From: Greg Kroah-Hartman Date: Fri, 17 Jul 2009 20:34:26 +0000 (-0700) Subject: start 2.6.30.2 review cycle X-Git-Tag: v2.6.30.2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=71084f4b7dd27561bcecb735824613c0d1821e2e;p=thirdparty%2Fkernel%2Fstable-queue.git start 2.6.30.2 review cycle --- diff --git a/queue-2.6.30/add-fno-delete-null-pointer-checks-to-gcc-cflags.patch b/review-2.6.30/add-fno-delete-null-pointer-checks-to-gcc-cflags.patch similarity index 100% rename from queue-2.6.30/add-fno-delete-null-pointer-checks-to-gcc-cflags.patch rename to review-2.6.30/add-fno-delete-null-pointer-checks-to-gcc-cflags.patch diff --git a/queue-2.6.30/alpha-fix-percpu-build-breakage.patch b/review-2.6.30/alpha-fix-percpu-build-breakage.patch similarity index 100% rename from queue-2.6.30/alpha-fix-percpu-build-breakage.patch rename to review-2.6.30/alpha-fix-percpu-build-breakage.patch diff --git a/queue-2.6.30/blackfin-fix-accidental-reset-in-some-boot-modes.patch b/review-2.6.30/blackfin-fix-accidental-reset-in-some-boot-modes.patch similarity index 100% rename from queue-2.6.30/blackfin-fix-accidental-reset-in-some-boot-modes.patch rename to review-2.6.30/blackfin-fix-accidental-reset-in-some-boot-modes.patch diff --git a/queue-2.6.30/blackfin-fix-command-line-corruption-with-debug_doublefault.patch b/review-2.6.30/blackfin-fix-command-line-corruption-with-debug_doublefault.patch similarity index 100% rename from queue-2.6.30/blackfin-fix-command-line-corruption-with-debug_doublefault.patch rename to review-2.6.30/blackfin-fix-command-line-corruption-with-debug_doublefault.patch diff --git a/queue-2.6.30/blackfin-fix-deadlock-in-smp-ipi-handler.patch b/review-2.6.30/blackfin-fix-deadlock-in-smp-ipi-handler.patch similarity index 100% rename from queue-2.6.30/blackfin-fix-deadlock-in-smp-ipi-handler.patch rename to review-2.6.30/blackfin-fix-deadlock-in-smp-ipi-handler.patch diff --git a/queue-2.6.30/blackfin-redo-handling-of-bad-irqs.patch b/review-2.6.30/blackfin-redo-handling-of-bad-irqs.patch similarity index 100% rename from queue-2.6.30/blackfin-redo-handling-of-bad-irqs.patch rename to review-2.6.30/blackfin-redo-handling-of-bad-irqs.patch diff --git a/queue-2.6.30/block-restore-barrier-support-for-md-and-probably-other-virtual-devices.patch b/review-2.6.30/block-restore-barrier-support-for-md-and-probably-other-virtual-devices.patch similarity index 100% rename from queue-2.6.30/block-restore-barrier-support-for-md-and-probably-other-virtual-devices.patch rename to review-2.6.30/block-restore-barrier-support-for-md-and-probably-other-virtual-devices.patch diff --git a/queue-2.6.30/dma-debug-fix-off-by-one-error-in-overlap-function.patch b/review-2.6.30/dma-debug-fix-off-by-one-error-in-overlap-function.patch similarity index 100% rename from queue-2.6.30/dma-debug-fix-off-by-one-error-in-overlap-function.patch rename to review-2.6.30/dma-debug-fix-off-by-one-error-in-overlap-function.patch diff --git a/queue-2.6.30/don-t-use-fwrapv-compiler-option-it-s-buggy-in-gcc-4.1.x.patch b/review-2.6.30/don-t-use-fwrapv-compiler-option-it-s-buggy-in-gcc-4.1.x.patch similarity index 100% rename from queue-2.6.30/don-t-use-fwrapv-compiler-option-it-s-buggy-in-gcc-4.1.x.patch rename to review-2.6.30/don-t-use-fwrapv-compiler-option-it-s-buggy-in-gcc-4.1.x.patch diff --git a/queue-2.6.30/fix-iommu-address-space-allocation.patch b/review-2.6.30/fix-iommu-address-space-allocation.patch similarity index 100% rename from queue-2.6.30/fix-iommu-address-space-allocation.patch rename to review-2.6.30/fix-iommu-address-space-allocation.patch diff --git a/queue-2.6.30/fix-pci_unmap_addr-et-al-on-i386.patch b/review-2.6.30/fix-pci_unmap_addr-et-al-on-i386.patch similarity index 100% rename from queue-2.6.30/fix-pci_unmap_addr-et-al-on-i386.patch rename to review-2.6.30/fix-pci_unmap_addr-et-al-on-i386.patch diff --git a/queue-2.6.30/floppy-fix-lock-imbalance.patch b/review-2.6.30/floppy-fix-lock-imbalance.patch similarity index 100% rename from queue-2.6.30/floppy-fix-lock-imbalance.patch rename to review-2.6.30/floppy-fix-lock-imbalance.patch diff --git a/queue-2.6.30/fuse-fix-bad-return-value-in-fuse_file_poll.patch b/review-2.6.30/fuse-fix-bad-return-value-in-fuse_file_poll.patch similarity index 100% rename from queue-2.6.30/fuse-fix-bad-return-value-in-fuse_file_poll.patch rename to review-2.6.30/fuse-fix-bad-return-value-in-fuse_file_poll.patch diff --git a/queue-2.6.30/fuse-fix-return-value-of-fuse_dev_write.patch b/review-2.6.30/fuse-fix-return-value-of-fuse_dev_write.patch similarity index 100% rename from queue-2.6.30/fuse-fix-return-value-of-fuse_dev_write.patch rename to review-2.6.30/fuse-fix-return-value-of-fuse_dev_write.patch diff --git a/queue-2.6.30/futex-fix-the-write-access-fault-problem-for-real.patch b/review-2.6.30/futex-fix-the-write-access-fault-problem-for-real.patch similarity index 100% rename from queue-2.6.30/futex-fix-the-write-access-fault-problem-for-real.patch rename to review-2.6.30/futex-fix-the-write-access-fault-problem-for-real.patch diff --git a/queue-2.6.30/futexes-fix-infinite-loop-in-get_futex_key-on-huge-page.patch b/review-2.6.30/futexes-fix-infinite-loop-in-get_futex_key-on-huge-page.patch similarity index 100% rename from queue-2.6.30/futexes-fix-infinite-loop-in-get_futex_key-on-huge-page.patch rename to review-2.6.30/futexes-fix-infinite-loop-in-get_futex_key-on-huge-page.patch diff --git a/queue-2.6.30/kernel-resource.c-fix-sign-extension-in-reserve_setup.patch b/review-2.6.30/kernel-resource.c-fix-sign-extension-in-reserve_setup.patch similarity index 100% rename from queue-2.6.30/kernel-resource.c-fix-sign-extension-in-reserve_setup.patch rename to review-2.6.30/kernel-resource.c-fix-sign-extension-in-reserve_setup.patch diff --git a/review-2.6.30/mbox b/review-2.6.30/mbox new file mode 100644 index 00000000000..e2b320cd8dd --- /dev/null +++ b/review-2.6.30/mbox @@ -0,0 +1,1910 @@ +From gregkh@mini.kroah.org Fri Jul 17 13:12:28 2009 +Message-Id: <20090717201227.992856604@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:52 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Eugene Teo , + Eric Paris , + Wang Cong +Subject: [patch 01/24] Add -fno-delete-null-pointer-checks to gcc CFLAGS +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=add-fno-delete-null-pointer-checks-to-gcc-cflags.patch +Content-Length: 1852 +Lines: 59 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Eugene Teo + +commit a3ca86aea507904148870946d599e07a340b39bf upstream. + +Turning on this flag could prevent the compiler from optimising away +some "useless" checks for null pointers. Such bugs can sometimes become +exploitable at compile time because of the -O2 optimisation. + +See http://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Optimize-Options.html + +An example that clearly shows this 'problem' is commit 6bf67672. + + static void __devexit agnx_pci_remove(struct pci_dev *pdev) + { + struct ieee80211_hw *dev = pci_get_drvdata(pdev); +- struct agnx_priv *priv = dev->priv; ++ struct agnx_priv *priv; + AGNX_TRACE; + + if (!dev) + return; ++ priv = dev->priv; + +By reverting this patch, and compile it with and without +-fno-delete-null-pointer-checks flag, we can see that the check for dev +is compiled away. + + call printk # +- testq %r12, %r12 # dev +- je .L94 #, + movq %r12, %rdi # dev, + +Clearly the 'fix' is to stop using dev before it is tested, but building +with -fno-delete-null-pointer-checks flag at least makes it harder to +abuse. + +Signed-off-by: Eugene Teo +Acked-by: Eric Paris +Acked-by: Wang Cong +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/Makefile ++++ b/Makefile +@@ -351,7 +351,8 @@ KBUILD_CPPFLAGS := -D__KERNEL__ + + KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ + -fno-strict-aliasing -fno-common \ +- -Werror-implicit-function-declaration ++ -Werror-implicit-function-declaration \ ++ -fno-delete-null-pointer-checks + KBUILD_AFLAGS := -D__ASSEMBLY__ + + # Read KERNELRELEASE from include/config/kernel.release (if it exists) + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:28 2009 +Message-Id: <20090717201228.282566328@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:53 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Christoph Lameter , + Eric Paris , + James Morris +Subject: [patch 02/24] security: use mmap_min_addr indepedently of security models +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=security-use-mmap_min_addr-indepedently-of-security-models.patch +Content-Length: 5138 +Lines: 155 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Christoph Lameter + +commit e0a94c2a63f2644826069044649669b5e7ca75d3 upstream. + +This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY. +It also sets a default mmap_min_addr of 4096. + +mmapping of addresses below 4096 will only be possible for processes +with CAP_SYS_RAWIO. + +Signed-off-by: Christoph Lameter +Acked-by: Eric Paris +Looks-ok-by: Linus Torvalds +Signed-off-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/mm.h | 2 -- + include/linux/security.h | 2 ++ + kernel/sysctl.c | 2 -- + mm/Kconfig | 19 +++++++++++++++++++ + mm/mmap.c | 3 +++ + security/Kconfig | 22 +--------------------- + security/security.c | 3 --- + 7 files changed, 25 insertions(+), 28 deletions(-) + +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -580,12 +580,10 @@ static inline void set_page_links(struct + */ + static inline unsigned long round_hint_to_min(unsigned long hint) + { +-#ifdef CONFIG_SECURITY + hint &= PAGE_MASK; + if (((void *)hint != NULL) && + (hint < mmap_min_addr)) + return PAGE_ALIGN(mmap_min_addr); +-#endif + return hint; + } + +--- a/include/linux/security.h ++++ b/include/linux/security.h +@@ -2197,6 +2197,8 @@ static inline int security_file_mmap(str + unsigned long addr, + unsigned long addr_only) + { ++ if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) ++ return -EACCES; + return 0; + } + +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -1225,7 +1225,6 @@ static struct ctl_table vm_table[] = { + .strategy = &sysctl_jiffies, + }, + #endif +-#ifdef CONFIG_SECURITY + { + .ctl_name = CTL_UNNUMBERED, + .procname = "mmap_min_addr", +@@ -1234,7 +1233,6 @@ static struct ctl_table vm_table[] = { + .mode = 0644, + .proc_handler = &proc_doulongvec_minmax, + }, +-#endif + #ifdef CONFIG_NUMA + { + .ctl_name = CTL_UNNUMBERED, +--- a/mm/Kconfig ++++ b/mm/Kconfig +@@ -226,6 +226,25 @@ config HAVE_MLOCKED_PAGE_BIT + config MMU_NOTIFIER + bool + ++config DEFAULT_MMAP_MIN_ADDR ++ int "Low address space to protect from user allocation" ++ default 4096 ++ help ++ This is the portion of low virtual memory which should be protected ++ from userspace allocation. Keeping a user from writing to low pages ++ can help reduce the impact of kernel NULL pointer bugs. ++ ++ For most ia64, ppc64 and x86 users with lots of address space ++ a value of 65536 is reasonable and should cause no problems. ++ On arm and other archs it should not be higher than 32768. ++ Programs which use vm86 functionality would either need additional ++ permissions from either the LSM or the capabilities module or have ++ this protection disabled. ++ ++ This value can be changed after boot using the ++ /proc/sys/vm/mmap_min_addr tunable. ++ ++ + config NOMMU_INITIAL_TRIM_EXCESS + int "Turn on mmap() excess space trimming before booting" + depends on !MMU +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -87,6 +87,9 @@ int sysctl_overcommit_ratio = 50; /* def + int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; + struct percpu_counter vm_committed_as; + ++/* amount of vm to protect from userspace access */ ++unsigned long mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR; ++ + /* + * Check that a process has enough memory to allocate a new virtual + * mapping. 0 means there is enough memory for the allocation to +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -110,28 +110,8 @@ config SECURITY_ROOTPLUG + + See for + more information about this module. +- +- If you are unsure how to answer this question, answer N. +- +-config SECURITY_DEFAULT_MMAP_MIN_ADDR +- int "Low address space to protect from user allocation" +- depends on SECURITY +- default 0 +- help +- This is the portion of low virtual memory which should be protected +- from userspace allocation. Keeping a user from writing to low pages +- can help reduce the impact of kernel NULL pointer bugs. +- +- For most ia64, ppc64 and x86 users with lots of address space +- a value of 65536 is reasonable and should cause no problems. +- On arm and other archs it should not be higher than 32768. +- Programs which use vm86 functionality would either need additional +- permissions from either the LSM or the capabilities module or have +- this protection disabled. +- +- This value can be changed after boot using the +- /proc/sys/vm/mmap_min_addr tunable. + ++ If you are unsure how to answer this question, answer N. + + source security/selinux/Kconfig + source security/smack/Kconfig +--- a/security/security.c ++++ b/security/security.c +@@ -26,9 +26,6 @@ extern void security_fixup_ops(struct se + + struct security_operations *security_ops; /* Initialized to NULL */ + +-/* amount of vm to protect from userspace access */ +-unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR; +- + static inline int verify(struct security_operations *ops) + { + /* verify the security_operations structure exists */ + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:29 2009 +Message-Id: <20090717201228.781324899@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:54 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Mariusz Kozlowski , + "David S. Miller" +Subject: [patch 03/24] tun/tap: Fix crashes if open() /dev/net/tun and then poll() it. (CVE-2009-1897) +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=tun-tap-fix-crashes-if-open-dev-net-tun-and-then-poll-it.patch +Content-Length: 1164 +Lines: 43 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Mariusz Kozlowski + +commit 3c8a9c63d5fd738c261bd0ceece04d9c8357ca13 upstream. + +Fix NULL pointer dereference in tun_chr_pool() introduced by commit +33dccbb050bbe35b88ca8cf1228dcf3e4d4b3554 ("tun: Limit amount of queued +packets per device") and triggered by this code: + + int fd; + struct pollfd pfd; + fd = open("/dev/net/tun", O_RDWR); + pfd.fd = fd; + pfd.events = POLLIN | POLLOUT; + poll(&pfd, 1, 0); + +Reported-by: Eugene Kapun +Signed-off-by: Mariusz Kozlowski +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/tun.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -486,12 +486,14 @@ static unsigned int tun_chr_poll(struct + { + struct tun_file *tfile = file->private_data; + struct tun_struct *tun = __tun_get(tfile); +- struct sock *sk = tun->sk; ++ struct sock *sk; + unsigned int mask = 0; + + if (!tun) + return POLLERR; + ++ sk = tun->sk; ++ + DBG(KERN_INFO "%s: tun_chr_poll\n", tun->dev->name); + + poll_wait(file, &tun->socket.wait, wait); + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:29 2009 +Message-Id: <20090717201229.027381107@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:55 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Julien Tinnes , + Tavis Ormandy , + Christoph Hellwig , + Kees Cook , + Eugene Teo +Subject: [patch 04/24] personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895) +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=personality-fix-per_clear_on_setid.patch +Content-Length: 2093 +Lines: 53 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Julien Tinnes + +commit f9fabcb58a6d26d6efde842d1703ac7cfa9427b6 upstream. + +We have found that the current PER_CLEAR_ON_SETID mask on Linux doesn't +include neither ADDR_COMPAT_LAYOUT, nor MMAP_PAGE_ZERO. + +The current mask is READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE. + +We believe it is important to add MMAP_PAGE_ZERO, because by using this +personality it is possible to have the first page mapped inside a +process running as setuid root. This could be used in those scenarios: + + - Exploiting a NULL pointer dereference issue in a setuid root binary + - Bypassing the mmap_min_addr restrictions of the Linux kernel: by + running a setuid binary that would drop privileges before giving us + control back (for instance by loading a user-supplied library), we + could get the first page mapped in a process we control. By further + using mremap and mprotect on this mapping, we can then completely + bypass the mmap_min_addr restrictions. + +Less importantly, we believe ADDR_COMPAT_LAYOUT should also be added +since on x86 32bits it will in practice disable most of the address +space layout randomization (only the stack will remain randomized). + +Signed-off-by: Julien Tinnes +Signed-off-by: Tavis Ormandy +Acked-by: Christoph Hellwig +Acked-by: Kees Cook +Acked-by: Eugene Teo +[ Shortened lines and fixed whitespace as per Christophs' suggestion ] +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/personality.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/include/linux/personality.h ++++ b/include/linux/personality.h +@@ -40,7 +40,10 @@ enum { + * Security-relevant compatibility flags that must be + * cleared upon setuid or setgid exec: + */ +-#define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE) ++#define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC | \ ++ ADDR_NO_RANDOMIZE | \ ++ ADDR_COMPAT_LAYOUT | \ ++ MMAP_PAGE_ZERO) + + /* + * Personality types. + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:29 2009 +Message-Id: <20090717201229.279762270@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:56 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Sonic Zhang , + Mike Frysinger +Subject: [patch 05/24] Blackfin: fix accidental reset in some boot modes +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=blackfin-fix-accidental-reset-in-some-boot-modes.patch +Content-Length: 1138 +Lines: 32 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Sonic Zhang + +commit 0de4adfb8c9674fa1572b0ff1371acc94b0be901 upstream. + +We read the SWRST (Software Reset) register to get at the last reset +state, and then we may configure the DOUBLE_FAULT bit to control behavior +when a double fault occurs. But if the lower bits of the register is +already set (like UART boot mode on a BF54x), we inadvertently make the +system reset by writing to the SYSTEM_RESET field at the same time. So +make sure the lower 4 bits are always cleared. + +Signed-off-by: Sonic Zhang +Signed-off-by: Mike Frysinger +Signed-off-by: Greg Kroah-Hartman + +--- + arch/blackfin/kernel/setup.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/blackfin/kernel/setup.c ++++ b/arch/blackfin/kernel/setup.c +@@ -831,7 +831,8 @@ void __init setup_arch(char **cmdline_p) + defined(CONFIG_BF538) || defined(CONFIG_BF539) + _bfin_swrst = bfin_read_SWRST(); + #else +- _bfin_swrst = bfin_read_SYSCR(); ++ /* Clear boot mode field */ ++ _bfin_swrst = bfin_read_SYSCR() & ~0xf; + #endif + + #ifdef CONFIG_DEBUG_DOUBLEFAULT_PRINT + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:30 2009 +Message-Id: <20090717201229.825396140@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:57 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Mike Frysinger +Subject: [patch 06/24] Blackfin: redo handling of bad irqs +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=blackfin-redo-handling-of-bad-irqs.patch +Content-Length: 2885 +Lines: 113 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Mike Frysinger + +commit 26579216f3cdf1ae05f0af8412b444870a167510 upstream. + +With the common IRQ code initializing much more of the irq_desc state, we +can't blindly initialize it ourselves to the local bad_irq state. If we +do, we end up wrongly clobbering many fields. So punt most of the bad irq +code as the common layers will handle the default state, and simply call +handle_bad_irq() directly when the IRQ we are processing is invalid. + +Signed-off-by: Mike Frysinger +Signed-off-by: Greg Kroah-Hartman + +--- + arch/blackfin/kernel/irqchip.c | 50 +++++++++-------------------------------- + 1 file changed, 11 insertions(+), 39 deletions(-) + +--- a/arch/blackfin/kernel/irqchip.c ++++ b/arch/blackfin/kernel/irqchip.c +@@ -38,14 +38,6 @@ + #include + + static atomic_t irq_err_count; +-static spinlock_t irq_controller_lock; +- +-/* +- * Dummy mask/unmask handler +- */ +-void dummy_mask_unmask_irq(unsigned int irq) +-{ +-} + + void ack_bad_irq(unsigned int irq) + { +@@ -53,21 +45,9 @@ void ack_bad_irq(unsigned int irq) + printk(KERN_ERR "IRQ: spurious interrupt %d\n", irq); + } + +-static struct irq_chip bad_chip = { +- .ack = dummy_mask_unmask_irq, +- .mask = dummy_mask_unmask_irq, +- .unmask = dummy_mask_unmask_irq, +-}; +- + static struct irq_desc bad_irq_desc = { +- .status = IRQ_DISABLED, +- .chip = &bad_chip, + .handle_irq = handle_bad_irq, +- .depth = 1, + .lock = __SPIN_LOCK_UNLOCKED(irq_desc->lock), +-#ifdef CONFIG_SMP +- .affinity = CPU_MASK_ALL +-#endif + }; + + #ifdef CONFIG_CPUMASK_OFFSTACK +@@ -117,21 +97,13 @@ __attribute__((l1_text)) + #endif + asmlinkage void asm_do_IRQ(unsigned int irq, struct pt_regs *regs) + { +- struct pt_regs *old_regs; +- struct irq_desc *desc = irq_desc + irq; + #ifndef CONFIG_IPIPE + unsigned short pending, other_ints; + #endif +- old_regs = set_irq_regs(regs); +- +- /* +- * Some hardware gives randomly wrong interrupts. Rather +- * than crashing, do something sensible. +- */ +- if (irq >= NR_IRQS) +- desc = &bad_irq_desc; ++ struct pt_regs *old_regs = set_irq_regs(regs); + + irq_enter(); ++ + #ifdef CONFIG_DEBUG_STACKOVERFLOW + /* Debugging check for stack overflow: is there less than STACK_WARN free? */ + { +@@ -147,7 +119,15 @@ asmlinkage void asm_do_IRQ(unsigned int + } + } + #endif +- generic_handle_irq(irq); ++ ++ /* ++ * Some hardware gives randomly wrong interrupts. Rather ++ * than crashing, do something sensible. ++ */ ++ if (irq >= NR_IRQS) ++ handle_bad_irq(irq, &bad_irq_desc); ++ else ++ generic_handle_irq(irq); + + #ifndef CONFIG_IPIPE + /* +@@ -171,14 +151,6 @@ asmlinkage void asm_do_IRQ(unsigned int + + void __init init_IRQ(void) + { +- struct irq_desc *desc; +- int irq; +- +- spin_lock_init(&irq_controller_lock); +- for (irq = 0, desc = irq_desc; irq < NR_IRQS; irq++, desc++) { +- *desc = bad_irq_desc; +- } +- + init_arch_irq(); + + #ifdef CONFIG_DEBUG_BFIN_HWTRACE_EXPAND + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:30 2009 +Message-Id: <20090717201230.125985614@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:58 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Sonic Zhang , + Mike Frysinger +Subject: [patch 07/24] Blackfin: fix deadlock in SMP IPI handler +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=blackfin-fix-deadlock-in-smp-ipi-handler.patch +Content-Length: 2902 +Lines: 79 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Sonic Zhang + +commit 86f2008bf546af9a434f480710e8d33891616bf5 upstream. + +When a low priority interrupt (like ethernet) is triggered between 2 high +priority IPI messages, a deadlock in disable_irq() is hit by the second +IPI handler. This is because the second IPI message is queued within the +first IPI handler, but the handler doesn't process all messages, and new +ones are inserted rather than appended. So now we process all the pending +messages, and append new ones to the pending list. + +URL: http://blackfin.uclinux.org/gf/tracker/5226 + +Signed-off-by: Sonic Zhang +Signed-off-by: Mike Frysinger +Signed-off-by: Greg Kroah-Hartman + +--- + arch/blackfin/mach-common/smp.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +--- a/arch/blackfin/mach-common/smp.c ++++ b/arch/blackfin/mach-common/smp.c +@@ -139,7 +139,7 @@ static void ipi_call_function(unsigned i + + static irqreturn_t ipi_handler(int irq, void *dev_instance) + { +- struct ipi_message *msg, *mg; ++ struct ipi_message *msg; + struct ipi_message_queue *msg_queue; + unsigned int cpu = smp_processor_id(); + +@@ -149,7 +149,8 @@ static irqreturn_t ipi_handler(int irq, + msg_queue->count++; + + spin_lock(&msg_queue->lock); +- list_for_each_entry_safe(msg, mg, &msg_queue->head, list) { ++ while (!list_empty(&msg_queue->head)) { ++ msg = list_entry(msg_queue->head.next, typeof(*msg), list); + list_del(&msg->list); + switch (msg->type) { + case BFIN_IPI_RESCHEDULE: +@@ -216,7 +217,7 @@ int smp_call_function(void (*func)(void + for_each_cpu_mask(cpu, callmap) { + msg_queue = &per_cpu(ipi_msg_queue, cpu); + spin_lock_irqsave(&msg_queue->lock, flags); +- list_add(&msg->list, &msg_queue->head); ++ list_add_tail(&msg->list, &msg_queue->head); + spin_unlock_irqrestore(&msg_queue->lock, flags); + platform_send_ipi_cpu(cpu); + } +@@ -256,7 +257,7 @@ int smp_call_function_single(int cpuid, + + msg_queue = &per_cpu(ipi_msg_queue, cpu); + spin_lock_irqsave(&msg_queue->lock, flags); +- list_add(&msg->list, &msg_queue->head); ++ list_add_tail(&msg->list, &msg_queue->head); + spin_unlock_irqrestore(&msg_queue->lock, flags); + platform_send_ipi_cpu(cpu); + +@@ -287,7 +288,7 @@ void smp_send_reschedule(int cpu) + + msg_queue = &per_cpu(ipi_msg_queue, cpu); + spin_lock_irqsave(&msg_queue->lock, flags); +- list_add(&msg->list, &msg_queue->head); ++ list_add_tail(&msg->list, &msg_queue->head); + spin_unlock_irqrestore(&msg_queue->lock, flags); + platform_send_ipi_cpu(cpu); + +@@ -315,7 +316,7 @@ void smp_send_stop(void) + for_each_cpu_mask(cpu, callmap) { + msg_queue = &per_cpu(ipi_msg_queue, cpu); + spin_lock_irqsave(&msg_queue->lock, flags); +- list_add(&msg->list, &msg_queue->head); ++ list_add_tail(&msg->list, &msg_queue->head); + spin_unlock_irqrestore(&msg_queue->lock, flags); + platform_send_ipi_cpu(cpu); + } + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:30 2009 +Message-Id: <20090717201230.590698517@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:08:59 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Mike Frysinger +Subject: [patch 08/24] Blackfin: fix command line corruption with DEBUG_DOUBLEFAULT +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=blackfin-fix-command-line-corruption-with-debug_doublefault.patch +Content-Length: 1308 +Lines: 52 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Mike Frysinger + +commit 37082511f06108129bd5f96d625a6fae2d5a4ab4 upstream. + +Commit 6b3087c6 (which introduced Blackfin SMP) broke command line passing +when the DEBUG_DOUBLEFAULT config option was enabled. Switch the code to +using a scratch register and not R7 which holds the command line. + +Signed-off-by: Mike Frysinger +Signed-off-by: Greg Kroah-Hartman + +--- + arch/blackfin/mach-common/head.S | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/arch/blackfin/mach-common/head.S ++++ b/arch/blackfin/mach-common/head.S +@@ -126,25 +126,25 @@ ENTRY(__start) + * below + */ + GET_PDA(p0, r0); +- r7 = [p0 + PDA_RETX]; ++ r6 = [p0 + PDA_RETX]; + p1.l = _init_saved_retx; + p1.h = _init_saved_retx; +- [p1] = r7; ++ [p1] = r6; + +- r7 = [p0 + PDA_DCPLB]; ++ r6 = [p0 + PDA_DCPLB]; + p1.l = _init_saved_dcplb_fault_addr; + p1.h = _init_saved_dcplb_fault_addr; +- [p1] = r7; ++ [p1] = r6; + +- r7 = [p0 + PDA_ICPLB]; ++ r6 = [p0 + PDA_ICPLB]; + p1.l = _init_saved_icplb_fault_addr; + p1.h = _init_saved_icplb_fault_addr; +- [p1] = r7; ++ [p1] = r6; + +- r7 = [p0 + PDA_SEQSTAT]; ++ r6 = [p0 + PDA_SEQSTAT]; + p1.l = _init_saved_seqstat; + p1.h = _init_saved_seqstat; +- [p1] = r7; ++ [p1] = r6; + #endif + + /* Initialize stack pointer */ + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:31 2009 +Message-Id: <20090717201231.001369907@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:00 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Greg KH +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Thomas Gleixner +Subject: [patch 09/24] futex: Fix the write access fault problem for real +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=futex-fix-the-write-access-fault-problem-for-real.patch +Content-Length: 4095 +Lines: 133 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Thomas Gleixner + +commit d0725992c8a6fb63a16bc9e8b2a50094cc4db3cd and aa715284b4d28cabde6c25c568d769a6be712bc8 upstream + +commit 64d1304a64 (futex: setup writeable mapping for futex ops which +modify user space data) did address only half of the problem of write +access faults. + +The patch was made on two wrong assumptions: + +1) access_ok(VERIFY_WRITE,...) would actually check write access. + + On x86 it does _NOT_. It's a pure address range check. + +2) a RW mapped region can not go away under us. + + That's wrong as well. Nobody can prevent another thread to call + mprotect(PROT_READ) on that region where the futex resides. If that + call hits between the get_user_pages_fast() verification and the + actual write access in the atomic region we are toast again. + +The solution is to not rely on access_ok and get_user() for any write +access related fault on private and shared futexes. Instead we need to +fault it in with verification of write access. + +There is no generic non destructive write mechanism which would fault +the user page in trough a #PF, but as we already know that we will +fault we can as well call get_user_pages() directly and avoid the #PF +overhead. + +If get_user_pages() returns -EFAULT we know that we can not fix it +anymore and need to bail out to user space. + +Remove a bunch of confusing comments on this issue as well. + +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/futex.c | 42 +++++++++++++++++++++++------------------- + 1 file changed, 23 insertions(+), 19 deletions(-) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -278,6 +278,25 @@ void put_futex_key(int fshared, union fu + drop_futex_key_refs(key); + } + ++/* ++ * fault_in_user_writeable - fault in user address and verify RW access ++ * @uaddr: pointer to faulting user space address ++ * ++ * Slow path to fixup the fault we just took in the atomic write ++ * access to @uaddr. ++ * ++ * We have no generic implementation of a non destructive write to the ++ * user address. We know that we faulted in the atomic pagefault ++ * disabled section so we can as well avoid the #PF overhead by ++ * calling get_user_pages() right away. ++ */ ++static int fault_in_user_writeable(u32 __user *uaddr) ++{ ++ int ret = get_user_pages(current, current->mm, (unsigned long)uaddr, ++ 1, 1, 0, NULL, NULL); ++ return ret < 0 ? ret : 0; ++} ++ + static u32 cmpxchg_futex_value_locked(u32 __user *uaddr, u32 uval, u32 newval) + { + u32 curval; +@@ -739,7 +758,6 @@ retry: + retry_private: + op_ret = futex_atomic_op_inuser(op, uaddr2); + if (unlikely(op_ret < 0)) { +- u32 dummy; + + double_unlock_hb(hb1, hb2); + +@@ -757,7 +775,7 @@ retry_private: + goto out_put_keys; + } + +- ret = get_user(dummy, uaddr2); ++ ret = fault_in_user_writeable(uaddr2); + if (ret) + goto out_put_keys; + +@@ -1097,7 +1115,7 @@ retry: + handle_fault: + spin_unlock(q->lock_ptr); + +- ret = get_user(uval, uaddr); ++ ret = fault_in_user_writeable(uaddr); + + spin_lock(q->lock_ptr); + +@@ -1552,16 +1570,9 @@ out: + return ret; + + uaddr_faulted: +- /* +- * We have to r/w *(int __user *)uaddr, and we have to modify it +- * atomically. Therefore, if we continue to fault after get_user() +- * below, we need to handle the fault ourselves, while still holding +- * the mmap_sem. This can occur if the uaddr is under contention as +- * we have to drop the mmap_sem in order to call get_user(). +- */ + queue_unlock(&q, hb); + +- ret = get_user(uval, uaddr); ++ ret = fault_in_user_writeable(uaddr); + if (ret) + goto out_put_key; + +@@ -1657,17 +1668,10 @@ out: + return ret; + + pi_faulted: +- /* +- * We have to r/w *(int __user *)uaddr, and we have to modify it +- * atomically. Therefore, if we continue to fault after get_user() +- * below, we need to handle the fault ourselves, while still holding +- * the mmap_sem. This can occur if the uaddr is under contention as +- * we have to drop the mmap_sem in order to call get_user(). +- */ + spin_unlock(&hb->lock); + put_futex_key(fshared, &key); + +- ret = get_user(uval, uaddr); ++ ret = fault_in_user_writeable(uaddr); + if (!ret) + goto retry; + + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:31 2009 +Message-Id: <20090717201231.389120722@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:01 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Sonny Rao , + Thomas Gleixner , + anton@samba.org, + rajamony@us.ibm.com, + speight@us.ibm.com, + mstephen@us.ibm.com, + grimm@us.ibm.com, + mikey@ozlabs.au.ibm.com, + Ingo Molnar +Subject: [patch 10/24] futexes: Fix infinite loop in get_futex_key() on huge page +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=futexes-fix-infinite-loop-in-get_futex_key-on-huge-page.patch +Content-Length: 1113 +Lines: 40 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Sonny Rao + +commit ce2ae53b750abfaa012ce408e93da131a5b5649b upstream. + +get_futex_key() can infinitely loop if it is called on a +virtual address that is within a huge page but not aligned to +the beginning of that page. The call to get_user_pages_fast +will return the struct page for a sub-page within the huge page +and the check for page->mapping will always fail. + +The fix is to call compound_head on the page before checking +that it's mapped. + +Signed-off-by: Sonny Rao +Acked-by: Thomas Gleixner +Cc: anton@samba.org +Cc: rajamony@us.ibm.com +Cc: speight@us.ibm.com +Cc: mstephen@us.ibm.com +Cc: grimm@us.ibm.com +Cc: mikey@ozlabs.au.ibm.com +LKML-Reference: <20090710231313.GA23572@us.ibm.com> +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/futex.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -241,6 +241,7 @@ again: + if (err < 0) + return err; + ++ page = compound_head(page); + lock_page(page); + if (!page->mapping) { + unlock_page(page); + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:32 2009 +Message-Id: <20090717201231.896581307@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:02 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Zhang Rui , + Pierre Ossman , + Jesse Barnes +Subject: [patch 11/24] kernel/resource.c: fix sign extension in reserve_setup() +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=kernel-resource.c-fix-sign-extension-in-reserve_setup.patch +Content-Length: 1127 +Lines: 36 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Zhang Rui + +commit 8bc1ad7dd301b7ca7454013519fa92e8c53655ff upstream. + +When the 32-bit signed quantities get assigned to the u64 resource_size_t, +they are incorrectly sign-extended. + +Addresses http://bugzilla.kernel.org/show_bug.cgi?id=13253 +Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9905 + +Signed-off-by: Zhang Rui +Reported-by: Leann Ogasawara +Cc: Pierre Ossman +Reported-by: +Tested-by: +Cc: Jesse Barnes +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/resource.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/resource.c ++++ b/kernel/resource.c +@@ -787,7 +787,7 @@ static int __init reserve_setup(char *st + static struct resource reserve[MAXRESERVE]; + + for (;;) { +- int io_start, io_num; ++ unsigned int io_start, io_num; + int x = reserved; + + if (get_option (&str, &io_start) != 2) + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:32 2009 +Message-Id: <20090717201232.491501823@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:03 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Tejun Heo , + Ivan Kokshaysky , + Richard Henderson +Subject: [patch 12/24] alpha: fix percpu build breakage +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=alpha-fix-percpu-build-breakage.patch +Content-Length: 3110 +Lines: 88 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Tejun Heo + +commit b01e8dc34379f4ba2f454390e340a025edbaaa7e upstream. + +alpha percpu access requires custom SHIFT_PERCPU_PTR() definition for +modules to work around addressing range limitation. This is done via +generating inline assembly using C preprocessing which forces the +assembler to generate external reference. This happens behind the +compiler's back and makes the compiler think that static percpu variables +in modules are unused. + +This used to be worked around by using __unused attribute for percpu +variables which prevent the compiler from omitting the variable; however, +recent declare/definition attribute unification change broke this as +__used can't be used for declaration. Also, in the process, +PER_CPU_ATTRIBUTES definition in alpha percpu.h got broken. + +This patch adds PER_CPU_DEF_ATTRIBUTES which is only used for definitions +and make alpha use it to add __used for percpu variables in modules. This +also fixes the PER_CPU_ATTRIBUTES double definition bug. + +Signed-off-by: Tejun Heo +Tested-by: maximilian attems +Acked-by: Ivan Kokshaysky +Cc: Richard Henderson +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/alpha/include/asm/percpu.h | 6 +++--- + include/asm-generic/percpu.h | 4 ++++ + include/linux/percpu-defs.h | 3 ++- + 3 files changed, 9 insertions(+), 4 deletions(-) + +--- a/arch/alpha/include/asm/percpu.h ++++ b/arch/alpha/include/asm/percpu.h +@@ -30,7 +30,7 @@ extern unsigned long __per_cpu_offset[NR + + #ifndef MODULE + #define SHIFT_PERCPU_PTR(var, offset) RELOC_HIDE(&per_cpu_var(var), (offset)) +-#define PER_CPU_ATTRIBUTES ++#define PER_CPU_DEF_ATTRIBUTES + #else + /* + * To calculate addresses of locally defined variables, GCC uses 32-bit +@@ -49,7 +49,7 @@ extern unsigned long __per_cpu_offset[NR + : "=&r"(__ptr), "=&r"(tmp_gp)); \ + (typeof(&per_cpu_var(var)))(__ptr + (offset)); }) + +-#define PER_CPU_ATTRIBUTES __used ++#define PER_CPU_DEF_ATTRIBUTES __used + + #endif /* MODULE */ + +@@ -71,7 +71,7 @@ extern unsigned long __per_cpu_offset[NR + #define __get_cpu_var(var) per_cpu_var(var) + #define __raw_get_cpu_var(var) per_cpu_var(var) + +-#define PER_CPU_ATTRIBUTES ++#define PER_CPU_DEF_ATTRIBUTES + + #endif /* SMP */ + +--- a/include/asm-generic/percpu.h ++++ b/include/asm-generic/percpu.h +@@ -97,4 +97,8 @@ extern void setup_per_cpu_areas(void); + #define PER_CPU_ATTRIBUTES + #endif + ++#ifndef PER_CPU_DEF_ATTRIBUTES ++#define PER_CPU_DEF_ATTRIBUTES ++#endif ++ + #endif /* _ASM_GENERIC_PERCPU_H_ */ +--- a/include/linux/percpu-defs.h ++++ b/include/linux/percpu-defs.h +@@ -24,7 +24,8 @@ + + #define DEFINE_PER_CPU_SECTION(type, name, section) \ + __attribute__((__section__(PER_CPU_BASE_SECTION section))) \ +- PER_CPU_ATTRIBUTES __typeof__(type) per_cpu__##name ++ PER_CPU_ATTRIBUTES PER_CPU_DEF_ATTRIBUTES \ ++ __typeof__(type) per_cpu__##name + + /* + * Variant on the per-CPU variable declaration/definition theme used for + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:33 2009 +Message-Id: <20090717201232.906038306@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:04 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Joerg Roedel +Subject: [patch 13/24] dma-debug: fix off-by-one error in overlap function +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=dma-debug-fix-off-by-one-error-in-overlap-function.patch +Content-Length: 879 +Lines: 28 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Joerg Roedel + +commit c79ee4e466dd12347f112e2af306dca35198458f upstream. + +This patch fixes a bug in the overlap function which returned true if +one region ends exactly before the second region begins. This is no +overlap but the function returned true in that case. + +Reported-by: Andrew Randrianasulu +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + lib/dma-debug.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/dma-debug.c ++++ b/lib/dma-debug.c +@@ -599,7 +599,7 @@ static inline bool overlap(void *addr, u + + return ((addr >= start && addr < end) || + (addr2 >= start && addr2 < end) || +- ((addr < start) && (addr2 >= end))); ++ ((addr < start) && (addr2 > end))); + } + + static void check_for_illegal_area(struct device *dev, void *addr, u64 size) + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:33 2009 +Message-Id: <20090717201233.513527878@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:05 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Ken Milmore , + NeilBrown , + Jens Axboe +Subject: [patch 14/24] blocK: Restore barrier support for md and probably other virtual devices. +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=block-restore-barrier-support-for-md-and-probably-other-virtual-devices.patch +Content-Length: 1590 +Lines: 51 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: NeilBrown + +commit db64f680ba4b5c56c4be59f0698000df89ff0281 upstream. + +The next_ordered flag is only meaningful for devices that use __make_request. +So move the test against next_ordered out of generic code and in to +__make_request + +Since this test was added, barriers have not worked on md or any +devices that don't use __make_request and so don't bother to set +next_ordered. (dm explicitly sets something other than +QUEUE_ORDERED_NONE since + commit 99360b4c18f7675b50d283301d46d755affe75fd +but notes in the comments that it is otherwise meaningless). + +Cc: Ken Milmore +Signed-off-by: NeilBrown +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/blk-core.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/block/blk-core.c ++++ b/block/blk-core.c +@@ -1158,6 +1158,11 @@ static int __make_request(struct request + + nr_sectors = bio_sectors(bio); + ++ if (bio_barrier(bio) && bio_has_data(bio) && ++ (q->next_ordered == QUEUE_ORDERED_NONE)) { ++ bio_endio(bio, -EOPNOTSUPP); ++ return 0; ++ } + /* + * low level driver can indicate that it wants pages above a + * certain limit bounced to low memory (ie for highmem, or even +@@ -1461,11 +1466,6 @@ static inline void __generic_make_reques + err = -EOPNOTSUPP; + goto end_io; + } +- if (bio_barrier(bio) && bio_has_data(bio) && +- (q->next_ordered == QUEUE_ORDERED_NONE)) { +- err = -EOPNOTSUPP; +- goto end_io; +- } + + ret = q->make_request_fn(q, bio); + } while (ret); + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:34 2009 +Message-Id: <20090717201234.071675916@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:06 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + NeilBrown +Subject: [patch 15/24] md/raid5: suspend shouldnt affect read requests. +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=md-raid5-suspend-shouldn-t-affect-read-requests.patch +Content-Length: 883 +Lines: 25 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: NeilBrown + +commit a5c308d4d1659b1f4833b863394e3e24cdbdfc6e upstream. + +md allows write to regions on an array to be suspended temporarily. +This allows user-space to participate is aspects of reshape. +In particular, data can be copied with not risk of a race. +We should not be blocking read requests though, so don't. + +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -3702,7 +3702,8 @@ static int make_request(struct request_queue *q, struct bio * bi) + /* FIXME what if we get a false positive because these + * are being updated. + */ +- if (logical_sector >= mddev->suspend_lo && ++ if (bio_data_dir(bi) == WRITE && ++ logical_sector >= mddev->suspend_lo && + logical_sector < mddev->suspend_hi) { + release_stripe(sh); + schedule(); + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:34 2009 +Message-Id: <20090717201234.451772052@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:07 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + NeilBrown +Subject: [patch 16/24] md: fix error path when duplicate name is found on md device creation. +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=md-fix-error-path-when-duplicate-name-is-found-on-md-device-creation.patch +Content-Length: 888 +Lines: 30 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: NeilBrown + +commit 1ec22eb2b4a2e1a763106bce36b11c02eaa84e61 upstream. + +When an md device is created by name (rather than number) we need to +check that the name is not already in use. If this check finds a +duplicate, we return an error without dropping the lock or freeing +the newly create mddev. +This patch fixes that. + +Found-by: Jiri Slaby +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -3876,6 +3876,8 @@ static int md_alloc(dev_t dev, char *nam + if (mddev2->gendisk && + strcmp(mddev2->gendisk->disk_name, name) == 0) { + spin_unlock(&all_mddevs_lock); ++ mutex_unlock(&disks_mutex); ++ mddev_put(mddev); + return -EEXIST; + } + spin_unlock(&all_mddevs_lock); + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:35 2009 +Message-Id: <20090717201235.020571302@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:08 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + NeilBrown +Subject: [patch 17/24] md: avoid dereferencing NULL pointer when accessing suspend_* sysfs attributes. +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=md-avoid-dereferencing-null-pointer-when-accessing-suspend_-sysfs-attributes.patch +Content-Length: 1085 +Lines: 39 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: NeilBrown + +commit b8d966efd9a46a9a35beac50cbff6e30565125ef upstream. + +If we try to modify one of the md/ sysfs files + suspend_lo or suspend_hi +when the array is not active, we dereference a NULL. +Protect against that. + +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -3589,7 +3589,8 @@ suspend_lo_store(mddev_t *mddev, const c + char *e; + unsigned long long new = simple_strtoull(buf, &e, 10); + +- if (mddev->pers->quiesce == NULL) ++ if (mddev->pers == NULL || ++ mddev->pers->quiesce == NULL) + return -EINVAL; + if (buf == e || (*e && *e != '\n')) + return -EINVAL; +@@ -3617,7 +3618,8 @@ suspend_hi_store(mddev_t *mddev, const c + char *e; + unsigned long long new = simple_strtoull(buf, &e, 10); + +- if (mddev->pers->quiesce == NULL) ++ if (mddev->pers == NULL || ++ mddev->pers->quiesce == NULL) + return -EINVAL; + if (buf == e || (*e && *e != '\n')) + return -EINVAL; + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:35 2009 +Message-Id: <20090717201235.532748898@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:09 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + "Eric W. Biederman" , + "David S. Miller" +Subject: [patch 18/24] Revert "ipv4: arp announce, arp_proxy and windows ip conflict verification" +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=revert-ipv4-arp-announce-arp_proxy-and-windows-ip-conflict-verification.patch +Content-Length: 1477 +Lines: 43 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Eric W. Biederman + +commit f8a68e752bc4e39644843403168137663c984524 upstream. + +This reverts commit 73ce7b01b4496a5fbf9caf63033c874be692333f. + +After discovering that we don't listen to gratuitious arps in 2.6.30 +I tracked the failure down to this commit. + +The patch makes absolutely no sense. RFC2131 RFC3927 and RFC5227. +are all in agreement that an arp request with sip == 0 should be used +for the probe (to prevent learning) and an arp request with sip == tip +should be used for the gratitous announcement that people can learn +from. + +It appears the author of the broken patch got those two cases confused +and modified the code to drop all gratuitous arp traffic. Ouch! + +Signed-off-by: Eric W. Biederman +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/arp.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -801,11 +801,8 @@ static int arp_process(struct sk_buff *s + * cache. + */ + +- /* +- * Special case: IPv4 duplicate address detection packet (RFC2131) +- * and Gratuitous ARP/ARP Announce. (RFC3927, Section 2.4) +- */ +- if (sip == 0 || tip == sip) { ++ /* Special case: IPv4 duplicate address detection packet (RFC2131) */ ++ if (sip == 0) { + if (arp->ar_op == htons(ARPOP_REQUEST) && + inet_addr_type(net, tip) == RTN_LOCAL && + !arp_ignore(in_dev, sip, tip)) + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:36 2009 +Message-Id: <20090717201236.180300826@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:10 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Jiri Slaby , + Jens Axboe +Subject: [patch 19/24] floppy: fix lock imbalance +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=floppy-fix-lock-imbalance.patch +Content-Length: 978 +Lines: 33 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Jiri Slaby + +commit 8516a500029890a72622d245f8ed32c4e30969b7 upstream. + +A crappy macro prevents us unlocking on a fail path. + +Expand the macro and unlock appropriatelly. + +Signed-off-by: Jiri Slaby +Cc: Jens Axboe +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/floppy.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -3327,7 +3327,10 @@ static inline int set_geometry(unsigned + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + mutex_lock(&open_lock); +- LOCK_FDC(drive, 1); ++ if (lock_fdc(drive, 1)) { ++ mutex_unlock(&open_lock); ++ return -EINTR; ++ } + floppy_type[type] = *g; + floppy_type[type].name = "user format"; + for (cnt = type << 2; cnt < (type << 2) + 4; cnt++) + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:36 2009 +Message-Id: <20090717201236.713006028@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:11 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + David Woodhouse +Subject: [patch 20/24] Fix pci_unmap_addr() et al on i386. +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=fix-pci_unmap_addr-et-al-on-i386.patch +Content-Length: 1127 +Lines: 33 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: David Woodhouse + +commit 788d84bba47ea3eb377f7a3ae4fd1ee84b84877b upstream. + +We can run a 32-bit kernel on boxes with an IOMMU, so we need +pci_unmap_addr() etc. to work -- without it, drivers will leak mappings. + +To be honest, this whole thing looks like it's more pain than it's +worth; I'm half inclined to remove the no-op #else case altogether. + +But this is the minimal fix, which just does the right thing if +CONFIG_DMAR is set. + +Signed-off-by: David Woodhouse +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/pci.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/include/asm/pci.h ++++ b/arch/x86/include/asm/pci.h +@@ -91,7 +91,7 @@ extern void pci_iommu_alloc(void); + + #define PCI_DMA_BUS_IS_PHYS (dma_ops->is_phys) + +-#if defined(CONFIG_X86_64) || defined(CONFIG_DMA_API_DEBUG) ++#if defined(CONFIG_X86_64) || defined(CONFIG_DMAR) || defined(CONFIG_DMA_API_DEBUG) + + #define DECLARE_PCI_UNMAP_ADDR(ADDR_NAME) \ + dma_addr_t ADDR_NAME; + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:37 2009 +Message-Id: <20090717201237.072896951@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:12 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + David Woodhouse , + mark gross +Subject: [patch 21/24] Fix iommu address space allocation +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=fix-iommu-address-space-allocation.patch +Content-Length: 2426 +Lines: 66 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: David Woodhouse + +commit a15a519ed6e5e644f5a33c213c00b0c1d3cfe683 upstream. + +This fixes kernel.org bug #13584. The IOVA code attempted to optimise +the insertion of new ranges into the rbtree, with the unfortunate result +that some ranges just didn't get inserted into the tree at all. Then +those ranges would be handed out more than once, and things kind of go +downhill from there. + +Introduced after 2.6.25 by ddf02886cbe665d67ca750750196ea5bf524b10b +("PCI: iova RB tree setup tweak"). + +Signed-off-by: David Woodhouse +Cc: mark gross +Cc: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/iova.c | 26 ++++++++++++++++++++++---- + 1 file changed, 22 insertions(+), 4 deletions(-) + +--- a/drivers/pci/iova.c ++++ b/drivers/pci/iova.c +@@ -1,9 +1,19 @@ + /* +- * Copyright (c) 2006, Intel Corporation. ++ * Copyright © 2006-2009, Intel Corporation. + * +- * This file is released under the GPLv2. ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms and conditions of the GNU General Public License, ++ * version 2, as published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for ++ * more details. ++ * ++ * You should have received a copy of the GNU General Public License along with ++ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple ++ * Place - Suite 330, Boston, MA 02111-1307 USA. + * +- * Copyright (C) 2006-2008 Intel Corporation + * Author: Anil S Keshavamurthy + */ + +@@ -123,7 +133,15 @@ move_left: + /* Insert the new_iova into domain rbtree by holding writer lock */ + /* Add new node and rebalance tree. */ + { +- struct rb_node **entry = &((prev)), *parent = NULL; ++ struct rb_node **entry, *parent = NULL; ++ ++ /* If we have 'prev', it's a valid place to start the ++ insertion. Otherwise, start from the root. */ ++ if (prev) ++ entry = &prev; ++ else ++ entry = &iovad->rbroot.rb_node; ++ + /* Figure out where to put new node */ + while (*entry) { + struct iova *this = container_of(*entry, + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:37 2009 +Message-Id: <20090717201237.635913901@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:13 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Miklos Szeredi +Subject: [patch 22/24] fuse: fix bad return value in fuse_file_poll() +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=fuse-fix-bad-return-value-in-fuse_file_poll.patch +Content-Length: 626 +Lines: 26 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Miklos Szeredi + +commit 201fa69a2849536ef2912e8e971ec0b01c04eff4 upstream. + +Fix fuse_file_poll() which returned a -errno value instead of a poll +mask. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -1867,7 +1867,7 @@ static unsigned fuse_file_poll(struct fi + + req = fuse_get_req(fc); + if (IS_ERR(req)) +- return PTR_ERR(req); ++ return POLLERR; + + req->in.h.opcode = FUSE_POLL; + req->in.h.nodeid = get_node_id(inode); + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:38 2009 +Message-Id: <20090717201237.955389551@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:14 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk, + Miklos Szeredi +Subject: [patch 23/24] fuse: fix return value of fuse_dev_write() +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=fuse-fix-return-value-of-fuse_dev_write.patch +Content-Length: 981 +Lines: 31 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Csaba Henk + +commit b4c458b3a23d76936e76678f2074b1528f129f7a upstream. + +On 64 bit systems -- where sizeof(ssize_t) > sizeof(int) -- the following test +exposes a bug due to a non-careful return of an int or unsigned value: + +implement a FUSE filesystem which sends an unsolicited notification to +the kernel with invalid opcode. The respective write to /dev/fuse +will return (1 << 32) - EINVAL with errno == 0 instead of -1 with +errno == EINVAL. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/dev.c ++++ b/fs/fuse/dev.c +@@ -904,7 +904,7 @@ static ssize_t fuse_dev_write(struct kio + unsigned long nr_segs, loff_t pos) + { + int err; +- unsigned nbytes = iov_length(iov, nr_segs); ++ size_t nbytes = iov_length(iov, nr_segs); + struct fuse_req *req; + struct fuse_out_header oh; + struct fuse_copy_state cs; + + +From gregkh@mini.kroah.org Fri Jul 17 13:12:38 2009 +Message-Id: <20090717201238.142701426@mini.kroah.org> +User-Agent: quilt/0.48-1 +Date: Fri, 17 Jul 2009 13:09:15 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: stable-review@kernel.org, + torvalds@linux-foundation.org, + akpm@linux-foundation.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 24/24] Dont use -fwrapv compiler option: its buggy in gcc-4.1.x +References: <20090717200851.907421303@mini.kroah.org> +Content-Disposition: inline; filename=don-t-use-fwrapv-compiler-option-it-s-buggy-in-gcc-4.1.x.patch +Content-Length: 1581 +Lines: 41 + +2.6.30-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Linus Torvalds + +commit a137802ee839ace40079bebde24cfb416f73208a upstream. + +This causes kernel images that don't run init to completion with certain +broken gcc versions. + +This fixes kernel bugzilla entry: + http://bugzilla.kernel.org/show_bug.cgi?id=13012 + +I suspect the gcc problem is this: + http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28230 + +Fix the problem by using the -fno-strict-overflow flag instead, which +not only does not exist in the known-to-be-broken versions of gcc (it +was introduced later than fwrapv), but seems to be much less disturbing +to gcc too: the difference in the generated code by -fno-strict-overflow +are smaller (compared to using neither flag) than when using -fwrapv. + +Reported-by: Barry K. Nathan +Pushed-by: Frans Pop +Cc: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Makefile ++++ b/Makefile +@@ -574,7 +574,7 @@ KBUILD_CFLAGS += $(call cc-option,-Wdecl + KBUILD_CFLAGS += $(call cc-option,-Wno-pointer-sign,) + + # disable invalid "can't wrap" optimizations for signed / pointers +-KBUILD_CFLAGS += $(call cc-option,-fwrapv) ++KBUILD_CFLAGS += $(call cc-option,-fno-strict-overflow) + + # revert to pre-gcc-4.4 behaviour of .eh_frame + KBUILD_CFLAGS += $(call cc-option,-fno-dwarf2-cfi-asm) + + diff --git a/queue-2.6.30/md-avoid-dereferencing-null-pointer-when-accessing-suspend_-sysfs-attributes.patch b/review-2.6.30/md-avoid-dereferencing-null-pointer-when-accessing-suspend_-sysfs-attributes.patch similarity index 100% rename from queue-2.6.30/md-avoid-dereferencing-null-pointer-when-accessing-suspend_-sysfs-attributes.patch rename to review-2.6.30/md-avoid-dereferencing-null-pointer-when-accessing-suspend_-sysfs-attributes.patch diff --git a/queue-2.6.30/md-fix-error-path-when-duplicate-name-is-found-on-md-device-creation.patch b/review-2.6.30/md-fix-error-path-when-duplicate-name-is-found-on-md-device-creation.patch similarity index 100% rename from queue-2.6.30/md-fix-error-path-when-duplicate-name-is-found-on-md-device-creation.patch rename to review-2.6.30/md-fix-error-path-when-duplicate-name-is-found-on-md-device-creation.patch diff --git a/queue-2.6.30/md-raid5-suspend-shouldn-t-affect-read-requests.patch b/review-2.6.30/md-raid5-suspend-shouldn-t-affect-read-requests.patch similarity index 100% rename from queue-2.6.30/md-raid5-suspend-shouldn-t-affect-read-requests.patch rename to review-2.6.30/md-raid5-suspend-shouldn-t-affect-read-requests.patch diff --git a/queue-2.6.30/personality-fix-per_clear_on_setid.patch b/review-2.6.30/personality-fix-per_clear_on_setid.patch similarity index 100% rename from queue-2.6.30/personality-fix-per_clear_on_setid.patch rename to review-2.6.30/personality-fix-per_clear_on_setid.patch diff --git a/queue-2.6.30/revert-ipv4-arp-announce-arp_proxy-and-windows-ip-conflict-verification.patch b/review-2.6.30/revert-ipv4-arp-announce-arp_proxy-and-windows-ip-conflict-verification.patch similarity index 100% rename from queue-2.6.30/revert-ipv4-arp-announce-arp_proxy-and-windows-ip-conflict-verification.patch rename to review-2.6.30/revert-ipv4-arp-announce-arp_proxy-and-windows-ip-conflict-verification.patch diff --git a/queue-2.6.30/security-use-mmap_min_addr-indepedently-of-security-models.patch b/review-2.6.30/security-use-mmap_min_addr-indepedently-of-security-models.patch similarity index 100% rename from queue-2.6.30/security-use-mmap_min_addr-indepedently-of-security-models.patch rename to review-2.6.30/security-use-mmap_min_addr-indepedently-of-security-models.patch diff --git a/queue-2.6.30/series b/review-2.6.30/series similarity index 100% rename from queue-2.6.30/series rename to review-2.6.30/series diff --git a/queue-2.6.30/tun-tap-fix-crashes-if-open-dev-net-tun-and-then-poll-it.patch b/review-2.6.30/tun-tap-fix-crashes-if-open-dev-net-tun-and-then-poll-it.patch similarity index 100% rename from queue-2.6.30/tun-tap-fix-crashes-if-open-dev-net-tun-and-then-poll-it.patch rename to review-2.6.30/tun-tap-fix-crashes-if-open-dev-net-tun-and-then-poll-it.patch