From: Greg Kroah-Hartman Date: Thu, 5 Aug 2010 14:57:51 +0000 (-0700) Subject: properly add the patches for the .32 queue X-Git-Tag: v2.6.27.50~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5768b69fb21fecde2805877e4de6470ae201704d;p=thirdparty%2Fkernel%2Fstable-queue.git properly add the patches for the .32 queue Bah, I messed this up... --- diff --git a/queue-2.6.32/9p-strlen-doesn-t-count-the-terminator.patch b/queue-2.6.32/9p-strlen-doesn-t-count-the-terminator.patch new file mode 100644 index 00000000000..4016ddb1627 --- /dev/null +++ b/queue-2.6.32/9p-strlen-doesn-t-count-the-terminator.patch @@ -0,0 +1,34 @@ +From 5c4bfa17f3ec46becec4b23d12323f7605ebd696 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 9 Jul 2010 23:51:54 +0000 +Subject: 9p: strlen() doesn't count the terminator + +From: Dan Carpenter + +commit 5c4bfa17f3ec46becec4b23d12323f7605ebd696 upstream. + +This is an off by one bug because strlen() doesn't count the NULL +terminator. We strcpy() addr into a fixed length array of size +UNIX_PATH_MAX later on. + +The addr variable is the name of the device being mounted. + +Signed-off-by: Dan Carpenter +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/9p/trans_fd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/9p/trans_fd.c ++++ b/net/9p/trans_fd.c +@@ -948,7 +948,7 @@ p9_fd_create_unix(struct p9_client *clie + + csocket = NULL; + +- if (strlen(addr) > UNIX_PATH_MAX) { ++ if (strlen(addr) >= UNIX_PATH_MAX) { + P9_EPRINTK(KERN_ERR, "p9_trans_unix: address too long: %s\n", + addr); + err = -ENAMETOOLONG; diff --git a/queue-2.6.32/amd64_edac-correct-scrub-rate-setting.patch b/queue-2.6.32/amd64_edac-correct-scrub-rate-setting.patch new file mode 100644 index 00000000000..9a697d1dcfa --- /dev/null +++ b/queue-2.6.32/amd64_edac-correct-scrub-rate-setting.patch @@ -0,0 +1,30 @@ +From bc57117856cf1e581135810b37d3b75f9d1749f5 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 21 May 2010 21:25:03 +0200 +Subject: amd64_edac: Correct scrub rate setting + +From: Borislav Petkov + +commit bc57117856cf1e581135810b37d3b75f9d1749f5 upstream. + +Exit early when setting scrub rate on unknown/unsupported families. + +Signed-off-by: Borislav Petkov +Acked-by: Doug Thompson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/amd64_edac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -156,7 +156,7 @@ static int amd64_set_scrub_rate(struct m + + default: + amd64_printk(KERN_ERR, "Unsupported family!\n"); +- break; ++ return -EINVAL; + } + return amd64_search_set_scrub_rate(pvt->misc_f3_ctl, *bandwidth, + min_scrubrate); diff --git a/queue-2.6.32/amd64_edac-fix-dct-base-address-selector.patch b/queue-2.6.32/amd64_edac-fix-dct-base-address-selector.patch new file mode 100644 index 00000000000..09e650a0e06 --- /dev/null +++ b/queue-2.6.32/amd64_edac-fix-dct-base-address-selector.patch @@ -0,0 +1,32 @@ +From 9975a5f22a4fcc8d08035c65439900a983f891ad Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Mon, 8 Mar 2010 18:29:35 +0100 +Subject: amd64_edac: Fix DCT base address selector + +From: Borislav Petkov + +commit 9975a5f22a4fcc8d08035c65439900a983f891ad upstream. + +The correct check is to verify whether in high range we're below 4GB +and not to extract the DctSelBaseAddr again. See "2.8.5 Routing DRAM +Requests" in the F10h BKDG. + +Signed-off-by: Borislav Petkov +Acked-by: Doug Thompson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/amd64_edac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -1491,7 +1491,7 @@ static inline u64 f10_get_base_addr_offs + u64 chan_off; + + if (hi_range_sel) { +- if (!(dct_sel_base_addr & 0xFFFFF800) && ++ if (!(dct_sel_base_addr & 0xFFFF0000) && + hole_valid && (sys_addr >= 0x100000000ULL)) + chan_off = hole_off << 16; + else diff --git a/queue-2.6.32/ath9k-enable-serialize_regmode-for-non-pcie-ar9160.patch b/queue-2.6.32/ath9k-enable-serialize_regmode-for-non-pcie-ar9160.patch new file mode 100644 index 00000000000..20f82be36ff --- /dev/null +++ b/queue-2.6.32/ath9k-enable-serialize_regmode-for-non-pcie-ar9160.patch @@ -0,0 +1,31 @@ +From 4c85ab11ca56da1aa59b58c80cc6a356515cc645 Mon Sep 17 00:00:00 2001 +From: John W. Linville +Date: Wed, 28 Jul 2010 10:06:35 -0400 +Subject: ath9k: enable serialize_regmode for non-PCIE AR9160 + +From: John W. Linville + +commit 4c85ab11ca56da1aa59b58c80cc6a356515cc645 upstream. + +https://bugzilla.kernel.org/show_bug.cgi?id=16476 + +Signed-off-by: John W. Linville +Acked-by: Luis R. Rodriguez +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/ath9k/hw.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/ath/ath9k/hw.c ++++ b/drivers/net/wireless/ath/ath9k/hw.c +@@ -929,7 +929,8 @@ int ath9k_hw_init(struct ath_hw *ah) + + if (ah->config.serialize_regmode == SER_REG_MODE_AUTO) { + if (ah->hw_version.macVersion == AR_SREV_VERSION_5416_PCI || +- (AR_SREV_9280(ah) && !ah->is_pciexpress)) { ++ ((AR_SREV_9160(ah) || AR_SREV_9280(ah)) && ++ !ah->is_pciexpress)) { + ah->config.serialize_regmode = + SER_REG_MODE_ON; + } else { diff --git a/queue-2.6.32/ath9k-fix-tsf-after-reset-on-ar913x.patch b/queue-2.6.32/ath9k-fix-tsf-after-reset-on-ar913x.patch new file mode 100644 index 00000000000..933cc84c5ee --- /dev/null +++ b/queue-2.6.32/ath9k-fix-tsf-after-reset-on-ar913x.patch @@ -0,0 +1,71 @@ +From f860d526eb2939a1c37128900b5af2b6f3ff7f20 Mon Sep 17 00:00:00 2001 +From: Felix Fietkau +Date: Wed, 30 Jun 2010 02:07:48 +0200 +Subject: ath9k: fix TSF after reset on AR913x +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Felix Fietkau + +commit f860d526eb2939a1c37128900b5af2b6f3ff7f20 upstream. + +When issuing a reset, the TSF value is lost in the hardware because of +the 913x specific cold reset. As with some AR9280 cards, the TSF needs +to be preserved in software here. + +Additionally, there's an issue that frequently prevents a successful +TSF write directly after the chip reset. In this case, repeating the +TSF write after the initval-writes usually works. + +This patch detects failed TSF writes and recovers from them, taking +into account the delay caused by the initval writes. + +Signed-off-by: Felix Fietkau +Reported-by: Björn Smedman +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/ath9k/hw.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/ath/ath9k/hw.c ++++ b/drivers/net/wireless/ath/ath9k/hw.c +@@ -2403,7 +2403,8 @@ int ath9k_hw_reset(struct ath_hw *ah, st + macStaId1 = REG_READ(ah, AR_STA_ID1) & AR_STA_ID1_BASE_RATE_11B; + + /* For chips on which RTC reset is done, save TSF before it gets cleared */ +- if (AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL)) ++ if (AR_SREV_9100(ah) || ++ (AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL))) + tsf = ath9k_hw_gettsf64(ah); + + saveLedState = REG_READ(ah, AR_CFG_LED) & +@@ -2433,7 +2434,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st + } + + /* Restore TSF */ +- if (tsf && AR_SREV_9280(ah) && ah->eep_ops->get_eeprom(ah, EEP_OL_PWRCTRL)) ++ if (tsf) + ath9k_hw_settsf64(ah, tsf); + + if (AR_SREV_9280_10_OR_LATER(ah)) +@@ -2453,6 +2454,17 @@ int ath9k_hw_reset(struct ath_hw *ah, st + if (r) + return r; + ++ /* ++ * Some AR91xx SoC devices frequently fail to accept TSF writes ++ * right after the chip reset. When that happens, write a new ++ * value after the initvals have been applied, with an offset ++ * based on measured time difference ++ */ ++ if (AR_SREV_9100(ah) && (ath9k_hw_gettsf64(ah) < tsf)) { ++ tsf += 1500; ++ ath9k_hw_settsf64(ah, tsf); ++ } ++ + /* Setup MFP options for CCMP */ + if (AR_SREV_9280_20_OR_LATER(ah)) { + /* Mask Retry(b11), PwrMgt(b12), MoreData(b13) to 0 in mgmt diff --git a/queue-2.6.32/ath9k-fix-yet-another-buffer-leak-in-the-tx-aggregation-code.patch b/queue-2.6.32/ath9k-fix-yet-another-buffer-leak-in-the-tx-aggregation-code.patch new file mode 100644 index 00000000000..9b9e02e943f --- /dev/null +++ b/queue-2.6.32/ath9k-fix-yet-another-buffer-leak-in-the-tx-aggregation-code.patch @@ -0,0 +1,57 @@ +From 4cee78614cfa046a26c4fbf313d5bbacb3ad8efc Mon Sep 17 00:00:00 2001 +From: Felix Fietkau +Date: Fri, 23 Jul 2010 03:53:16 +0200 +Subject: ath9k: fix yet another buffer leak in the tx aggregation code + +From: Felix Fietkau + +commit 4cee78614cfa046a26c4fbf313d5bbacb3ad8efc upstream. + +When an aggregation session is being cleaned up, while the tx status +for some frames is being processed, the TID is flushed and its buffers +are sent out. + +Unfortunately that left the pending un-acked frames unprocessed, thus +leaking buffers. Fix this by reordering the code so that those frames +are processed first, before the TID is flushed. + +Signed-off-by: Felix Fietkau +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/ath9k/xmit.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -423,6 +423,14 @@ static void ath_tx_complete_aggr(struct + bf = bf_next; + } + ++ /* prepend un-acked frames to the beginning of the pending frame queue */ ++ if (!list_empty(&bf_pending)) { ++ spin_lock_bh(&txq->axq_lock); ++ list_splice(&bf_pending, &tid->buf_q); ++ ath_tx_queue_tid(txq, tid); ++ spin_unlock_bh(&txq->axq_lock); ++ } ++ + if (tid->state & AGGR_CLEANUP) { + if (tid->baw_head == tid->baw_tail) { + tid->state &= ~AGGR_ADDBA_COMPLETE; +@@ -435,14 +443,6 @@ static void ath_tx_complete_aggr(struct + return; + } + +- /* prepend un-acked frames to the beginning of the pending frame queue */ +- if (!list_empty(&bf_pending)) { +- spin_lock_bh(&txq->axq_lock); +- list_splice(&bf_pending, &tid->buf_q); +- ath_tx_queue_tid(txq, tid); +- spin_unlock_bh(&txq->axq_lock); +- } +- + rcu_read_unlock(); + + if (needreset) diff --git a/queue-2.6.32/ath9k_hw-fix-an-off-by-one-error-in-the-pdadc-boundaries-calculation.patch b/queue-2.6.32/ath9k_hw-fix-an-off-by-one-error-in-the-pdadc-boundaries-calculation.patch new file mode 100644 index 00000000000..e85986c7196 --- /dev/null +++ b/queue-2.6.32/ath9k_hw-fix-an-off-by-one-error-in-the-pdadc-boundaries-calculation.patch @@ -0,0 +1,32 @@ +From 03b4776c408d2f4bf3a5d204e223724d154716d1 Mon Sep 17 00:00:00 2001 +From: Felix Fietkau +Date: Sun, 11 Jul 2010 12:48:41 +0200 +Subject: ath9k_hw: fix an off-by-one error in the PDADC boundaries calculation + +From: Felix Fietkau + +commit 03b4776c408d2f4bf3a5d204e223724d154716d1 upstream. + +PDADC values were only generated for values surrounding the target +index, however not for the target index itself, leading to a minor +error in the generated curve. + +Signed-off-by: Felix Fietkau +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/ath9k/eeprom_def.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/ath/ath9k/eeprom_def.c ++++ b/drivers/net/wireless/ath/ath9k/eeprom_def.c +@@ -714,7 +714,7 @@ static void ath9k_hw_get_def_gain_bounda + vpdTableI[i][sizeCurrVpdTable - 2]); + vpdStep = (int16_t)((vpdStep < 1) ? 1 : vpdStep); + +- if (tgtIndex > maxIndex) { ++ if (tgtIndex >= maxIndex) { + while ((ss <= tgtIndex) && + (k < (AR5416_NUM_PDADC_VALUES - 1))) { + tmpVal = (int16_t)((vpdTableI[i][sizeCurrVpdTable - 1] + diff --git a/queue-2.6.32/cfg80211-don-t-get-expired-bsses.patch b/queue-2.6.32/cfg80211-don-t-get-expired-bsses.patch new file mode 100644 index 00000000000..64a562afa24 --- /dev/null +++ b/queue-2.6.32/cfg80211-don-t-get-expired-bsses.patch @@ -0,0 +1,52 @@ +From ccb6c1360f8dd43303c659db718e7e0b24175db5 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 13 Jul 2010 10:55:38 +0200 +Subject: cfg80211: don't get expired BSSes + +From: Johannes Berg + +commit ccb6c1360f8dd43303c659db718e7e0b24175db5 upstream. + +When kernel-internal users use cfg80211_get_bss() +to get a reference to a BSS struct, they may end +up getting one that would have been removed from +the list if there had been any userspace access +to the list. This leads to inconsistencies and +problems. + +Fix it by making cfg80211_get_bss() ignore BSSes +that cfg80211_bss_expire() would remove. + +Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180 + +Reported-by: Jiajia Zheng +Tested-by: Jiajia Zheng +Signed-off-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/scan.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/net/wireless/scan.c ++++ b/net/wireless/scan.c +@@ -270,6 +270,7 @@ struct cfg80211_bss *cfg80211_get_bss(st + { + struct cfg80211_registered_device *dev = wiphy_to_dev(wiphy); + struct cfg80211_internal_bss *bss, *res = NULL; ++ unsigned long now = jiffies; + + spin_lock_bh(&dev->bss_lock); + +@@ -278,6 +279,10 @@ struct cfg80211_bss *cfg80211_get_bss(st + continue; + if (channel && bss->pub.channel != channel) + continue; ++ /* Don't get expired BSS structs */ ++ if (time_after(now, bss->ts + IEEE80211_SCAN_RESULT_EXPIRE) && ++ !atomic_read(&bss->hold)) ++ continue; + if (is_bss(&bss->pub, bssid, ssid, ssid_len)) { + res = bss; + kref_get(&res->ref); diff --git a/queue-2.6.32/cfg80211-ignore-spurious-deauth.patch b/queue-2.6.32/cfg80211-ignore-spurious-deauth.patch new file mode 100644 index 00000000000..e32da15d69d --- /dev/null +++ b/queue-2.6.32/cfg80211-ignore-spurious-deauth.patch @@ -0,0 +1,45 @@ +From 643f82e32f14faf0d0944c804203a6681b6b0a1e Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Mon, 12 Jul 2010 14:46:43 +0200 +Subject: cfg80211: ignore spurious deauth + +From: Johannes Berg + +commit 643f82e32f14faf0d0944c804203a6681b6b0a1e upstream. + +Ever since mac80211/drivers are no longer +fully in charge of keeping track of the +auth status, trying to make them do so will +fail. Instead of warning and reporting the +deauthentication to userspace, cfg80211 must +simply ignore it so that spurious +deauthentications, e.g. before starting +authentication, aren't seen by userspace as +actual deauthentications. + +Reported-by: Paul Stewart +Signed-off-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/mlme.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/net/wireless/mlme.c ++++ b/net/wireless/mlme.c +@@ -43,10 +43,10 @@ void cfg80211_send_rx_auth(struct net_de + } + } + +- WARN_ON(!done); +- +- nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL); +- cfg80211_sme_rx_auth(dev, buf, len); ++ if (done) { ++ nl80211_send_rx_auth(rdev, dev, buf, len, GFP_KERNEL); ++ cfg80211_sme_rx_auth(dev, buf, len); ++ } + + wdev_unlock(wdev); + } diff --git a/queue-2.6.32/e1000e-82577-82578-phy-register-access-issues.patch b/queue-2.6.32/e1000e-82577-82578-phy-register-access-issues.patch new file mode 100644 index 00000000000..6c96a35a38b --- /dev/null +++ b/queue-2.6.32/e1000e-82577-82578-phy-register-access-issues.patch @@ -0,0 +1,38 @@ +From ff847ac2d3e90edd94674c28bade25ae1e6a2e49 Mon Sep 17 00:00:00 2001 +From: Bruce Allan +Date: Tue, 27 Jul 2010 12:28:46 +0000 +Subject: e1000e: 82577/82578 PHY register access issues + +From: Bruce Allan + +commit ff847ac2d3e90edd94674c28bade25ae1e6a2e49 upstream. + +The MAC-PHY interconnect on 82577/82578 uses a power management feature +(called K1) which must be disabled when in 1Gbps due to a hardware issue on +these parts. The #define bit setting used to enable/disable K1 is +incorrect and can cause PHY register accesses to stop working altogether +until the next device reset. This patch sets the register correctly. + +This issue is present in kernels since 2.6.32. + +Signed-off-by: Bruce Allan +Tested-by: Jeff Pieper +Signed-off-by: Jeff Kirsher +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/e1000e/hw.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/e1000e/hw.h ++++ b/drivers/net/e1000e/hw.h +@@ -304,7 +304,7 @@ enum e1e_registers { + #define E1000_KMRNCTRLSTA_DIAG_OFFSET 0x3 /* Kumeran Diagnostic */ + #define E1000_KMRNCTRLSTA_DIAG_NELPBK 0x1000 /* Nearend Loopback mode */ + #define E1000_KMRNCTRLSTA_K1_CONFIG 0x7 +-#define E1000_KMRNCTRLSTA_K1_ENABLE 0x140E ++#define E1000_KMRNCTRLSTA_K1_ENABLE 0x0002 + #define E1000_KMRNCTRLSTA_K1_DISABLE 0x1400 + + #define IFE_PHY_EXTENDED_STATUS_CONTROL 0x10 diff --git a/queue-2.6.32/e1000e-don-t-inadvertently-re-set-intx_disable.patch b/queue-2.6.32/e1000e-don-t-inadvertently-re-set-intx_disable.patch new file mode 100644 index 00000000000..910edefab9e --- /dev/null +++ b/queue-2.6.32/e1000e-don-t-inadvertently-re-set-intx_disable.patch @@ -0,0 +1,71 @@ +From 36f2407fe52c55566221f8c68c8fb808abffd2f5 Mon Sep 17 00:00:00 2001 +From: Dean Nelson +Date: Tue, 29 Jun 2010 18:12:05 +0000 +Subject: e1000e: don't inadvertently re-set INTX_DISABLE + +From: Dean Nelson + +commit 36f2407fe52c55566221f8c68c8fb808abffd2f5 upstream. + +Should e1000_test_msi() fail to see an msi interrupt, it attempts to +fallback to legacy INTx interrupts. But an error in the code may prevent +this from happening correctly. + +Before calling e1000_test_msi_interrupt(), e1000_test_msi() disables SERR +by clearing the SERR bit from the just read PCI_COMMAND bits as it writes +them back out. + +Upon return from calling e1000_test_msi_interrupt(), it re-enables SERR +by writing out the version of PCI_COMMAND it had previously read. + +The problem with this is that e1000_test_msi_interrupt() calls +pci_disable_msi(), which eventually ends up in pci_intx(). And because +pci_intx() was called with enable set to 1, the INTX_DISABLE bit gets +cleared from PCI_COMMAND, which is what we want. But when we get back to +e1000_test_msi(), the INTX_DISABLE bit gets inadvertently re-set because +of the attempt by e1000_test_msi() to re-enable SERR. + +The solution is to have e1000_test_msi() re-read the PCI_COMMAND bits as +part of its attempt to re-enable SERR. + +During debugging/testing of this issue I found that not all the systems +I ran on had the SERR bit set to begin with. And on some of the systems +the same could be said for the INTX_DISABLE bit. Needless to say these +latter systems didn't have a problem falling back to legacy INTx +interrupts with the code as is. + +Signed-off-by: Dean Nelson +Tested-by: Emil Tantilov +Signed-off-by: Jeff Kirsher +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/e1000e/netdev.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/drivers/net/e1000e/netdev.c ++++ b/drivers/net/e1000e/netdev.c +@@ -3073,13 +3073,18 @@ static int e1000_test_msi(struct e1000_a + + /* disable SERR in case the MSI write causes a master abort */ + pci_read_config_word(adapter->pdev, PCI_COMMAND, &pci_cmd); +- pci_write_config_word(adapter->pdev, PCI_COMMAND, +- pci_cmd & ~PCI_COMMAND_SERR); ++ if (pci_cmd & PCI_COMMAND_SERR) ++ pci_write_config_word(adapter->pdev, PCI_COMMAND, ++ pci_cmd & ~PCI_COMMAND_SERR); + + err = e1000_test_msi_interrupt(adapter); + +- /* restore previous setting of command word */ +- pci_write_config_word(adapter->pdev, PCI_COMMAND, pci_cmd); ++ /* re-enable SERR */ ++ if (pci_cmd & PCI_COMMAND_SERR) { ++ pci_read_config_word(adapter->pdev, PCI_COMMAND, &pci_cmd); ++ pci_cmd |= PCI_COMMAND_SERR; ++ pci_write_config_word(adapter->pdev, PCI_COMMAND, pci_cmd); ++ } + + /* success ! */ + if (!err) diff --git a/queue-2.6.32/iwlwifi-fix-scan-abort.patch b/queue-2.6.32/iwlwifi-fix-scan-abort.patch new file mode 100644 index 00000000000..397e19cf8da --- /dev/null +++ b/queue-2.6.32/iwlwifi-fix-scan-abort.patch @@ -0,0 +1,65 @@ +From d28232b461b8d54b09e59325dbac8b0913ce2049 Mon Sep 17 00:00:00 2001 +From: Stanislaw Gruszka +Date: Thu, 29 Jul 2010 11:37:41 +0200 +Subject: iwlwifi: fix scan abort + +From: Stanislaw Gruszka + +commit d28232b461b8d54b09e59325dbac8b0913ce2049 upstream. + +Fix possible double priv->mutex lock introduced by commit +a69b03e941abae00380fc6bc1877fb797a1b31e6 +"iwlwifi: cancel scan watchdog in iwl_bg_abort_scan" . +We can not call cancel_delayed_work_sync(&priv->scan_check) with +priv->mutex locked because workqueue function iwl_bg_scan_check() +take that lock internally. + +We do not need to synchronize when canceling priv->scan_check work. +We can avoid races (sending double abort command or send no +command at all) using STATUS_SCAN_ABORT bit. Moreover +current iwl_bg_scan_check() code seems to be broken, as +we should not send abort commands when currently aborting. + +Signed-off-by: Stanislaw Gruszka +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/iwlwifi/iwl-scan.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +--- a/drivers/net/wireless/iwlwifi/iwl-scan.c ++++ b/drivers/net/wireless/iwlwifi/iwl-scan.c +@@ -497,11 +497,10 @@ void iwl_bg_scan_check(struct work_struc + return; + + mutex_lock(&priv->mutex); +- if (test_bit(STATUS_SCANNING, &priv->status) || +- test_bit(STATUS_SCAN_ABORTING, &priv->status)) { +- IWL_DEBUG_SCAN(priv, "Scan completion watchdog resetting " +- "adapter (%dms)\n", +- jiffies_to_msecs(IWL_SCAN_CHECK_WATCHDOG)); ++ if (test_bit(STATUS_SCANNING, &priv->status) && ++ !test_bit(STATUS_SCAN_ABORTING, &priv->status)) { ++ IWL_DEBUG_SCAN(priv, "Scan completion watchdog (%dms)\n", ++ jiffies_to_msecs(IWL_SCAN_CHECK_WATCHDOG)); + + if (!test_bit(STATUS_EXIT_PENDING, &priv->status)) + iwl_send_scan_abort(priv); +@@ -797,12 +796,11 @@ void iwl_bg_abort_scan(struct work_struc + !test_bit(STATUS_GEO_CONFIGURED, &priv->status)) + return; + +- mutex_lock(&priv->mutex); +- +- cancel_delayed_work_sync(&priv->scan_check); +- set_bit(STATUS_SCAN_ABORTING, &priv->status); +- iwl_send_scan_abort(priv); ++ cancel_delayed_work(&priv->scan_check); + ++ mutex_lock(&priv->mutex); ++ if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) ++ iwl_send_scan_abort(priv); + mutex_unlock(&priv->mutex); + } + EXPORT_SYMBOL(iwl_bg_abort_scan); diff --git a/queue-2.6.32/parisc-pass-through-t-to-early-iodc-console.patch b/queue-2.6.32/parisc-pass-through-t-to-early-iodc-console.patch new file mode 100644 index 00000000000..4d7f9a9512a --- /dev/null +++ b/queue-2.6.32/parisc-pass-through-t-to-early-iodc-console.patch @@ -0,0 +1,56 @@ +From d9b68e5e88248bb24fd4e455588bea1d56108fd6 Mon Sep 17 00:00:00 2001 +From: Kyle McMartin +Date: Tue, 3 Aug 2010 20:38:08 -0400 +Subject: parisc: pass through '\t' to early (iodc) console + +From: Kyle McMartin + +commit d9b68e5e88248bb24fd4e455588bea1d56108fd6 upstream. + +The firmware handles '\t' internally, so stop trying to emulate it +(which, incidentally, had a bug in it.) + +Fixes a really weird hang at bootup in rcu_bootup_announce, which, +as far as I can tell, is the first printk in the core kernel to use +a tab as the first character. + +Signed-off-by: Kyle McMartin +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/firmware.c | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +--- a/arch/parisc/kernel/firmware.c ++++ b/arch/parisc/kernel/firmware.c +@@ -1123,7 +1123,6 @@ static char __attribute__((aligned(64))) + */ + int pdc_iodc_print(const unsigned char *str, unsigned count) + { +- static int posx; /* for simple TAB-Simulation... */ + unsigned int i; + unsigned long flags; + +@@ -1133,19 +1132,12 @@ int pdc_iodc_print(const unsigned char * + iodc_dbuf[i+0] = '\r'; + iodc_dbuf[i+1] = '\n'; + i += 2; +- posx = 0; + goto print; +- case '\t': +- while (posx & 7) { +- iodc_dbuf[i] = ' '; +- i++, posx++; +- } +- break; + case '\b': /* BS */ +- posx -= 2; ++ i--; /* overwrite last */ + default: + iodc_dbuf[i] = str[i]; +- i++, posx++; ++ i++; + break; + } + } diff --git a/queue-2.6.32/xfs-prevent-swapext-from-operating-on-write-only-files.patch b/queue-2.6.32/xfs-prevent-swapext-from-operating-on-write-only-files.patch new file mode 100644 index 00000000000..bc1fb85a00b --- /dev/null +++ b/queue-2.6.32/xfs-prevent-swapext-from-operating-on-write-only-files.patch @@ -0,0 +1,43 @@ +From 1817176a86352f65210139d4c794ad2d19fc6b63 Mon Sep 17 00:00:00 2001 +From: Dan Rosenberg +Date: Thu, 24 Jun 2010 12:07:47 +1000 +Subject: xfs: prevent swapext from operating on write-only files + +From: Dan Rosenberg + +commit 1817176a86352f65210139d4c794ad2d19fc6b63 upstream. + +This patch prevents user "foo" from using the SWAPEXT ioctl to swap +a write-only file owned by user "bar" into a file owned by "foo" and +subsequently reading it. It does so by checking that the file +descriptors passed to the ioctl are also opened for reading. + +Signed-off-by: Dan Rosenberg +Reviewed-by: Christoph Hellwig +Signed-off-by: Greg Kroah-Hartman + +--- + fs/xfs/xfs_dfrag.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/xfs/xfs_dfrag.c ++++ b/fs/xfs/xfs_dfrag.c +@@ -62,7 +62,9 @@ xfs_swapext( + goto out; + } + +- if (!(file->f_mode & FMODE_WRITE) || (file->f_flags & O_APPEND)) { ++ if (!(file->f_mode & FMODE_WRITE) || ++ !(file->f_mode & FMODE_READ) || ++ (file->f_flags & O_APPEND)) { + error = XFS_ERROR(EBADF); + goto out_put_file; + } +@@ -74,6 +76,7 @@ xfs_swapext( + } + + if (!(target_file->f_mode & FMODE_WRITE) || ++ !(target_file->f_mode & FMODE_READ) || + (target_file->f_flags & O_APPEND)) { + error = XFS_ERROR(EBADF); + goto out_put_target_file;