From: Greg Kroah-Hartman Date: Thu, 24 May 2012 17:13:18 +0000 (+0900) Subject: 3.0-stable patches X-Git-Tag: v3.0.33~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c525806a717c5cf33f1378b96152b84b9c97c10;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: cfg80211-warn-if-db.txt-is-empty-with-config_cfg80211_internal_regdb.patch drivers-staging-comedi-comedi_fops.c-add-missing-vfree.patch fix-blocking-allocations-called-very-early-during-bootup.patch ib-core-fix-mismatch-between-locked-and-pinned-pages.patch keys-use-the-compat-keyctl-syscall-wrapper-on-sparc64-for-sparc32-compat.patch perf-x86-update-event-scheduling-constraints-for-amd-family-15h-models.patch rdma-cxgb4-drop-peer_abort-when-no-endpoint-found.patch s390-pfault-fix-task-state-race.patch scsi-mpt2sas-fix-for-panic-happening-because-of-improper-memory-allocation.patch selinux-if-sel_make_bools-errors-don-t-leave-inconsistent-state.patch --- diff --git a/queue-3.0/cfg80211-warn-if-db.txt-is-empty-with-config_cfg80211_internal_regdb.patch b/queue-3.0/cfg80211-warn-if-db.txt-is-empty-with-config_cfg80211_internal_regdb.patch new file mode 100644 index 00000000000..0e3a502431b --- /dev/null +++ b/queue-3.0/cfg80211-warn-if-db.txt-is-empty-with-config_cfg80211_internal_regdb.patch @@ -0,0 +1,83 @@ +From 80007efeff0568375b08faf93c7aad65602cb97e Mon Sep 17 00:00:00 2001 +From: "Luis R. Rodriguez" +Date: Fri, 23 Mar 2012 07:23:31 -0700 +Subject: cfg80211: warn if db.txt is empty with CONFIG_CFG80211_INTERNAL_REGDB + +From: "Luis R. Rodriguez" + +commit 80007efeff0568375b08faf93c7aad65602cb97e upstream. + +It has happened twice now where elaborate troubleshooting has +undergone on systems where CONFIG_CFG80211_INTERNAL_REGDB [0] +has been set but yet net/wireless/db.txt was not updated. + +Despite the documentation on this it seems system integrators could +use some more help with this, so throw out a kernel warning at boot time +when their database is empty. + +This does mean that the error-prone system integrator won't likely +realize the issue until they boot the machine but -- it does not seem +to make sense to enable a build bug breaking random build testing. + +[0] http://wireless.kernel.org/en/developers/Regulatory/CRDA#CONFIG_CFG80211_INTERNAL_REGDB + +Cc: Stephen Rothwell +Cc: Youngsin Lee +Cc: Raja Mani +Cc: Senthil Kumar Balasubramanian +Cc: Vipin Mehta +Cc: yahuan@qca.qualcomm.com +Cc: jjan@qca.qualcomm.com +Cc: vthiagar@qca.qualcomm.com +Cc: henrykim@qualcomm.com +Cc: jouni@qca.qualcomm.com +Cc: athiruve@qca.qualcomm.com +Cc: cjkim@qualcomm.com +Cc: philipk@qca.qualcomm.com +Cc: sunnykim@qualcomm.com +Cc: sskwak@qualcomm.com +Cc: kkim@qualcomm.com +Cc: mattbyun@qualcomm.com +Cc: ryanlee@qualcomm.com +Cc: simbap@qualcomm.com +Cc: krislee@qualcomm.com +Cc: conner@qualcomm.com +Cc: hojinkim@qualcomm.com +Cc: honglee@qualcomm.com +Cc: johnwkim@qualcomm.com +Cc: jinyong@qca.qualcomm.com +Signed-off-by: Luis R. Rodriguez +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/reg.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/net/wireless/reg.c ++++ b/net/wireless/reg.c +@@ -379,7 +379,15 @@ static void reg_regdb_query(const char * + + schedule_work(®_regdb_work); + } ++ ++/* Feel free to add any other sanity checks here */ ++static void reg_regdb_size_check(void) ++{ ++ /* We should ideally BUILD_BUG_ON() but then random builds would fail */ ++ WARN_ONCE(!reg_regdb_size, "db.txt is empty, you should update it..."); ++} + #else ++static inline void reg_regdb_size_check(void) {} + static inline void reg_regdb_query(const char *alpha2) {} + #endif /* CONFIG_CFG80211_INTERNAL_REGDB */ + +@@ -2225,6 +2233,8 @@ int __init regulatory_init(void) + spin_lock_init(®_requests_lock); + spin_lock_init(®_pending_beacons_lock); + ++ reg_regdb_size_check(); ++ + cfg80211_regdomain = cfg80211_world_regdom; + + user_alpha2[0] = '9'; diff --git a/queue-3.0/drivers-staging-comedi-comedi_fops.c-add-missing-vfree.patch b/queue-3.0/drivers-staging-comedi-comedi_fops.c-add-missing-vfree.patch new file mode 100644 index 00000000000..9c6ffec68fa --- /dev/null +++ b/queue-3.0/drivers-staging-comedi-comedi_fops.c-add-missing-vfree.patch @@ -0,0 +1,30 @@ +From abae41e6438b798e046d721b6ccdd55b4a398170 Mon Sep 17 00:00:00 2001 +From: Julia Lawall +Date: Sun, 22 Apr 2012 13:37:09 +0200 +Subject: drivers/staging/comedi/comedi_fops.c: add missing vfree + +From: Julia Lawall + +commit abae41e6438b798e046d721b6ccdd55b4a398170 upstream. + +aux_free is freed on all other exits from the function. By removing the +return, we can benefit from the vfree already at the end of the function. + +Signed-off-by: Julia Lawall +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/comedi/comedi_fops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/comedi/comedi_fops.c ++++ b/drivers/staging/comedi/comedi_fops.c +@@ -280,7 +280,7 @@ static int do_devconfig_ioctl(struct com + if (ret == 0) { + if (!try_module_get(dev->driver->module)) { + comedi_device_detach(dev); +- return -ENOSYS; ++ ret = -ENOSYS; + } + } + diff --git a/queue-3.0/fix-blocking-allocations-called-very-early-during-bootup.patch b/queue-3.0/fix-blocking-allocations-called-very-early-during-bootup.patch new file mode 100644 index 00000000000..00b339f67eb --- /dev/null +++ b/queue-3.0/fix-blocking-allocations-called-very-early-during-bootup.patch @@ -0,0 +1,66 @@ +From 31a67102f4762df5544bc2dfb34a931233d2a5b2 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Mon, 21 May 2012 12:52:42 -0700 +Subject: Fix blocking allocations called very early during bootup + +From: Linus Torvalds + +commit 31a67102f4762df5544bc2dfb34a931233d2a5b2 upstream. + +During early boot, when the scheduler hasn't really been fully set up, +we really can't do blocking allocations because with certain (dubious) +configurations the "might_resched()" calls can actually result in +scheduling events. + +We could just make such users always use GFP_ATOMIC, but quite often the +code that does the allocation isn't really aware of the fact that the +scheduler isn't up yet, and forcing that kind of random knowledge on the +initialization code is just annoying and not good for anybody. + +And we actually have a the 'gfp_allowed_mask' exactly for this reason: +it's just that the kernel init sequence happens to set it to allow +blocking allocations much too early. + +So move the 'gfp_allowed_mask' initialization from 'start_kernel()' +(which is some of the earliest init code, and runs with preemption +disabled for good reasons) into 'kernel_init()'. kernel_init() is run +in the newly created thread that will become the 'init' process, as +opposed to the early startup code that runs within the context of what +will be the first idle thread. + +So by the time we reach 'kernel_init()', we know that the scheduler must +be at least limping along, because we've already scheduled from the idle +thread into the init thread. + +Reported-by: Steven Rostedt +Cc: David Rientjes +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + init/main.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/init/main.c ++++ b/init/main.c +@@ -549,9 +549,6 @@ asmlinkage void __init start_kernel(void + early_boot_irqs_disabled = false; + local_irq_enable(); + +- /* Interrupts are enabled now so all GFP allocations are safe. */ +- gfp_allowed_mask = __GFP_BITS_MASK; +- + kmem_cache_init_late(); + + /* +@@ -783,6 +780,10 @@ static int __init kernel_init(void * unu + * Wait until kthreadd is all set-up. + */ + wait_for_completion(&kthreadd_done); ++ ++ /* Now the scheduler is fully set up and can do blocking allocations */ ++ gfp_allowed_mask = __GFP_BITS_MASK; ++ + /* + * init can allocate pages on any node + */ diff --git a/queue-3.0/ib-core-fix-mismatch-between-locked-and-pinned-pages.patch b/queue-3.0/ib-core-fix-mismatch-between-locked-and-pinned-pages.patch new file mode 100644 index 00000000000..157ef2d8956 --- /dev/null +++ b/queue-3.0/ib-core-fix-mismatch-between-locked-and-pinned-pages.patch @@ -0,0 +1,35 @@ +From c4870eb874ac16dccef40e1bc7a002c7e9156adc Mon Sep 17 00:00:00 2001 +From: Yishai Hadas +Date: Thu, 10 May 2012 23:28:05 +0300 +Subject: IB/core: Fix mismatch between locked and pinned pages + +From: Yishai Hadas + +commit c4870eb874ac16dccef40e1bc7a002c7e9156adc upstream. + +Commit bc3e53f682d9 ("mm: distinguish between mlocked and pinned +pages") introduced a separate counter for pinned pages and used it in +the IB stack. However, in ib_umem_get() the pinned counter is +incremented, but ib_umem_release() wrongly decrements the locked +counter. Fix this. + +Signed-off-by: Yishai Hadas +Reviewed-by: Christoph Lameter +Signed-off-by: Roland Dreier +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/umem.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/infiniband/core/umem.c ++++ b/drivers/infiniband/core/umem.c +@@ -268,7 +268,7 @@ void ib_umem_release(struct ib_umem *ume + } else + down_write(&mm->mmap_sem); + +- current->mm->locked_vm -= diff; ++ current->mm->pinned_vm -= diff; + up_write(&mm->mmap_sem); + mmput(mm); + kfree(umem); diff --git a/queue-3.0/keys-use-the-compat-keyctl-syscall-wrapper-on-sparc64-for-sparc32-compat.patch b/queue-3.0/keys-use-the-compat-keyctl-syscall-wrapper-on-sparc64-for-sparc32-compat.patch new file mode 100644 index 00000000000..254a036b7a6 --- /dev/null +++ b/queue-3.0/keys-use-the-compat-keyctl-syscall-wrapper-on-sparc64-for-sparc32-compat.patch @@ -0,0 +1,55 @@ +From 45de6767dc51358a188f75dc4ad9dfddb7fb9480 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Fri, 11 May 2012 10:56:56 +0100 +Subject: KEYS: Use the compat keyctl() syscall wrapper on Sparc64 for Sparc32 compat + +From: David Howells + +commit 45de6767dc51358a188f75dc4ad9dfddb7fb9480 upstream. + +Use the 32-bit compat keyctl() syscall wrapper on Sparc64 for Sparc32 binary +compatibility. + +Without this, keyctl(KEYCTL_INSTANTIATE_IOV) is liable to malfunction as it +uses an iovec array read from userspace - though the kernel should survive this +as it checks pointers and sizes anyway. + +I think all the other keyctl() function should just work, provided (a) the top +32-bits of each 64-bit argument register are cleared prior to invoking the +syscall routine, and the 32-bit address space is right at the 0-end of the +64-bit address space. Most of the arguments are 32-bit anyway, and so for +those clearing is not required. + +Signed-off-by: David Howells +cc: sparclinux@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc/Kconfig | 3 +++ + arch/sparc/kernel/systbls_64.S | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +--- a/arch/sparc/Kconfig ++++ b/arch/sparc/Kconfig +@@ -590,6 +590,9 @@ config SYSVIPC_COMPAT + depends on COMPAT && SYSVIPC + default y + ++config KEYS_COMPAT ++ def_bool y if COMPAT && KEYS ++ + endmenu + + source "net/Kconfig" +--- a/arch/sparc/kernel/systbls_64.S ++++ b/arch/sparc/kernel/systbls_64.S +@@ -74,7 +74,7 @@ sys_call_table32: + .word sys_timer_delete, compat_sys_timer_create, sys_ni_syscall, compat_sys_io_setup, sys_io_destroy + /*270*/ .word sys32_io_submit, sys_io_cancel, compat_sys_io_getevents, sys32_mq_open, sys_mq_unlink + .word compat_sys_mq_timedsend, compat_sys_mq_timedreceive, compat_sys_mq_notify, compat_sys_mq_getsetattr, compat_sys_waitid +-/*280*/ .word sys32_tee, sys_add_key, sys_request_key, sys_keyctl, compat_sys_openat ++/*280*/ .word sys32_tee, sys_add_key, sys_request_key, compat_sys_keyctl, compat_sys_openat + .word sys_mkdirat, sys_mknodat, sys_fchownat, compat_sys_futimesat, compat_sys_fstatat64 + /*290*/ .word sys_unlinkat, sys_renameat, sys_linkat, sys_symlinkat, sys_readlinkat + .word sys_fchmodat, sys_faccessat, compat_sys_pselect6, compat_sys_ppoll, sys_unshare diff --git a/queue-3.0/perf-x86-update-event-scheduling-constraints-for-amd-family-15h-models.patch b/queue-3.0/perf-x86-update-event-scheduling-constraints-for-amd-family-15h-models.patch new file mode 100644 index 00000000000..5163b50edc6 --- /dev/null +++ b/queue-3.0/perf-x86-update-event-scheduling-constraints-for-amd-family-15h-models.patch @@ -0,0 +1,59 @@ +From 5bcdf5e4fee3c45e1281c25e4941f2163cb28c65 Mon Sep 17 00:00:00 2001 +From: Robert Richter +Date: Fri, 18 May 2012 12:40:42 +0200 +Subject: perf/x86: Update event scheduling constraints for AMD family 15h models + +From: Robert Richter + +commit 5bcdf5e4fee3c45e1281c25e4941f2163cb28c65 upstream. + +This update is for newer family 15h cpu models from 0x02 to 0x1f. + +Signed-off-by: Robert Richter +Acked-by: Peter Zijlstra +Cc: Stephane Eranian +Link: http://lkml.kernel.org/r/1337337642-1621-1-git-send-email-robert.richter@amd.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/perf_event_amd.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/arch/x86/kernel/cpu/perf_event_amd.c ++++ b/arch/x86/kernel/cpu/perf_event_amd.c +@@ -437,6 +437,7 @@ static __initconst const struct x86_pmu + * 0x023 DE PERF_CTL[2:0] + * 0x02D LS PERF_CTL[3] + * 0x02E LS PERF_CTL[3,0] ++ * 0x031 LS PERF_CTL[2:0] (**) + * 0x043 CU PERF_CTL[2:0] + * 0x045 CU PERF_CTL[2:0] + * 0x046 CU PERF_CTL[2:0] +@@ -450,10 +451,12 @@ static __initconst const struct x86_pmu + * 0x0DD LS PERF_CTL[5:0] + * 0x0DE LS PERF_CTL[5:0] + * 0x0DF LS PERF_CTL[5:0] ++ * 0x1C0 EX PERF_CTL[5:3] + * 0x1D6 EX PERF_CTL[5:0] + * 0x1D8 EX PERF_CTL[5:0] + * +- * (*) depending on the umask all FPU counters may be used ++ * (*) depending on the umask all FPU counters may be used ++ * (**) only one unitmask enabled at a time + */ + + static struct event_constraint amd_f15_PMC0 = EVENT_CONSTRAINT(0, 0x01, 0); +@@ -503,6 +506,12 @@ amd_get_event_constraints_f15h(struct cp + return &amd_f15_PMC3; + case 0x02E: + return &amd_f15_PMC30; ++ case 0x031: ++ if (hweight_long(hwc->config & ARCH_PERFMON_EVENTSEL_UMASK) <= 1) ++ return &amd_f15_PMC20; ++ return &emptyconstraint; ++ case 0x1C0: ++ return &amd_f15_PMC53; + default: + return &amd_f15_PMC50; + } diff --git a/queue-3.0/rdma-cxgb4-drop-peer_abort-when-no-endpoint-found.patch b/queue-3.0/rdma-cxgb4-drop-peer_abort-when-no-endpoint-found.patch new file mode 100644 index 00000000000..f3994c9af95 --- /dev/null +++ b/queue-3.0/rdma-cxgb4-drop-peer_abort-when-no-endpoint-found.patch @@ -0,0 +1,35 @@ +From 14b9222808bb8bfefc71f72bc0dbdcf3b2f0140f Mon Sep 17 00:00:00 2001 +From: Steve Wise +Date: Mon, 30 Apr 2012 15:31:29 -0500 +Subject: RDMA/cxgb4: Drop peer_abort when no endpoint found + +From: Steve Wise + +commit 14b9222808bb8bfefc71f72bc0dbdcf3b2f0140f upstream. + +Log a warning and drop the abort message. Otherwise we will do a +bogus wake_up() and crash. + +Signed-off-by: Steve Wise +Signed-off-by: Roland Dreier +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/cxgb4/cm.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/infiniband/hw/cxgb4/cm.c ++++ b/drivers/infiniband/hw/cxgb4/cm.c +@@ -2316,6 +2316,12 @@ static int peer_abort_intr(struct c4iw_d + unsigned int tid = GET_TID(req); + + ep = lookup_tid(t, tid); ++ if (!ep) { ++ printk(KERN_WARNING MOD ++ "Abort on non-existent endpoint, tid %d\n", tid); ++ kfree_skb(skb); ++ return 0; ++ } + if (is_neg_adv_abort(req->status)) { + PDBG("%s neg_adv_abort ep %p tid %u\n", __func__, ep, + ep->hwtid); diff --git a/queue-3.0/s390-pfault-fix-task-state-race.patch b/queue-3.0/s390-pfault-fix-task-state-race.patch new file mode 100644 index 00000000000..9223933e151 --- /dev/null +++ b/queue-3.0/s390-pfault-fix-task-state-race.patch @@ -0,0 +1,80 @@ +From d5e50a51ccbda36b379aba9d1131a852eb908dda Mon Sep 17 00:00:00 2001 +From: Heiko Carstens +Date: Wed, 9 May 2012 09:37:30 +0200 +Subject: s390/pfault: fix task state race + +From: Heiko Carstens + +commit d5e50a51ccbda36b379aba9d1131a852eb908dda upstream. + +When setting the current task state to TASK_UNINTERRUPTIBLE this can +race with a different cpu. The other cpu could set the task state after +it inspected it (while it was still TASK_RUNNING) to TASK_RUNNING which +would change the state from TASK_UNINTERRUPTIBLE to TASK_RUNNING again. + +This race was always present in the pfault interrupt code but didn't +cause anything harmful before commit f2db2e6c "[S390] pfault: cpu hotplug +vs missing completion interrupts" which relied on the fact that after +setting the task state to TASK_UNINTERRUPTIBLE the task would really +sleep. +Since this is not necessarily the case the result may be a list corruption +of the pfault_list or, as observed, a use-after-free bug while trying to +access the task_struct of a task which terminated itself already. + +To fix this, we need to get a reference of the affected task when receiving +the initial pfault interrupt and add special handling if we receive yet +another initial pfault interrupt when the task is already enqueued in the +pfault list. + +Signed-off-by: Heiko Carstens +Reviewed-by: Martin Schwidefsky +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/mm/fault.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/arch/s390/mm/fault.c ++++ b/arch/s390/mm/fault.c +@@ -567,6 +567,7 @@ static void pfault_interrupt(unsigned in + tsk->thread.pfault_wait = 0; + list_del(&tsk->thread.list); + wake_up_process(tsk); ++ put_task_struct(tsk); + } else { + /* Completion interrupt was faster than initial + * interrupt. Set pfault_wait to -1 so the initial +@@ -576,14 +577,22 @@ static void pfault_interrupt(unsigned in + put_task_struct(tsk); + } else { + /* signal bit not set -> a real page is missing. */ +- if (tsk->thread.pfault_wait == -1) { ++ if (tsk->thread.pfault_wait == 1) { ++ /* Already on the list with a reference: put to sleep */ ++ set_task_state(tsk, TASK_UNINTERRUPTIBLE); ++ set_tsk_need_resched(tsk); ++ } else if (tsk->thread.pfault_wait == -1) { + /* Completion interrupt was faster than the initial + * interrupt (pfault_wait == -1). Set pfault_wait + * back to zero and exit. */ + tsk->thread.pfault_wait = 0; + } else { + /* Initial interrupt arrived before completion +- * interrupt. Let the task sleep. */ ++ * interrupt. Let the task sleep. ++ * An extra task reference is needed since a different ++ * cpu may set the task state to TASK_RUNNING again ++ * before the scheduler is reached. */ ++ get_task_struct(tsk); + tsk->thread.pfault_wait = 1; + list_add(&tsk->thread.list, &pfault_list); + set_task_state(tsk, TASK_UNINTERRUPTIBLE); +@@ -608,6 +617,7 @@ static int __cpuinit pfault_cpu_notify(s + list_del(&thread->list); + tsk = container_of(thread, struct task_struct, thread); + wake_up_process(tsk); ++ put_task_struct(tsk); + } + spin_unlock_irq(&pfault_lock); + break; diff --git a/queue-3.0/scsi-mpt2sas-fix-for-panic-happening-because-of-improper-memory-allocation.patch b/queue-3.0/scsi-mpt2sas-fix-for-panic-happening-because-of-improper-memory-allocation.patch new file mode 100644 index 00000000000..2a54946223c --- /dev/null +++ b/queue-3.0/scsi-mpt2sas-fix-for-panic-happening-because-of-improper-memory-allocation.patch @@ -0,0 +1,57 @@ +From e42fafc25fa86c61824e8d4c5e7582316415d24f Mon Sep 17 00:00:00 2001 +From: "nagalakshmi.nandigama@lsi.com" +Date: Tue, 20 Mar 2012 12:10:01 +0530 +Subject: SCSI: mpt2sas: Fix for panic happening because of improper memory allocation + +From: "nagalakshmi.nandigama@lsi.com" + +commit e42fafc25fa86c61824e8d4c5e7582316415d24f upstream. + +The ioc->pfacts member in the IOC structure is getting set to zero +following a call to _base_get_ioc_facts due to the memset in that routine. +So if the ioc->pfacts was read after a host reset, there would be a NULL +pointer dereference. The routine _base_get_ioc_facts is called from context +of host reset. The problem in _base_get_ioc_facts is the size of +Mpi2IOCFactsReply is 64, whereas the sizeof "struct mpt2sas_facts" is 60, +so there is a four byte overflow resulting from the memset. + +Also, there is memset in _base_get_port_facts using the incorrect structure, +it should be "struct mpt2sas_port_facts" instead of Mpi2PortFactsReply. + +Signed-off-by: Nagalakshmi Nandigama +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/mpt2sas/mpt2sas_base.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/mpt2sas/mpt2sas_base.c ++++ b/drivers/scsi/mpt2sas/mpt2sas_base.c +@@ -3056,7 +3056,7 @@ _base_get_port_facts(struct MPT2SAS_ADAP + } + + pfacts = &ioc->pfacts[port]; +- memset(pfacts, 0, sizeof(Mpi2PortFactsReply_t)); ++ memset(pfacts, 0, sizeof(struct mpt2sas_port_facts)); + pfacts->PortNumber = mpi_reply.PortNumber; + pfacts->VP_ID = mpi_reply.VP_ID; + pfacts->VF_ID = mpi_reply.VF_ID; +@@ -3098,7 +3098,7 @@ _base_get_ioc_facts(struct MPT2SAS_ADAPT + } + + facts = &ioc->facts; +- memset(facts, 0, sizeof(Mpi2IOCFactsReply_t)); ++ memset(facts, 0, sizeof(struct mpt2sas_facts)); + facts->MsgVersion = le16_to_cpu(mpi_reply.MsgVersion); + facts->HeaderVersion = le16_to_cpu(mpi_reply.HeaderVersion); + facts->VP_ID = mpi_reply.VP_ID; +@@ -3779,7 +3779,7 @@ mpt2sas_base_attach(struct MPT2SAS_ADAPT + goto out_free_resources; + + ioc->pfacts = kcalloc(ioc->facts.NumberOfPorts, +- sizeof(Mpi2PortFactsReply_t), GFP_KERNEL); ++ sizeof(struct mpt2sas_port_facts), GFP_KERNEL); + if (!ioc->pfacts) { + r = -ENOMEM; + goto out_free_resources; diff --git a/queue-3.0/selinux-if-sel_make_bools-errors-don-t-leave-inconsistent-state.patch b/queue-3.0/selinux-if-sel_make_bools-errors-don-t-leave-inconsistent-state.patch new file mode 100644 index 00000000000..b2ccbdeb6f9 --- /dev/null +++ b/queue-3.0/selinux-if-sel_make_bools-errors-don-t-leave-inconsistent-state.patch @@ -0,0 +1,31 @@ +From 154c50ca4eb9ae472f50b6a481213e21ead4457d Mon Sep 17 00:00:00 2001 +From: Eric Paris +Date: Wed, 4 Apr 2012 13:47:11 -0400 +Subject: SELinux: if sel_make_bools errors don't leave inconsistent state + +From: Eric Paris + +commit 154c50ca4eb9ae472f50b6a481213e21ead4457d upstream. + +We reset the bool names and values array to NULL, but do not reset the +number of entries in these arrays to 0. If we error out and then get back +into this function we will walk these NULL pointers based on the belief +that they are non-zero length. + +Signed-off-by: Eric Paris +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/selinuxfs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c +@@ -1241,6 +1241,7 @@ static int sel_make_bools(void) + kfree(bool_pending_names[i]); + kfree(bool_pending_names); + kfree(bool_pending_values); ++ bool_num = 0; + bool_pending_names = NULL; + bool_pending_values = NULL; + diff --git a/queue-3.0/series b/queue-3.0/series index 54e8ef14bc9..8183f9e38f4 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -6,3 +6,13 @@ parisc-fix-crash-in-flush_icache_page_asm-on-pa1.1.patch parisc-fix-panic-on-prefetch-null-on-pa7300lc.patch isdn-gigaset-ratelimit-capi-message-dumps.patch vfs-make-aio-use-the-proper-rw_verify_area-area-helpers.patch +cfg80211-warn-if-db.txt-is-empty-with-config_cfg80211_internal_regdb.patch +fix-blocking-allocations-called-very-early-during-bootup.patch +s390-pfault-fix-task-state-race.patch +scsi-mpt2sas-fix-for-panic-happening-because-of-improper-memory-allocation.patch +rdma-cxgb4-drop-peer_abort-when-no-endpoint-found.patch +keys-use-the-compat-keyctl-syscall-wrapper-on-sparc64-for-sparc32-compat.patch +selinux-if-sel_make_bools-errors-don-t-leave-inconsistent-state.patch +ib-core-fix-mismatch-between-locked-and-pinned-pages.patch +drivers-staging-comedi-comedi_fops.c-add-missing-vfree.patch +perf-x86-update-event-scheduling-constraints-for-amd-family-15h-models.patch