From: Greg Kroah-Hartman Date: Tue, 15 Sep 2009 23:48:03 +0000 (-0700) Subject: start .27 queue X-Git-Tag: v2.6.30.8~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=41aa16ac3a2820fe58dcaaa7453ee965365c8dd6;p=thirdparty%2Fkernel%2Fstable-queue.git start .27 queue --- diff --git a/queue-2.6.27/binfmt_elf-fix-pt_interp-bss-handling.patch b/queue-2.6.27/binfmt_elf-fix-pt_interp-bss-handling.patch new file mode 100644 index 00000000000..8ce84ed7639 --- /dev/null +++ b/queue-2.6.27/binfmt_elf-fix-pt_interp-bss-handling.patch @@ -0,0 +1,87 @@ +From 9f0ab4a3f0fdb1ff404d150618ace2fa069bb2e1 Mon Sep 17 00:00:00 2001 +From: Roland McGrath +Date: Tue, 8 Sep 2009 19:49:40 -0700 +Subject: binfmt_elf: fix PT_INTERP bss handling + +From: Roland McGrath + +commit 9f0ab4a3f0fdb1ff404d150618ace2fa069bb2e1 upstream. + +In fs/binfmt_elf.c, load_elf_interp() calls padzero() for .bss even if +the PT_LOAD has no PROT_WRITE and no .bss. This generates EFAULT. + +Here is a small test case. (Yes, there are other, useful PT_INTERP +which have only .text and no .data/.bss.) + + ----- ptinterp.S + _start: .globl _start + nop + int3 + ----- + $ gcc -m32 -nostartfiles -nostdlib -o ptinterp ptinterp.S + $ gcc -m32 -Wl,--dynamic-linker=ptinterp -o hello hello.c + $ ./hello + Segmentation fault # during execve() itself + + After applying the patch: + $ ./hello + Trace trap # user-mode execution after execve() finishes + +If the ELF headers are actually self-inconsistent, then dying is fine. +But having no PROT_WRITE segment is perfectly normal and correct if +there is no segment with p_memsz > p_filesz (i.e. bss). John Reiser +suggested checking for PROT_WRITE in the bss logic. I think it makes +most sense to simply apply the bss logic only when there is bss. + +This patch looks less trivial than it is due to some reindentation. +It just moves the "if (last_bss > elf_bss) {" test up to include the +partial-page bss logic as well as the more-pages bss logic. + +Reported-by: John Reiser +Signed-off-by: Roland McGrath +Signed-off-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + fs/binfmt_elf.c | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -496,22 +496,22 @@ static unsigned long load_elf_interp(str + } + } + +- /* +- * Now fill out the bss section. First pad the last page up +- * to the page boundary, and then perform a mmap to make sure +- * that there are zero-mapped pages up to and including the +- * last bss page. +- */ +- if (padzero(elf_bss)) { +- error = -EFAULT; +- goto out_close; +- } ++ if (last_bss > elf_bss) { ++ /* ++ * Now fill out the bss section. First pad the last page up ++ * to the page boundary, and then perform a mmap to make sure ++ * that there are zero-mapped pages up to and including the ++ * last bss page. ++ */ ++ if (padzero(elf_bss)) { ++ error = -EFAULT; ++ goto out_close; ++ } + +- /* What we have mapped so far */ +- elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); ++ /* What we have mapped so far */ ++ elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); + +- /* Map the last of the bss segment */ +- if (last_bss > elf_bss) { ++ /* Map the last of the bss segment */ + down_write(¤t->mm->mmap_sem); + error = do_brk(elf_bss, last_bss - elf_bss); + up_write(¤t->mm->mmap_sem); diff --git a/queue-2.6.27/powerpc-ps3-workaround-for-flash-memory-i-o-error.patch b/queue-2.6.27/powerpc-ps3-workaround-for-flash-memory-i-o-error.patch new file mode 100644 index 00000000000..029e3172041 --- /dev/null +++ b/queue-2.6.27/powerpc-ps3-workaround-for-flash-memory-i-o-error.patch @@ -0,0 +1,126 @@ +From bc00351edd5c1b84d48c3fdca740fedfce4ae6ce Mon Sep 17 00:00:00 2001 +From: Geoff Levand +Date: Wed, 9 Sep 2009 13:28:05 +0000 +Subject: powerpc/ps3: Workaround for flash memory I/O error + +From: Geoff Levand + +commit bc00351edd5c1b84d48c3fdca740fedfce4ae6ce upstream. + +A workaround for flash memory I/O errors when the PS3 internal +hard disk has not been formatted for OtherOS use. + +This error condition mainly effects 'Live CD' users who have not +formatted the PS3's internal hard disk for OtherOS. + +Fixes errors similar to these when using the ps3-flash-util +or ps3-boot-game-os programs: + + ps3flash read failed 0x2050000 + os_area_header_read: read error: os_area_header: Input/output error + main:627: os_area_read_hp error. + ERROR: can't change boot flag + +Signed-off-by: Geoff Levand +Signed-off-by: Benjamin Herrenschmidt +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ps3/ps3stor_lib.c | 65 +++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 62 insertions(+), 3 deletions(-) + +--- a/drivers/ps3/ps3stor_lib.c ++++ b/drivers/ps3/ps3stor_lib.c +@@ -23,6 +23,65 @@ + #include + #include + ++/* ++ * A workaround for flash memory I/O errors when the internal hard disk ++ * has not been formatted for OtherOS use. Delay disk close until flash ++ * memory is closed. ++ */ ++ ++static struct ps3_flash_workaround { ++ int flash_open; ++ int disk_open; ++ struct ps3_system_bus_device *disk_sbd; ++} ps3_flash_workaround; ++ ++static int ps3stor_open_hv_device(struct ps3_system_bus_device *sbd) ++{ ++ int error = ps3_open_hv_device(sbd); ++ ++ if (error) ++ return error; ++ ++ if (sbd->match_id == PS3_MATCH_ID_STOR_FLASH) ++ ps3_flash_workaround.flash_open = 1; ++ ++ if (sbd->match_id == PS3_MATCH_ID_STOR_DISK) ++ ps3_flash_workaround.disk_open = 1; ++ ++ return 0; ++} ++ ++static int ps3stor_close_hv_device(struct ps3_system_bus_device *sbd) ++{ ++ int error; ++ ++ if (sbd->match_id == PS3_MATCH_ID_STOR_DISK ++ && ps3_flash_workaround.disk_open ++ && ps3_flash_workaround.flash_open) { ++ ps3_flash_workaround.disk_sbd = sbd; ++ return 0; ++ } ++ ++ error = ps3_close_hv_device(sbd); ++ ++ if (error) ++ return error; ++ ++ if (sbd->match_id == PS3_MATCH_ID_STOR_DISK) ++ ps3_flash_workaround.disk_open = 0; ++ ++ if (sbd->match_id == PS3_MATCH_ID_STOR_FLASH) { ++ ps3_flash_workaround.flash_open = 0; ++ ++ if (ps3_flash_workaround.disk_sbd) { ++ ps3_close_hv_device(ps3_flash_workaround.disk_sbd); ++ ps3_flash_workaround.disk_open = 0; ++ ps3_flash_workaround.disk_sbd = NULL; ++ } ++ } ++ ++ return 0; ++} + + static int ps3stor_probe_access(struct ps3_storage_device *dev) + { +@@ -90,7 +149,7 @@ int ps3stor_setup(struct ps3_storage_dev + int error, res, alignment; + enum ps3_dma_page_size page_size; + +- error = ps3_open_hv_device(&dev->sbd); ++ error = ps3stor_open_hv_device(&dev->sbd); + if (error) { + dev_err(&dev->sbd.core, + "%s:%u: ps3_open_hv_device failed %d\n", __func__, +@@ -166,7 +225,7 @@ fail_free_irq: + fail_sb_event_receive_port_destroy: + ps3_sb_event_receive_port_destroy(&dev->sbd, dev->irq); + fail_close_device: +- ps3_close_hv_device(&dev->sbd); ++ ps3stor_close_hv_device(&dev->sbd); + fail: + return error; + } +@@ -193,7 +252,7 @@ void ps3stor_teardown(struct ps3_storage + "%s:%u: destroy event receive port failed %d\n", + __func__, __LINE__, error); + +- error = ps3_close_hv_device(&dev->sbd); ++ error = ps3stor_close_hv_device(&dev->sbd); + if (error) + dev_err(&dev->sbd.core, + "%s:%u: ps3_close_hv_device failed %d\n", __func__, diff --git a/queue-2.6.27/series b/queue-2.6.27/series new file mode 100644 index 00000000000..dcb060ce9c6 --- /dev/null +++ b/queue-2.6.27/series @@ -0,0 +1,4 @@ +binfmt_elf-fix-pt_interp-bss-handling.patch +powerpc-ps3-workaround-for-flash-memory-i-o-error.patch +tpm-fixup-boot-probe-timeout-for-tpm_tis-driver.patch +udf-use-device-size-when-drive-reported-bogus-number-of-written-blocks.patch diff --git a/queue-2.6.27/tpm-fixup-boot-probe-timeout-for-tpm_tis-driver.patch b/queue-2.6.27/tpm-fixup-boot-probe-timeout-for-tpm_tis-driver.patch new file mode 100644 index 00000000000..d6998454c67 --- /dev/null +++ b/queue-2.6.27/tpm-fixup-boot-probe-timeout-for-tpm_tis-driver.patch @@ -0,0 +1,55 @@ +From ec57935837a78f9661125b08a5d08b697568e040 Mon Sep 17 00:00:00 2001 +From: Jason Gunthorpe +Date: Wed, 9 Sep 2009 17:22:18 -0600 +Subject: TPM: Fixup boot probe timeout for tpm_tis driver + +From: Jason Gunthorpe + +commit ec57935837a78f9661125b08a5d08b697568e040 upstream. + +When probing the device in tpm_tis_init the call request_locality +uses timeout_a, which wasn't being initalized until after +request_locality. This results in request_locality falsely timing +out if the chip is still starting. Move the initialization to before +request_locality. + +This probably only matters for embedded cases (ie mine), a BIOS likely +gets the TPM into a state where this code path isn't necessary. + +Signed-off-by: Jason Gunthorpe +Acked-by: Rajiv Andrade +Signed-off-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tpm/tpm_tis.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/char/tpm/tpm_tis.c ++++ b/drivers/char/tpm/tpm_tis.c +@@ -450,6 +450,12 @@ static int tpm_tis_init(struct device *d + goto out_err; + } + ++ /* Default timeouts */ ++ chip->vendor.timeout_a = msecs_to_jiffies(TIS_SHORT_TIMEOUT); ++ chip->vendor.timeout_b = msecs_to_jiffies(TIS_LONG_TIMEOUT); ++ chip->vendor.timeout_c = msecs_to_jiffies(TIS_SHORT_TIMEOUT); ++ chip->vendor.timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT); ++ + if (request_locality(chip, 0) != 0) { + rc = -ENODEV; + goto out_err; +@@ -457,12 +463,6 @@ static int tpm_tis_init(struct device *d + + vendor = ioread32(chip->vendor.iobase + TPM_DID_VID(0)); + +- /* Default timeouts */ +- chip->vendor.timeout_a = msecs_to_jiffies(TIS_SHORT_TIMEOUT); +- chip->vendor.timeout_b = msecs_to_jiffies(TIS_LONG_TIMEOUT); +- chip->vendor.timeout_c = msecs_to_jiffies(TIS_SHORT_TIMEOUT); +- chip->vendor.timeout_d = msecs_to_jiffies(TIS_SHORT_TIMEOUT); +- + dev_info(dev, + "1.2 TPM (device-id 0x%X, rev-id %d)\n", + vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0))); diff --git a/queue-2.6.27/udf-use-device-size-when-drive-reported-bogus-number-of-written-blocks.patch b/queue-2.6.27/udf-use-device-size-when-drive-reported-bogus-number-of-written-blocks.patch new file mode 100644 index 00000000000..880a2d309f6 --- /dev/null +++ b/queue-2.6.27/udf-use-device-size-when-drive-reported-bogus-number-of-written-blocks.patch @@ -0,0 +1,36 @@ +From 24a5d59f3477bcff4c069ff4d0ca9a3e037d0235 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Thu, 18 Jun 2009 12:33:16 +0200 +Subject: udf: Use device size when drive reported bogus number of written blocks + +From: Jan Kara + +commit 24a5d59f3477bcff4c069ff4d0ca9a3e037d0235 upstream. + +Some drives report 0 as the number of written blocks when there are some blocks +recorded. Use device size in such case so that we can automagically mount such +media. + +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/udf/lowlevel.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/fs/udf/lowlevel.c ++++ b/fs/udf/lowlevel.c +@@ -56,7 +56,12 @@ unsigned long udf_get_last_block(struct + struct block_device *bdev = sb->s_bdev; + unsigned long lblock = 0; + +- if (ioctl_by_bdev(bdev, CDROM_LAST_WRITTEN, (unsigned long) &lblock)) ++ /* ++ * ioctl failed or returned obviously bogus value? ++ * Try using the device size... ++ */ ++ if (ioctl_by_bdev(bdev, CDROM_LAST_WRITTEN, (unsigned long) &lblock) || ++ lblock == 0) + lblock = bdev->bd_inode->i_size >> sb->s_blocksize_bits; + + if (lblock)