From: Greg Kroah-Hartman Date: Wed, 10 Oct 2012 07:37:50 +0000 (+0900) Subject: 3.6-stable patches X-Git-Tag: v3.0.46~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6cbd67ed333fb8cadb48e663bf6de122137cfd41;p=thirdparty%2Fkernel%2Fstable-queue.git 3.6-stable patches added patches: cifs-reinstate-the-forcegid-option.patch convert-properly-utf-8-to-utf-16.patch jffs2-don-t-fail-on-bitflips-in-oob.patch jffs2-fix-unmount-regression.patch mmc-omap_hsmmc-pass-on-the-suspend-failure-to-the-pm-core.patch mmc-sh-mmcif-avoid-oops-on-spurious-interrupts.patch mmc-slot-gpio-fix-missing-assignment-to-ctx-ro_gpio.patch mtd-autcpu12-nvram-fix-compile-breakage.patch mtd-mtdpart-break-it-as-soon-as-we-parse-out-the-partitions.patch mtd-nandsim-bugfix-fail-if-overridesize-is-too-big.patch mtd-nand-use-the-mirror-bbt-descriptor-when-reading-its-version.patch mtd-omap2-fix-module-loading.patch mtd-omap2-fix-omap_nand_remove-segfault.patch --- diff --git a/queue-3.6/cifs-reinstate-the-forcegid-option.patch b/queue-3.6/cifs-reinstate-the-forcegid-option.patch new file mode 100644 index 00000000000..115ea7c4179 --- /dev/null +++ b/queue-3.6/cifs-reinstate-the-forcegid-option.patch @@ -0,0 +1,54 @@ +From 72bd481f860f0125c810bb43d878ce5f9c060c58 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Wed, 3 Oct 2012 16:02:36 -0400 +Subject: cifs: reinstate the forcegid option + +From: Jeff Layton + +commit 72bd481f860f0125c810bb43d878ce5f9c060c58 upstream. + +Apparently this was lost when we converted to the standard option +parser in 8830d7e07a5e38bc47650a7554b7c1cfd49902bf + +Reported-by: Gregory Lee Bartholomew +Cc: Sachin Prabhu +Signed-off-by: Jeff Layton +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/connect.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -67,6 +67,7 @@ enum { + /* Mount options that take no arguments */ + Opt_user_xattr, Opt_nouser_xattr, + Opt_forceuid, Opt_noforceuid, ++ Opt_forcegid, Opt_noforcegid, + Opt_noblocksend, Opt_noautotune, + Opt_hard, Opt_soft, Opt_perm, Opt_noperm, + Opt_mapchars, Opt_nomapchars, Opt_sfu, +@@ -118,6 +119,8 @@ static const match_table_t cifs_mount_op + { Opt_nouser_xattr, "nouser_xattr" }, + { Opt_forceuid, "forceuid" }, + { Opt_noforceuid, "noforceuid" }, ++ { Opt_forcegid, "forcegid" }, ++ { Opt_noforcegid, "noforcegid" }, + { Opt_noblocksend, "noblocksend" }, + { Opt_noautotune, "noautotune" }, + { Opt_hard, "hard" }, +@@ -1190,6 +1193,12 @@ cifs_parse_mount_options(const char *mou + case Opt_noforceuid: + override_uid = 0; + break; ++ case Opt_forcegid: ++ override_gid = 1; ++ break; ++ case Opt_noforcegid: ++ override_gid = 0; ++ break; + case Opt_noblocksend: + vol->noblocksnd = 1; + break; diff --git a/queue-3.6/convert-properly-utf-8-to-utf-16.patch b/queue-3.6/convert-properly-utf-8-to-utf-16.patch new file mode 100644 index 00000000000..2ee0d5d4189 --- /dev/null +++ b/queue-3.6/convert-properly-utf-8-to-utf-16.patch @@ -0,0 +1,61 @@ +From fd3ba42c76d3d4b776120c2b24c1791e7bb3deb1 Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio +Date: Tue, 7 Aug 2012 04:33:03 -0500 +Subject: Convert properly UTF-8 to UTF-16 + +From: Frediano Ziglio + +commit fd3ba42c76d3d4b776120c2b24c1791e7bb3deb1 upstream. + +wchar_t is currently 16bit so converting a utf8 encoded characters not +in plane 0 (>= 0x10000) to wchar_t (that is calling char2uni) lead to a +-EINVAL return. This patch detect utf8 in cifs_strtoUTF16 and add special +code calling utf8s_to_utf16s. + +Signed-off-by: Frediano Ziglio +Acked-by: Jeff Layton +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifs_unicode.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +--- a/fs/cifs/cifs_unicode.c ++++ b/fs/cifs/cifs_unicode.c +@@ -203,6 +203,27 @@ cifs_strtoUTF16(__le16 *to, const char * + int i; + wchar_t wchar_to; /* needed to quiet sparse */ + ++ /* special case for utf8 to handle no plane0 chars */ ++ if (!strcmp(codepage->charset, "utf8")) { ++ /* ++ * convert utf8 -> utf16, we assume we have enough space ++ * as caller should have assumed conversion does not overflow ++ * in destination len is length in wchar_t units (16bits) ++ */ ++ i = utf8s_to_utf16s(from, len, UTF16_LITTLE_ENDIAN, ++ (wchar_t *) to, len); ++ ++ /* if success terminate and exit */ ++ if (i >= 0) ++ goto success; ++ /* ++ * if fails fall back to UCS encoding as this ++ * function should not return negative values ++ * currently can fail only if source contains ++ * invalid encoded characters ++ */ ++ } ++ + for (i = 0; len && *from; i++, from += charlen, len -= charlen) { + charlen = codepage->char2uni(from, len, &wchar_to); + if (charlen < 1) { +@@ -215,6 +236,7 @@ cifs_strtoUTF16(__le16 *to, const char * + put_unaligned_le16(wchar_to, &to[i]); + } + ++success: + put_unaligned_le16(0, &to[i]); + return i; + } diff --git a/queue-3.6/jffs2-don-t-fail-on-bitflips-in-oob.patch b/queue-3.6/jffs2-don-t-fail-on-bitflips-in-oob.patch new file mode 100644 index 00000000000..247a8ad9ba6 --- /dev/null +++ b/queue-3.6/jffs2-don-t-fail-on-bitflips-in-oob.patch @@ -0,0 +1,53 @@ +From 74d83beaa229aac7d126ac1ed9414658ff1a89d2 Mon Sep 17 00:00:00 2001 +From: Brian Norris +Date: Fri, 31 Aug 2012 15:01:19 -0700 +Subject: JFFS2: don't fail on bitflips in OOB + +From: Brian Norris + +commit 74d83beaa229aac7d126ac1ed9414658ff1a89d2 upstream. + +JFFS2 was designed without thought for OOB bitflips, it seems, but they +can occur and will be reported to JFFS2 via mtd_read_oob()[1]. We don't +want to fail on these transactions, since the data was corrected. + +[1] Few drivers report bitflips for OOB-only transactions. With such + drivers, this patch should have no effect. + +Signed-off-by: Brian Norris +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/wbuf.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/jffs2/wbuf.c ++++ b/fs/jffs2/wbuf.c +@@ -1044,10 +1044,10 @@ int jffs2_check_oob_empty(struct jffs2_s + ops.datbuf = NULL; + + ret = mtd_read_oob(c->mtd, jeb->offset, &ops); +- if (ret || ops.oobretlen != ops.ooblen) { ++ if ((ret && !mtd_is_bitflip(ret)) || ops.oobretlen != ops.ooblen) { + pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n", + jeb->offset, ops.ooblen, ops.oobretlen, ret); +- if (!ret) ++ if (!ret || mtd_is_bitflip(ret)) + ret = -EIO; + return ret; + } +@@ -1086,10 +1086,10 @@ int jffs2_check_nand_cleanmarker(struct + ops.datbuf = NULL; + + ret = mtd_read_oob(c->mtd, jeb->offset, &ops); +- if (ret || ops.oobretlen != ops.ooblen) { ++ if ((ret && !mtd_is_bitflip(ret)) || ops.oobretlen != ops.ooblen) { + pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n", + jeb->offset, ops.ooblen, ops.oobretlen, ret); +- if (!ret) ++ if (!ret || mtd_is_bitflip(ret)) + ret = -EIO; + return ret; + } diff --git a/queue-3.6/jffs2-fix-unmount-regression.patch b/queue-3.6/jffs2-fix-unmount-regression.patch new file mode 100644 index 00000000000..19fbd27796b --- /dev/null +++ b/queue-3.6/jffs2-fix-unmount-regression.patch @@ -0,0 +1,43 @@ +From a445f784ae5558a3da680aa6b39ed53c95a551c1 Mon Sep 17 00:00:00 2001 +From: Artem Bityutskiy +Date: Thu, 23 Aug 2012 10:10:07 +0300 +Subject: JFFS2: fix unmount regression + +From: Artem Bityutskiy + +commit a445f784ae5558a3da680aa6b39ed53c95a551c1 upstream. + +This patch fixes regression introduced by +"8bdc81c jffs2: get rid of jffs2_sync_super". We submit a delayed work in order +to make sure the write-buffer is synchronized at some point. But we do not +flush it when we unmount, which causes an oops when we unmount the file-system +and then the delayed work is executed. + +This patch fixes the issue by adding a "cancel_delayed_work_sync()" infocation +in the '->sync_fs()' handler. This will make sure the delayed work is canceled +on sync, unmount and re-mount. And because VFS always callse 'sync_fs()' before +unmounting or remounting, this fixes the issue. + +Reported-by: Ludovic Desroches +Signed-off-by: Artem Bityutskiy +Tested-by: Ludovic Desroches +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/super.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/jffs2/super.c ++++ b/fs/jffs2/super.c +@@ -100,6 +100,10 @@ static int jffs2_sync_fs(struct super_bl + { + struct jffs2_sb_info *c = JFFS2_SB_INFO(sb); + ++#ifdef CONFIG_JFFS2_FS_WRITEBUFFER ++ cancel_delayed_work_sync(&c->wbuf_dwork); ++#endif ++ + mutex_lock(&c->alloc_sem); + jffs2_flush_wbuf_pad(c); + mutex_unlock(&c->alloc_sem); diff --git a/queue-3.6/mmc-omap_hsmmc-pass-on-the-suspend-failure-to-the-pm-core.patch b/queue-3.6/mmc-omap_hsmmc-pass-on-the-suspend-failure-to-the-pm-core.patch new file mode 100644 index 00000000000..92f5c06dfc6 --- /dev/null +++ b/queue-3.6/mmc-omap_hsmmc-pass-on-the-suspend-failure-to-the-pm-core.patch @@ -0,0 +1,59 @@ +From c4c8eeb4df00aabb641553d6fbcd46f458e56cd9 Mon Sep 17 00:00:00 2001 +From: Vaibhav Bedia +Date: Thu, 13 Sep 2012 06:31:03 +0000 +Subject: mmc: omap_hsmmc: Pass on the suspend failure to the PM core + +From: Vaibhav Bedia + +commit c4c8eeb4df00aabb641553d6fbcd46f458e56cd9 upstream. + +In some cases mmc_suspend_host() is not able to claim the +host and proceed with the suspend process. The core returns +-EBUSY to the host controller driver. Unfortunately, the +host controller driver does not pass on this information +to the PM core and hence the system suspend process continues. + + ret = mmc_suspend_host(host->mmc); + if (ret) { + host->suspended = 0; + if (host->pdata->resume) { + ret = host->pdata->resume(dev, host->slot_id); + +The return status from mmc_suspend_host() is overwritten by return +status from host->pdata->resume. So the original return status is lost. + +In these cases the MMC core gets to an unexpected state +during resume and multiple issues related to MMC crop up. +1. Host controller driver starts accessing the device registers +before the clocks are enabled which leads to a prefetch abort. +2. A file copy thread which was launched before suspend gets +stuck due to the host not being reclaimed during resume. + +To avoid such problems pass on the -EBUSY status to the PM core +from the host controller driver. With this change, MMC core +suspend might still fail but it does not end up making the +system unusable. Suspend gets aborted and the user can try +suspending the system again. + +Signed-off-by: Vaibhav Bedia +Signed-off-by: Hebbar, Gururaja +Acked-by: Venkatraman S +Signed-off-by: Chris Ball +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/omap_hsmmc.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/mmc/host/omap_hsmmc.c ++++ b/drivers/mmc/host/omap_hsmmc.c +@@ -2106,8 +2106,7 @@ static int omap_hsmmc_suspend(struct dev + if (ret) { + host->suspended = 0; + if (host->pdata->resume) { +- ret = host->pdata->resume(dev, host->slot_id); +- if (ret) ++ if (host->pdata->resume(dev, host->slot_id)) + dev_dbg(dev, "Unmask interrupt failed\n"); + } + goto err; diff --git a/queue-3.6/mmc-sh-mmcif-avoid-oops-on-spurious-interrupts.patch b/queue-3.6/mmc-sh-mmcif-avoid-oops-on-spurious-interrupts.patch new file mode 100644 index 00000000000..22dbc54bcde --- /dev/null +++ b/queue-3.6/mmc-sh-mmcif-avoid-oops-on-spurious-interrupts.patch @@ -0,0 +1,36 @@ +From 8464dd52d3198dd05cafb005371d76e5339eb842 Mon Sep 17 00:00:00 2001 +From: Guennadi Liakhovetski +Date: Tue, 18 Sep 2012 06:42:42 +0000 +Subject: mmc: sh-mmcif: avoid oops on spurious interrupts + +From: Guennadi Liakhovetski + +commit 8464dd52d3198dd05cafb005371d76e5339eb842 upstream. + +On some systems, e.g., kzm9g, MMCIF interfaces can produce spurious +interrupts without any active request. To prevent the Oops, that results +in such cases, don't dereference the mmc request pointer until we make +sure, that we are indeed processing such a request. + +Reported-by: Tetsuyuki Kobayashi +Signed-off-by: Guennadi Liakhovetski +Signed-off-by: Chris Ball +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sh_mmcif.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/mmc/host/sh_mmcif.c ++++ b/drivers/mmc/host/sh_mmcif.c +@@ -1229,6 +1229,10 @@ static irqreturn_t sh_mmcif_intr(int irq + host->sd_error = true; + dev_dbg(&host->pd->dev, "int err state = %08x\n", state); + } ++ if (host->state == STATE_IDLE) { ++ dev_info(&host->pd->dev, "Spurious IRQ status 0x%x", state); ++ return IRQ_HANDLED; ++ } + if (state & ~(INT_CMD12RBE | INT_CMD12CRE)) { + if (!host->dma_active) + return IRQ_WAKE_THREAD; diff --git a/queue-3.6/mmc-slot-gpio-fix-missing-assignment-to-ctx-ro_gpio.patch b/queue-3.6/mmc-slot-gpio-fix-missing-assignment-to-ctx-ro_gpio.patch new file mode 100644 index 00000000000..638aac34526 --- /dev/null +++ b/queue-3.6/mmc-slot-gpio-fix-missing-assignment-to-ctx-ro_gpio.patch @@ -0,0 +1,38 @@ +From 15e8a8e42966162c207bb97ed55c803bc437eeae Mon Sep 17 00:00:00 2001 +From: Chris Ball +Date: Sun, 9 Sep 2012 22:56:48 -0400 +Subject: mmc: slot-gpio: Fix missing assignment to ctx->ro_gpio + +From: Chris Ball + +commit 15e8a8e42966162c207bb97ed55c803bc437eeae upstream. + +mmc_gpio_request_ro() doesn't store the requested gpio in ctx->ro_gpio. +As a result, subsequent calls to mmc_gpio_get_ro() will always fail +with -ENOSYS because the gpio number isn't available to that function. + +Acked-by: Guennadi Liakhovetski +Signed-off-by: Chris Ball +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/core/slot-gpio.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/core/slot-gpio.c ++++ b/drivers/mmc/core/slot-gpio.c +@@ -100,7 +100,13 @@ int mmc_gpio_request_ro(struct mmc_host + + ctx = host->slot.handler_priv; + +- return gpio_request_one(gpio, GPIOF_DIR_IN, ctx->ro_label); ++ ret = gpio_request_one(gpio, GPIOF_DIR_IN, ctx->ro_label); ++ if (ret < 0) ++ return ret; ++ ++ ctx->ro_gpio = gpio; ++ ++ return 0; + } + EXPORT_SYMBOL(mmc_gpio_request_ro); + diff --git a/queue-3.6/mtd-autcpu12-nvram-fix-compile-breakage.patch b/queue-3.6/mtd-autcpu12-nvram-fix-compile-breakage.patch new file mode 100644 index 00000000000..73c4bff4f48 --- /dev/null +++ b/queue-3.6/mtd-autcpu12-nvram-fix-compile-breakage.patch @@ -0,0 +1,73 @@ +From d1f55c680e5d021e7066f4461dd678d42af18898 Mon Sep 17 00:00:00 2001 +From: Alexander Shiyan +Date: Wed, 15 Aug 2012 20:28:05 +0400 +Subject: mtd: autcpu12-nvram: Fix compile breakage + +From: Alexander Shiyan + +commit d1f55c680e5d021e7066f4461dd678d42af18898 upstream. + +Update driver autcpu12-nvram.c so it compiles; map_read32/map_write32 +no longer exist in the kernel so the driver is totally broken. +Additionally, map_info name passed to simple_map_init is incorrect. + +Signed-off-by: Alexander Shiyan +Acked-by: Arnd Bergmann +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/maps/autcpu12-nvram.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +--- a/drivers/mtd/maps/autcpu12-nvram.c ++++ b/drivers/mtd/maps/autcpu12-nvram.c +@@ -43,7 +43,8 @@ struct map_info autcpu12_sram_map = { + + static int __init init_autcpu12_sram (void) + { +- int err, save0, save1; ++ map_word tmp, save0, save1; ++ int err; + + autcpu12_sram_map.virt = ioremap(0x12000000, SZ_128K); + if (!autcpu12_sram_map.virt) { +@@ -51,7 +52,7 @@ static int __init init_autcpu12_sram (vo + err = -EIO; + goto out; + } +- simple_map_init(&autcpu_sram_map); ++ simple_map_init(&autcpu12_sram_map); + + /* + * Check for 32K/128K +@@ -61,20 +62,22 @@ static int __init init_autcpu12_sram (vo + * Read and check result on ofs 0x0 + * Restore contents + */ +- save0 = map_read32(&autcpu12_sram_map,0); +- save1 = map_read32(&autcpu12_sram_map,0x10000); +- map_write32(&autcpu12_sram_map,~save0,0x10000); ++ save0 = map_read(&autcpu12_sram_map, 0); ++ save1 = map_read(&autcpu12_sram_map, 0x10000); ++ tmp.x[0] = ~save0.x[0]; ++ map_write(&autcpu12_sram_map, tmp, 0x10000); + /* if we find this pattern on 0x0, we have 32K size + * restore contents and exit + */ +- if ( map_read32(&autcpu12_sram_map,0) != save0) { +- map_write32(&autcpu12_sram_map,save0,0x0); ++ tmp = map_read(&autcpu12_sram_map, 0); ++ if (!map_word_equal(&autcpu12_sram_map, tmp, save0)) { ++ map_write(&autcpu12_sram_map, save0, 0x0); + goto map; + } + /* We have a 128K found, restore 0x10000 and set size + * to 128K + */ +- map_write32(&autcpu12_sram_map,save1,0x10000); ++ map_write(&autcpu12_sram_map, save1, 0x10000); + autcpu12_sram_map.size = SZ_128K; + + map: diff --git a/queue-3.6/mtd-mtdpart-break-it-as-soon-as-we-parse-out-the-partitions.patch b/queue-3.6/mtd-mtdpart-break-it-as-soon-as-we-parse-out-the-partitions.patch new file mode 100644 index 00000000000..272d104913f --- /dev/null +++ b/queue-3.6/mtd-mtdpart-break-it-as-soon-as-we-parse-out-the-partitions.patch @@ -0,0 +1,64 @@ +From c51803ddba10d80d9f246066802c6e359cf1d44c Mon Sep 17 00:00:00 2001 +From: Huang Shijie +Date: Sat, 18 Aug 2012 13:07:41 -0400 +Subject: mtd: mtdpart: break it as soon as we parse out the partitions + +From: Huang Shijie + +commit c51803ddba10d80d9f246066802c6e359cf1d44c upstream. + +We may cause a memory leak when the @types has more then one parser. + +Take the `default_mtd_part_types` for example. The default_mtd_part_types has +two parsers now: `cmdlinepart` and `ofpart`. + +Assume the following case: +The kernel command line sets the partitions like: + #gpmi-nand:20m(boot),20m(kernel),1g(rootfs),-(user) +But the devicetree file(such as arch/arm/boot/dts/imx28-evk.dts) also sets +the same partitions as the kernel command line does. + +In the current code, the partitions parsed out by the `ofpart` will +overwrite the @pparts which has already set by the `cmdlinepart` parser, +and the the partitions parsed out by the `cmdlinepart` is missed. +A memory leak occurs. + +So we should break the code as soon as we parse out the partitions, +In actually, this patch makes a priority order between the parsers. +If one parser has already parsed out the partitions successfully, +it's no need to use another parser anymore. + +Signed-off-by: Huang Shijie +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/mtdpart.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/mtd/mtdpart.c ++++ b/drivers/mtd/mtdpart.c +@@ -711,6 +711,8 @@ static const char *default_mtd_part_type + * partition parsers, specified in @types. However, if @types is %NULL, then + * the default list of parsers is used. The default list contains only the + * "cmdlinepart" and "ofpart" parsers ATM. ++ * Note: If there are more then one parser in @types, the kernel only takes the ++ * partitions parsed out by the first parser. + * + * This function may return: + * o a negative error code in case of failure +@@ -735,11 +737,12 @@ int parse_mtd_partitions(struct mtd_info + if (!parser) + continue; + ret = (*parser->parse_fn)(master, pparts, data); ++ put_partition_parser(parser); + if (ret > 0) { + printk(KERN_NOTICE "%d %s partitions found on MTD device %s\n", + ret, parser->name, master->name); ++ break; + } +- put_partition_parser(parser); + } + return ret; + } diff --git a/queue-3.6/mtd-nand-use-the-mirror-bbt-descriptor-when-reading-its-version.patch b/queue-3.6/mtd-nand-use-the-mirror-bbt-descriptor-when-reading-its-version.patch new file mode 100644 index 00000000000..4383930793f --- /dev/null +++ b/queue-3.6/mtd-nand-use-the-mirror-bbt-descriptor-when-reading-its-version.patch @@ -0,0 +1,36 @@ +From 7bb9c75436212813b38700c34df4bbb6eb82debe Mon Sep 17 00:00:00 2001 +From: Shmulik Ladkani +Date: Sun, 10 Jun 2012 13:58:12 +0300 +Subject: mtd: nand: Use the mirror BBT descriptor when reading its version + +From: Shmulik Ladkani + +commit 7bb9c75436212813b38700c34df4bbb6eb82debe upstream. + +The code responsible for reading the version of the mirror bbt was +incorrectly using the descriptor of the main bbt. + +Pass the mirror bbt descriptor to 'scan_read_raw' when reading the +version of the mirror bbt. + +Signed-off-by: Shmulik Ladkani +Acked-by: Sebastian Andrzej Siewior +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/nand_bbt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mtd/nand/nand_bbt.c ++++ b/drivers/mtd/nand/nand_bbt.c +@@ -390,7 +390,7 @@ static int read_abs_bbts(struct mtd_info + /* Read the mirror version, if available */ + if (md && (md->options & NAND_BBT_VERSION)) { + scan_read_raw(mtd, buf, (loff_t)md->pages[0] << this->page_shift, +- mtd->writesize, td); ++ mtd->writesize, md); + md->version[0] = buf[bbt_get_ver_offs(mtd, md)]; + pr_info("Bad block table at page %d, version 0x%02X\n", + md->pages[0], md->version[0]); diff --git a/queue-3.6/mtd-nandsim-bugfix-fail-if-overridesize-is-too-big.patch b/queue-3.6/mtd-nandsim-bugfix-fail-if-overridesize-is-too-big.patch new file mode 100644 index 00000000000..42b36241984 --- /dev/null +++ b/queue-3.6/mtd-nandsim-bugfix-fail-if-overridesize-is-too-big.patch @@ -0,0 +1,34 @@ +From bb0a13a13411c4ce24c48c8ff3cdf7b48d237240 Mon Sep 17 00:00:00 2001 +From: Richard Genoud +Date: Wed, 12 Sep 2012 14:26:26 +0200 +Subject: mtd: nandsim: bugfix: fail if overridesize is too big + +From: Richard Genoud + +commit bb0a13a13411c4ce24c48c8ff3cdf7b48d237240 upstream. + +If override size is too big, the module was actually loaded instead of +failing, because retval was not set. + +This lead to memory corruption with the use of the freed structs nandsim +and nand_chip. + +Signed-off-by: Richard Genoud +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/nandsim.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/mtd/nand/nandsim.c ++++ b/drivers/mtd/nand/nandsim.c +@@ -2333,6 +2333,7 @@ static int __init ns_init_module(void) + uint64_t new_size = (uint64_t)nsmtd->erasesize << overridesize; + if (new_size >> overridesize != nsmtd->erasesize) { + NS_ERR("overridesize is too big\n"); ++ retval = -EINVAL; + goto err_exit; + } + /* N.B. This relies on nand_scan not doing anything with the size before we change it */ diff --git a/queue-3.6/mtd-omap2-fix-module-loading.patch b/queue-3.6/mtd-omap2-fix-module-loading.patch new file mode 100644 index 00000000000..d0fd44bd629 --- /dev/null +++ b/queue-3.6/mtd-omap2-fix-module-loading.patch @@ -0,0 +1,43 @@ +From 4d3d688da8e7016f15483e9319b41311e1db9515 Mon Sep 17 00:00:00 2001 +From: Andreas Bießmann +Date: Fri, 31 Aug 2012 13:35:42 +0200 +Subject: mtd: omap2: fix module loading + +From: Andreas Bießmann + +commit 4d3d688da8e7016f15483e9319b41311e1db9515 upstream. + +Unloading the omap2 nand driver missed to release the memory region which will +result in not being able to request it again if one want to load the driver +later on. + +This patch fixes following error when loading omap2 module after unloading: +---8<--- +~ $ rmmod omap2 +~ $ modprobe omap2 +[ 37.420928] omap2-nand: probe of omap2-nand.0 failed with error -16 +~ $ +--->8--- + +This error was introduced in 67ce04bf2746f8a1f8c2a104b313d20c63f68378 which +was the first commit of this driver. + +Signed-off-by: Andreas Bießmann +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/omap2.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/mtd/nand/omap2.c ++++ b/drivers/mtd/nand/omap2.c +@@ -1387,6 +1387,7 @@ static int omap_nand_remove(struct platf + /* Release NAND device, its internal structures and partitions */ + nand_release(&info->mtd); + iounmap(info->nand.IO_ADDR_R); ++ release_mem_region(info->phys_base, NAND_IO_SIZE); + kfree(info); + return 0; + } diff --git a/queue-3.6/mtd-omap2-fix-omap_nand_remove-segfault.patch b/queue-3.6/mtd-omap2-fix-omap_nand_remove-segfault.patch new file mode 100644 index 00000000000..c17ace9508e --- /dev/null +++ b/queue-3.6/mtd-omap2-fix-omap_nand_remove-segfault.patch @@ -0,0 +1,95 @@ +From 7d9b110269253b1d5858cfa57d68dfc7bf50dd77 Mon Sep 17 00:00:00 2001 +From: Andreas Bießmann +Date: Fri, 31 Aug 2012 13:35:41 +0200 +Subject: mtd: omap2: fix omap_nand_remove segfault + +From: Andreas Bießmann + +commit 7d9b110269253b1d5858cfa57d68dfc7bf50dd77 upstream. + +Do not kfree() the mtd_info; it is handled in the mtd subsystem and +already freed by nand_release(). Instead kfree() the struct +omap_nand_info allocated in omap_nand_probe which was not freed before. + +This patch fixes following error when unloading the omap2 module: + +---8<--- +~ $ rmmod omap2 +------------[ cut here ]------------ +kernel BUG at mm/slab.c:3126! +Internal error: Oops - BUG: 0 [#1] PREEMPT ARM +Modules linked in: omap2(-) +CPU: 0 Not tainted (3.6.0-rc3-00230-g155e36d-dirty #3) +PC is at cache_free_debugcheck+0x2d4/0x36c +LR is at kfree+0xc8/0x2ac +pc : [] lr : [] psr: 200d0193 +sp : c521fe08 ip : c0e8ef90 fp : c521fe5c +r10: bf0001fc r9 : c521e000 r8 : c0d99c8c +r7 : c661ebc0 r6 : c065d5a4 r5 : c65c4060 r4 : c78005c0 +r3 : 00000000 r2 : 00001000 r1 : c65c4000 r0 : 00000001 +Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user +Control: 10c5387d Table: 86694019 DAC: 00000015 +Process rmmod (pid: 549, stack limit = 0xc521e2f0) +Stack: (0xc521fe08 to 0xc5220000) +fe00: c008a874 c00bf44c c515c6d0 200d0193 c65c4860 c515c240 +fe20: c521fe3c c521fe30 c008a9c0 c008a854 c521fe5c c65c4860 c78005c0 bf0001fc +fe40: c780ff40 a00d0113 c521e000 00000000 c521fe84 c521fe60 c0112efc c01122d8 +fe60: c65c4860 c0673778 c06737ac 00000000 00070013 00000000 c521fe9c c521fe88 +fe80: bf0001fc c0112e40 c0673778 bf001ca8 c521feac c521fea0 c02ca11c bf0001ac +fea0: c521fec4 c521feb0 c02c82c4 c02ca100 c0673778 bf001ca8 c521fee4 c521fec8 +fec0: c02c8dd8 c02c8250 00000000 bf001ca8 bf001ca8 c0804ee0 c521ff04 c521fee8 +fee0: c02c804c c02c8d20 bf001924 00000000 bf001ca8 c521e000 c521ff1c c521ff08 +ff00: c02c950c c02c7fbc bf001d48 00000000 c521ff2c c521ff20 c02ca3a4 c02c94b8 +ff20: c521ff3c c521ff30 bf001938 c02ca394 c521ffa4 c521ff40 c009beb4 bf001930 +ff40: c521ff6c 70616d6f b6fe0032 c0014f84 70616d6f b6fe0032 00000081 60070010 +ff60: c521ff84 c521ff70 c008e1f4 c00bf328 0001a004 70616d6f c521ff94 0021ff88 +ff80: c008e368 0001a004 70616d6f b6fe0032 00000081 c0015028 00000000 c521ffa8 +ffa0: c0014dc0 c009bcd0 0001a004 70616d6f bec2ab38 00000880 bec2ab38 00000880 +ffc0: 0001a004 70616d6f b6fe0032 00000081 00000319 00000000 b6fe1000 00000000 +ffe0: bec2ab30 bec2ab20 00019f00 b6f539c0 60070010 bec2ab38 aaaaaaaa aaaaaaaa +Backtrace: +[] (cache_free_debugcheck+0x0/0x36c) from [] (kfree+0xc8/0x2ac) +[] (kfree+0x0/0x2ac) from [] (omap_nand_remove+0x5c/0x64 [omap2]) +[] (omap_nand_remove+0x0/0x64 [omap2]) from [] (platform_drv_remove+0x28/0x2c) + r5:bf001ca8 r4:c0673778 +[] (platform_drv_remove+0x0/0x2c) from [] (__device_release_driver+0x80/0xdc) +[] (__device_release_driver+0x0/0xdc) from [] (driver_detach+0xc4/0xc8) + r5:bf001ca8 r4:c0673778 +[] (driver_detach+0x0/0xc8) from [] (bus_remove_driver+0x9c/0x104) + r6:c0804ee0 r5:bf001ca8 r4:bf001ca8 r3:00000000 +[] (bus_remove_driver+0x0/0x104) from [] (driver_unregister+0x60/0x80) + r6:c521e000 r5:bf001ca8 r4:00000000 r3:bf001924 +[] (driver_unregister+0x0/0x80) from [] (platform_driver_unregister+0x1c/0x20) + r5:00000000 r4:bf001d48 +[] (platform_driver_unregister+0x0/0x20) from [] (omap_nand_driver_exit+0x14/0x1c [omap2]) +[] (omap_nand_driver_exit+0x0/0x1c [omap2]) from [] (sys_delete_module+0x1f0/0x2ec) +[] (sys_delete_module+0x0/0x2ec) from [] (ret_fast_syscall+0x0/0x48) + r8:c0015028 r7:00000081 r6:b6fe0032 r5:70616d6f r4:0001a004 +Code: e1a00005 eb0d9172 e7f001f2 e7f001f2 (e7f001f2) +---[ end trace 6a30b24d8c0cc2ee ]--- +Segmentation fault +--->8--- + +This error was introduced in 67ce04bf2746f8a1f8c2a104b313d20c63f68378 which +was the first commit of this driver. + +Signed-off-by: Andreas Bießmann +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/omap2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mtd/nand/omap2.c ++++ b/drivers/mtd/nand/omap2.c +@@ -1387,7 +1387,7 @@ static int omap_nand_remove(struct platf + /* Release NAND device, its internal structures and partitions */ + nand_release(&info->mtd); + iounmap(info->nand.IO_ADDR_R); +- kfree(&info->mtd); ++ kfree(info); + return 0; + } + diff --git a/queue-3.6/series b/queue-3.6/series index 2ea7ef26cd6..98f9e00da88 100644 --- a/queue-3.6/series +++ b/queue-3.6/series @@ -107,3 +107,16 @@ em28xx-regression-fix-use-drx-k-sync-firmware-requests-on-em28xx.patch sched-fix-load-avg-vs.-cpu-hotplug.patch asix-adds-support-for-lenovo-10-100-usb-dongle.patch alsa-hda-fix-hang-caused-by-race-during-suspend.patch +mtd-mtdpart-break-it-as-soon-as-we-parse-out-the-partitions.patch +mtd-autcpu12-nvram-fix-compile-breakage.patch +mtd-nandsim-bugfix-fail-if-overridesize-is-too-big.patch +mtd-nand-use-the-mirror-bbt-descriptor-when-reading-its-version.patch +mtd-omap2-fix-omap_nand_remove-segfault.patch +mtd-omap2-fix-module-loading.patch +mmc-omap_hsmmc-pass-on-the-suspend-failure-to-the-pm-core.patch +mmc-slot-gpio-fix-missing-assignment-to-ctx-ro_gpio.patch +mmc-sh-mmcif-avoid-oops-on-spurious-interrupts.patch +jffs2-fix-unmount-regression.patch +jffs2-don-t-fail-on-bitflips-in-oob.patch +cifs-reinstate-the-forcegid-option.patch +convert-properly-utf-8-to-utf-16.patch