcf8563_set_datetime(struct i + + /* year and century */ + buf[PCF8563_REG_YR] = BIN2BCD(tm->tm_year % 100); +- if (tm->tm_year < 100) ++ if (pcf8563->c_polarity ? (tm->tm_year >= 100) : (tm->tm_year < 100)) + buf[PCF8563_REG_MO] |= PCF8563_MO_C; + + buf[PCF8563_REG_DW] = tm->tm_wday & 0x07; +@@ -248,6 +273,7 @@ static struct i2c_driver pcf8563_driver + + static int pcf8563_probe(struct i2c_adapter *adapter, int address, int kind) + { ++ struct pcf8563 *pcf8563; + struct i2c_client *client; + struct rtc_device *rtc; + +@@ -260,11 +286,12 @@ static int pcf8563_probe(struct i2c_adap + goto exit; + } + +- if (!(client = kzalloc(sizeof(struct i2c_client), GFP_KERNEL))) { ++ if (!(pcf8563 = kzalloc(sizeof(struct pcf8563), GFP_KERNEL))) { + err = -ENOMEM; + goto exit; + } + ++ client = &pcf8563->client; + client->addr = address; + client->driver = &pcf8563_driver; + client->adapter = adapter; +@@ -301,7 +328,7 @@ exit_detach: + i2c_detach_client(client); + + exit_kfree: +- kfree(client); ++ kfree(pcf8563); + + exit: + return err; +@@ -309,6 +336,7 @@ exit: + + static int pcf8563_detach(struct i2c_client *client) + { ++ struct pcf8563 *pcf8563 = container_of(client, struct pcf8563, client); + int err; + struct rtc_device *rtc = i2c_get_clientdata(client); + +@@ -318,7 +346,7 @@ static int pcf8563_detach(struct i2c_cli + if ((err = i2c_detach_client(client))) + return err; + +- kfree(client); ++ kfree(pcf8563); + + return 0; + } diff --git a/queue-2.6.20/series b/queue-2.6.20/series index fba531ed10d..17aba4dab4f 100644 --- a/queue-2.6.20/series +++ b/queue-2.6.20/series @@ -1 +1,10 @@ ocfs2-ocfs2_link-journal-credits-update.patch +x86_64-fix-2.6.18-regression-ptrace_oldsetoptions-should-be-accepted.patch +rtc-pcf8563-detect-polarity-of-century-bit-automatically.patch +prism54-correct-assignment-of-dot1xenable-in-we-19-codepaths.patch +pata_amd-fix-an-obvious-bug-in-cable-detection.patch +knfsd-fix-a-race-in-closing-nfsd-connections.patch +keys-fix-key-serial-number-collision-handling.patch +ide-fix-drive-side-80c-cable-check.patch +bcm43xx-fix-for-oops-on-resume.patch +bcm43xx-fix-for-oops-on-ampdu-status.patch diff --git a/queue-2.6.20/x86_64-fix-2.6.18-regression-ptrace_oldsetoptions-should-be-accepted.patch b/queue-2.6.20/x86_64-fix-2.6.18-regression-ptrace_oldsetoptions-should-be-accepted.patch new file mode 100644 index 00000000000..62c452044c6 --- /dev/null +++ b/queue-2.6.20/x86_64-fix-2.6.18-regression-ptrace_oldsetoptions-should-be-accepted.patch @@ -0,0 +1,48 @@ +From stable-bounces@linux.kernel.org Wed Feb 14 18:42:06 2007 +From: "Paolo 'Blaisorblade' Giarrusso" +Date: Thu, 15 Feb 2007 03:34:23 +0100 +Subject: x86_64: fix 2.6.18 regression - PTRACE_OLDSETOPTIONS should be accepted +To: Andrew Morton , stable@kernel.org +Cc: Jeff Dike , Andi Kleen , user-mode-linux-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org +Message-ID: <11715068631914-git-send-email-blaisorblade@yahoo.it> + + +Also PTRACE_OLDSETOPTIONS should be accepted, as done by kernel/ptrace.c and +forced by binary compatibility. UML/32bit breaks because of this - since it is wise +enough to use PTRACE_OLDSETOPTIONS to be binary compatible with 2.4 host +kernels. + +Until 2.6.17 (commit f0f2d6536e3515b5b1b7ae97dc8f176860c8c2ce) we had: + + default: + return sys_ptrace(request, pid, addr, data); + +Instead here we have: + case PTRACE_GET_THREAD_AREA: + case ...: + return sys_ptrace(request, pid, addr, data); + + default: + return -EINVAL; + +This change was a style change - when a case is added, it must be explicitly +tested this way. In this case, not enough testing was done. + +Cc: Andi Kleen +Signed-off-by: Paolo 'Blaisorblade' Giarrusso +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86_64/ia32/ptrace32.c | 1 + + 1 file changed, 1 insertion(+) + +--- linux-2.6.20.1.orig/arch/x86_64/ia32/ptrace32.c ++++ linux-2.6.20.1/arch/x86_64/ia32/ptrace32.c +@@ -243,6 +243,7 @@ asmlinkage long sys32_ptrace(long reques + case PTRACE_SINGLESTEP: + case PTRACE_DETACH: + case PTRACE_SYSCALL: ++ case PTRACE_OLDSETOPTIONS: + case PTRACE_SETOPTIONS: + case PTRACE_SET_THREAD_AREA: + case PTRACE_GET_THREAD_AREA: