From: Greg Kroah-Hartman Date: Mon, 4 May 2009 22:19:21 +0000 (-0700) Subject: more .27 patches X-Git-Tag: v2.6.27.23~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ec8a231fa45f14f65ad3ce1cdc1e19cd02a3c92;p=thirdparty%2Fkernel%2Fstable-queue.git more .27 patches --- diff --git a/queue-2.6.27/acpi-revert-conflicting-workaround-for-bios-w-mangled-prt-entries.patch b/queue-2.6.27/acpi-revert-conflicting-workaround-for-bios-w-mangled-prt-entries.patch new file mode 100644 index 00000000000..ae304b096eb --- /dev/null +++ b/queue-2.6.27/acpi-revert-conflicting-workaround-for-bios-w-mangled-prt-entries.patch @@ -0,0 +1,93 @@ +From lenb@kernel.org Mon May 4 15:16:18 2009 +From: Zhang Rui +From: Len Brown +Date: Fri, 01 May 2009 11:05:56 -0400 (EDT) +Subject: ACPI: Revert conflicting workaround for BIOS w/ mangled PRT entries +To: stable@kernel.org +Cc: linux-acpi@vger.kernel.org, tmb@mandriva.org +Message-ID: + + +From: Zhang Rui + +upstream 82babbb3887e234c995626e4121d411ea9070ca5 +backported to apply cleanly to 2.6.27.21 +and apply with offset -1 to 2.6.28.9 + +2f894ef9c8b36a35d80709bedca276d2fc691941 +in Linux-2.6.21 worked around BIOS with mangled _PRT entries: +http://bugzilla.kernel.org/show_bug.cgi?id=6859 + +d0e184abc5983281ef189db2c759d65d56eb1b80 +worked around the same issue via ACPICA, and shipped in 2.6.27. + +Unfortunately the two workarounds conflict: +http://bugzilla.kernel.org/show_bug.cgi?id=12270 + +So revert the Linux specific one. + +Signed-off-by: Zhang Rui +Signed-off-by: Len Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/resources/rscreate.c | 27 ++------------------------- + 1 file changed, 2 insertions(+), 25 deletions(-) + +--- a/drivers/acpi/resources/rscreate.c ++++ b/drivers/acpi/resources/rscreate.c +@@ -191,8 +191,6 @@ acpi_rs_create_pci_routing_table(union a + user_prt = ACPI_CAST_PTR(struct acpi_pci_routing_table, buffer); + + for (index = 0; index < number_of_elements; index++) { +- int source_name_index = 2; +- int source_index_index = 3; + + /* + * Point user_prt past this current structure +@@ -261,27 +259,6 @@ acpi_rs_create_pci_routing_table(union a + return_ACPI_STATUS(AE_BAD_DATA); + } + +- /* +- * If BIOS erroneously reversed the _PRT source_name and source_index, +- * then reverse them back. +- */ +- if (ACPI_GET_OBJECT_TYPE(sub_object_list[3]) != +- ACPI_TYPE_INTEGER) { +- if (acpi_gbl_enable_interpreter_slack) { +- source_name_index = 3; +- source_index_index = 2; +- printk(KERN_WARNING +- "ACPI: Handling Garbled _PRT entry\n"); +- } else { +- ACPI_ERROR((AE_INFO, +- "(PRT[%X].source_index) Need Integer, found %s", +- index, +- acpi_ut_get_object_type_name +- (sub_object_list[3]))); +- return_ACPI_STATUS(AE_BAD_DATA); +- } +- } +- + user_prt->pin = (u32) obj_desc->integer.value; + + /* +@@ -305,7 +282,7 @@ acpi_rs_create_pci_routing_table(union a + * 3) Third subobject: Dereference the PRT.source_name + * The name may be unresolved (slack mode), so allow a null object + */ +- obj_desc = sub_object_list[source_name_index]; ++ obj_desc = sub_object_list[2]; + if (obj_desc) { + switch (ACPI_GET_OBJECT_TYPE(obj_desc)) { + case ACPI_TYPE_LOCAL_REFERENCE: +@@ -380,7 +357,7 @@ acpi_rs_create_pci_routing_table(union a + + /* 4) Fourth subobject: Dereference the PRT.source_index */ + +- obj_desc = sub_object_list[source_index_index]; ++ obj_desc = sub_object_list[3]; + if (ACPI_GET_OBJECT_TYPE(obj_desc) != ACPI_TYPE_INTEGER) { + ACPI_ERROR((AE_INFO, + "(PRT[%X].SourceIndex) Need Integer, found %s", diff --git a/queue-2.6.27/mips-cve-2009-0029-enable-syscall-wrappers.patch b/queue-2.6.27/mips-cve-2009-0029-enable-syscall-wrappers.patch new file mode 100644 index 00000000000..2827c3528a0 --- /dev/null +++ b/queue-2.6.27/mips-cve-2009-0029-enable-syscall-wrappers.patch @@ -0,0 +1,661 @@ +From dannf@debian.org Mon May 4 15:16:52 2009 +From: dann frazier +Date: Wed, 29 Apr 2009 16:14:58 -0600 +Subject: MIPS: CVE-2009-0029: Enable syscall wrappers +To: Greg KH +Cc: stable@kernel.org, Ralf Baechle +Message-ID: <20090429221458.GM24756@ldl.fc.hp.com> + +From: dann frazier + +Backport of upstream commits by: + Ralf Baechle + Xiaotian Feng + +upstream commits: + dbda6ac0897603f6c6dfadbbc37f9882177ec7ac + d6c178e9694e7e0c7ffe0289cf4389a498cac735 + c189846ecf900cd6b3ad7d3cef5b45a746ce646b + +Signed-off-by: dann frazier +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/Kconfig | 1 + arch/mips/kernel/linux32.c | 69 +++++++++++++++++++++++------------------ + arch/mips/kernel/scall32-o32.S | 4 +- + arch/mips/kernel/scall64-64.S | 2 - + arch/mips/kernel/scall64-n32.S | 28 ++++++++-------- + arch/mips/kernel/scall64-o32.S | 40 +++++++++++------------ + arch/mips/kernel/signal.c | 5 +- + arch/mips/kernel/signal32.c | 28 ++++++++-------- + arch/mips/kernel/syscall.c | 26 +++++++-------- + arch/mips/mm/cache.c | 5 +- + 10 files changed, 110 insertions(+), 98 deletions(-) + +--- a/arch/mips/Kconfig ++++ b/arch/mips/Kconfig +@@ -1293,6 +1293,7 @@ config 32BIT + config 64BIT + bool "64-bit kernel" + depends on CPU_SUPPORTS_64BIT_KERNEL && SYS_SUPPORTS_64BIT_KERNEL ++ select HAVE_SYSCALL_WRAPPERS + help + Select this option if you want to build a 64-bit kernel. + +--- a/arch/mips/kernel/linux32.c ++++ b/arch/mips/kernel/linux32.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -98,9 +99,9 @@ int cp_compat_stat(struct kstat *stat, s + return copy_to_user(statbuf, &tmp, sizeof(tmp)) ? -EFAULT : 0; + } + +-asmlinkage unsigned long +-sys32_mmap2(unsigned long addr, unsigned long len, unsigned long prot, +- unsigned long flags, unsigned long fd, unsigned long pgoff) ++SYSCALL_DEFINE6(32_mmap2, unsigned long, addr, unsigned long, len, ++ unsigned long, prot, unsigned long, flags, unsigned long, fd, ++ unsigned long, pgoff) + { + struct file * file = NULL; + unsigned long error; +@@ -156,14 +157,14 @@ struct rlimit32 { + int rlim_max; + }; + +-asmlinkage long sys32_truncate64(const char __user * path, +- unsigned long __dummy, int a2, int a3) ++SYSCALL_DEFINE4(32_truncate64, const char __user *, path, ++ unsigned long, __dummy, unsigned long, a2, unsigned long, a3) + { + return sys_truncate(path, merge_64(a2, a3)); + } + +-asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long __dummy, +- int a2, int a3) ++SYSCALL_DEFINE4(32_ftruncate64, unsigned long, fd, unsigned long, __dummy, ++ unsigned long, a2, unsigned long, a3) + { + return sys_ftruncate(fd, merge_64(a2, a3)); + } +@@ -234,9 +235,9 @@ sys32_settimeofday(struct compat_timeval + return do_sys_settimeofday(tv ? &kts : NULL, tz ? &ktz : NULL); + } + +-asmlinkage int sys32_llseek(unsigned int fd, unsigned int offset_high, +- unsigned int offset_low, loff_t __user * result, +- unsigned int origin) ++SYSCALL_DEFINE5(32_llseek, unsigned int, fd, unsigned int, offset_high, ++ unsigned int, offset_low, loff_t __user *, result, ++ unsigned int, origin) + { + return sys_llseek(fd, offset_high, offset_low, result, origin); + } +@@ -245,20 +246,20 @@ asmlinkage int sys32_llseek(unsigned int + lseek back to original location. They fail just like lseek does on + non-seekable files. */ + +-asmlinkage ssize_t sys32_pread(unsigned int fd, char __user * buf, +- size_t count, u32 unused, u64 a4, u64 a5) ++SYSCALL_DEFINE6(32_pread, unsigned long, fd, char __user *, buf, size_t, count, ++ unsigned long, unused, unsigned long, a4, unsigned long, a5) + { + return sys_pread64(fd, buf, count, merge_64(a4, a5)); + } + +-asmlinkage ssize_t sys32_pwrite(unsigned int fd, const char __user * buf, +- size_t count, u32 unused, u64 a4, u64 a5) ++SYSCALL_DEFINE6(32_pwrite, unsigned int, fd, const char __user *, buf, ++ size_t, count, u32, unused, u64, a4, u64, a5) + { + return sys_pwrite64(fd, buf, count, merge_64(a4, a5)); + } + +-asmlinkage int sys32_sched_rr_get_interval(compat_pid_t pid, +- struct compat_timespec __user *interval) ++SYSCALL_DEFINE2(32_sched_rr_get_interval, compat_pid_t, pid, ++ struct compat_timespec __user *, interval) + { + struct timespec t; + int ret; +@@ -275,8 +276,8 @@ asmlinkage int sys32_sched_rr_get_interv + + #ifdef CONFIG_SYSVIPC + +-asmlinkage long +-sys32_ipc(u32 call, int first, int second, int third, u32 ptr, u32 fifth) ++SYSCALL_DEFINE6(32_ipc, u32, call, long, first, long, second, long, third, ++ unsigned long, ptr, unsigned long, fifth) + { + int version, err; + +@@ -334,8 +335,8 @@ sys32_ipc(u32 call, int first, int secon + + #else + +-asmlinkage long +-sys32_ipc(u32 call, int first, int second, int third, u32 ptr, u32 fifth) ++SYSCALL_DEFINE6(32_ipc, u32, call, int, first, int, second, int, third, ++ u32, ptr, u32, fifth) + { + return -ENOSYS; + } +@@ -343,7 +344,7 @@ sys32_ipc(u32 call, int first, int secon + #endif /* CONFIG_SYSVIPC */ + + #ifdef CONFIG_MIPS32_N32 +-asmlinkage long sysn32_semctl(int semid, int semnum, int cmd, u32 arg) ++SYSCALL_DEFINE4(n32_semctl, int, semid, int, semnum, int, cmd, u32, arg) + { + /* compat_sys_semctl expects a pointer to union semun */ + u32 __user *uptr = compat_alloc_user_space(sizeof(u32)); +@@ -352,13 +353,14 @@ asmlinkage long sysn32_semctl(int semid, + return compat_sys_semctl(semid, semnum, cmd, uptr); + } + +-asmlinkage long sysn32_msgsnd(int msqid, u32 msgp, unsigned msgsz, int msgflg) ++SYSCALL_DEFINE4(n32_msgsnd, int, msqid, u32, msgp, unsigned int, msgsz, ++ int, msgflg) + { + return compat_sys_msgsnd(msqid, msgsz, msgflg, compat_ptr(msgp)); + } + +-asmlinkage long sysn32_msgrcv(int msqid, u32 msgp, size_t msgsz, int msgtyp, +- int msgflg) ++SYSCALL_DEFINE5(n32_msgrcv, int, msqid, u32, msgp, size_t, msgsz, ++ int, msgtyp, int, msgflg) + { + return compat_sys_msgrcv(msqid, msgsz, msgtyp, msgflg, IPC_64, + compat_ptr(msgp)); +@@ -378,7 +380,7 @@ struct sysctl_args32 + + #ifdef CONFIG_SYSCTL_SYSCALL + +-asmlinkage long sys32_sysctl(struct sysctl_args32 __user *args) ++SYSCALL_DEFINE1(32_sysctl, struct sysctl_args32 __user *, args) + { + struct sysctl_args32 tmp; + int error; +@@ -417,9 +419,16 @@ asmlinkage long sys32_sysctl(struct sysc + return error; + } + ++#else ++ ++SYSCALL_DEFINE1(32_sysctl, struct sysctl_args32 __user *, args) ++{ ++ return -ENOSYS; ++} ++ + #endif /* CONFIG_SYSCTL_SYSCALL */ + +-asmlinkage long sys32_newuname(struct new_utsname __user * name) ++SYSCALL_DEFINE1(32_newuname, struct new_utsname __user *, name) + { + int ret = 0; + +@@ -435,7 +444,7 @@ asmlinkage long sys32_newuname(struct ne + return ret; + } + +-asmlinkage int sys32_personality(unsigned long personality) ++SYSCALL_DEFINE1(32_personality, unsigned long, personality) + { + int ret; + personality &= 0xffffffff; +@@ -458,7 +467,7 @@ struct ustat32 { + + extern asmlinkage long sys_ustat(dev_t dev, struct ustat __user * ubuf); + +-asmlinkage int sys32_ustat(dev_t dev, struct ustat32 __user * ubuf32) ++SYSCALL_DEFINE2(32_ustat, dev_t, dev, struct ustat32 __user *, ubuf32) + { + int err; + struct ustat tmp; +@@ -482,8 +491,8 @@ out: + return err; + } + +-asmlinkage int sys32_sendfile(int out_fd, int in_fd, compat_off_t __user *offset, +- s32 count) ++SYSCALL_DEFINE4(32_sendfile, long, out_fd, long, in_fd, ++ compat_off_t __user *, offset, s32, count) + { + mm_segment_t old_fs = get_fs(); + int ret; +--- a/arch/mips/kernel/scall32-o32.S ++++ b/arch/mips/kernel/scall32-o32.S +@@ -402,7 +402,7 @@ einval: li v0, -EINVAL + sys sys_swapon 2 + sys sys_reboot 3 + sys sys_old_readdir 3 +- sys old_mmap 6 /* 4090 */ ++ sys sys_mips_mmap 6 /* 4090 */ + sys sys_munmap 2 + sys sys_truncate 2 + sys sys_ftruncate 2 +@@ -522,7 +522,7 @@ einval: li v0, -EINVAL + sys sys_sendfile 4 + sys sys_ni_syscall 0 + sys sys_ni_syscall 0 +- sys sys_mmap2 6 /* 4210 */ ++ sys sys_mips_mmap2 6 /* 4210 */ + sys sys_truncate64 4 + sys sys_ftruncate64 4 + sys sys_stat64 2 +--- a/arch/mips/kernel/scall64-64.S ++++ b/arch/mips/kernel/scall64-64.S +@@ -207,7 +207,7 @@ sys_call_table: + PTR sys_newlstat + PTR sys_poll + PTR sys_lseek +- PTR old_mmap ++ PTR sys_mips_mmap + PTR sys_mprotect /* 5010 */ + PTR sys_munmap + PTR sys_brk +--- a/arch/mips/kernel/scall64-n32.S ++++ b/arch/mips/kernel/scall64-n32.S +@@ -129,12 +129,12 @@ EXPORT(sysn32_call_table) + PTR sys_newlstat + PTR sys_poll + PTR sys_lseek +- PTR old_mmap ++ PTR sys_mips_mmap + PTR sys_mprotect /* 6010 */ + PTR sys_munmap + PTR sys_brk +- PTR sys32_rt_sigaction +- PTR sys32_rt_sigprocmask ++ PTR sys_32_rt_sigaction ++ PTR sys_32_rt_sigprocmask + PTR compat_sys_ioctl /* 6015 */ + PTR sys_pread64 + PTR sys_pwrite64 +@@ -159,7 +159,7 @@ EXPORT(sysn32_call_table) + PTR compat_sys_setitimer + PTR sys_alarm + PTR sys_getpid +- PTR sys32_sendfile ++ PTR sys_32_sendfile + PTR sys_socket /* 6040 */ + PTR sys_connect + PTR sys_accept +@@ -181,14 +181,14 @@ EXPORT(sysn32_call_table) + PTR sys_exit + PTR compat_sys_wait4 + PTR sys_kill /* 6060 */ +- PTR sys32_newuname ++ PTR sys_32_newuname + PTR sys_semget + PTR sys_semop +- PTR sysn32_semctl ++ PTR sys_n32_semctl + PTR sys_shmdt /* 6065 */ + PTR sys_msgget +- PTR sysn32_msgsnd +- PTR sysn32_msgrcv ++ PTR sys_n32_msgsnd ++ PTR sys_n32_msgrcv + PTR compat_sys_msgctl + PTR compat_sys_fcntl /* 6070 */ + PTR sys_flock +@@ -245,15 +245,15 @@ EXPORT(sysn32_call_table) + PTR sys_getsid + PTR sys_capget + PTR sys_capset +- PTR sys32_rt_sigpending /* 6125 */ ++ PTR sys_32_rt_sigpending /* 6125 */ + PTR compat_sys_rt_sigtimedwait +- PTR sys32_rt_sigqueueinfo ++ PTR sys_32_rt_sigqueueinfo + PTR sysn32_rt_sigsuspend + PTR sys32_sigaltstack + PTR compat_sys_utime /* 6130 */ + PTR sys_mknod +- PTR sys32_personality +- PTR sys32_ustat ++ PTR sys_32_personality ++ PTR sys_32_ustat + PTR compat_sys_statfs + PTR compat_sys_fstatfs /* 6135 */ + PTR sys_sysfs +@@ -265,14 +265,14 @@ EXPORT(sysn32_call_table) + PTR sys_sched_getscheduler + PTR sys_sched_get_priority_max + PTR sys_sched_get_priority_min +- PTR sys32_sched_rr_get_interval /* 6145 */ ++ PTR sys_32_sched_rr_get_interval /* 6145 */ + PTR sys_mlock + PTR sys_munlock + PTR sys_mlockall + PTR sys_munlockall + PTR sys_vhangup /* 6150 */ + PTR sys_pivot_root +- PTR sys32_sysctl ++ PTR sys_32_sysctl + PTR sys_prctl + PTR compat_sys_adjtimex + PTR compat_sys_setrlimit /* 6155 */ +--- a/arch/mips/kernel/scall64-o32.S ++++ b/arch/mips/kernel/scall64-o32.S +@@ -267,12 +267,12 @@ sys_call_table: + PTR sys_olduname + PTR sys_umask /* 4060 */ + PTR sys_chroot +- PTR sys32_ustat ++ PTR sys_32_ustat + PTR sys_dup2 + PTR sys_getppid + PTR sys_getpgrp /* 4065 */ + PTR sys_setsid +- PTR sys32_sigaction ++ PTR sys_32_sigaction + PTR sys_sgetmask + PTR sys_ssetmask + PTR sys_setreuid /* 4070 */ +@@ -295,7 +295,7 @@ sys_call_table: + PTR sys_swapon + PTR sys_reboot + PTR compat_sys_old_readdir +- PTR old_mmap /* 4090 */ ++ PTR sys_mips_mmap /* 4090 */ + PTR sys_munmap + PTR sys_truncate + PTR sys_ftruncate +@@ -322,12 +322,12 @@ sys_call_table: + PTR compat_sys_wait4 + PTR sys_swapoff /* 4115 */ + PTR compat_sys_sysinfo +- PTR sys32_ipc ++ PTR sys_32_ipc + PTR sys_fsync + PTR sys32_sigreturn + PTR sys32_clone /* 4120 */ + PTR sys_setdomainname +- PTR sys32_newuname ++ PTR sys_32_newuname + PTR sys_ni_syscall /* sys_modify_ldt */ + PTR compat_sys_adjtimex + PTR sys_mprotect /* 4125 */ +@@ -341,11 +341,11 @@ sys_call_table: + PTR sys_fchdir + PTR sys_bdflush + PTR sys_sysfs /* 4135 */ +- PTR sys32_personality ++ PTR sys_32_personality + PTR sys_ni_syscall /* for afs_syscall */ + PTR sys_setfsuid + PTR sys_setfsgid +- PTR sys32_llseek /* 4140 */ ++ PTR sys_32_llseek /* 4140 */ + PTR compat_sys_getdents + PTR compat_sys_select + PTR sys_flock +@@ -358,7 +358,7 @@ sys_call_table: + PTR sys_ni_syscall /* 4150 */ + PTR sys_getsid + PTR sys_fdatasync +- PTR sys32_sysctl ++ PTR sys_32_sysctl + PTR sys_mlock + PTR sys_munlock /* 4155 */ + PTR sys_mlockall +@@ -370,7 +370,7 @@ sys_call_table: + PTR sys_sched_yield + PTR sys_sched_get_priority_max + PTR sys_sched_get_priority_min +- PTR sys32_sched_rr_get_interval /* 4165 */ ++ PTR sys_32_sched_rr_get_interval /* 4165 */ + PTR compat_sys_nanosleep + PTR sys_mremap + PTR sys_accept +@@ -399,25 +399,25 @@ sys_call_table: + PTR sys_getresgid + PTR sys_prctl + PTR sys32_rt_sigreturn +- PTR sys32_rt_sigaction +- PTR sys32_rt_sigprocmask /* 4195 */ +- PTR sys32_rt_sigpending ++ PTR sys_32_rt_sigaction ++ PTR sys_32_rt_sigprocmask /* 4195 */ ++ PTR sys_32_rt_sigpending + PTR compat_sys_rt_sigtimedwait +- PTR sys32_rt_sigqueueinfo ++ PTR sys_32_rt_sigqueueinfo + PTR sys32_rt_sigsuspend +- PTR sys32_pread /* 4200 */ +- PTR sys32_pwrite ++ PTR sys_32_pread /* 4200 */ ++ PTR sys_32_pwrite + PTR sys_chown + PTR sys_getcwd + PTR sys_capget + PTR sys_capset /* 4205 */ + PTR sys32_sigaltstack +- PTR sys32_sendfile ++ PTR sys_32_sendfile + PTR sys_ni_syscall + PTR sys_ni_syscall +- PTR sys32_mmap2 /* 4210 */ +- PTR sys32_truncate64 +- PTR sys32_ftruncate64 ++ PTR sys_mips_mmap2 /* 4210 */ ++ PTR sys_32_truncate64 ++ PTR sys_32_ftruncate64 + PTR sys_newstat + PTR sys_newlstat + PTR sys_newfstat /* 4215 */ +@@ -483,7 +483,7 @@ sys_call_table: + PTR compat_sys_mq_notify /* 4275 */ + PTR compat_sys_mq_getsetattr + PTR sys_ni_syscall /* sys_vserver */ +- PTR sys32_waitid ++ PTR sys_32_waitid + PTR sys_ni_syscall /* available, was setaltroot */ + PTR sys_add_key /* 4280 */ + PTR sys_request_key +--- a/arch/mips/kernel/signal32.c ++++ b/arch/mips/kernel/signal32.c +@@ -349,8 +349,8 @@ asmlinkage int sys32_rt_sigsuspend(nabi_ + return -ERESTARTNOHAND; + } + +-asmlinkage int sys32_sigaction(int sig, const struct sigaction32 __user *act, +- struct sigaction32 __user *oact) ++SYSCALL_DEFINE3(32_sigaction, long, sig, const struct sigaction32 __user *, act, ++ struct sigaction32 __user *, oact) + { + struct k_sigaction new_ka, old_ka; + int ret; +@@ -692,9 +692,9 @@ struct mips_abi mips_abi_32 = { + .restart = __NR_O32_restart_syscall + }; + +-asmlinkage int sys32_rt_sigaction(int sig, const struct sigaction32 __user *act, +- struct sigaction32 __user *oact, +- unsigned int sigsetsize) ++SYSCALL_DEFINE4(32_rt_sigaction, int, sig, ++ const struct sigaction32 __user *, act, ++ struct sigaction32 __user *, oact, unsigned int, sigsetsize) + { + struct k_sigaction new_sa, old_sa; + int ret = -EINVAL; +@@ -736,8 +736,8 @@ out: + return ret; + } + +-asmlinkage int sys32_rt_sigprocmask(int how, compat_sigset_t __user *set, +- compat_sigset_t __user *oset, unsigned int sigsetsize) ++SYSCALL_DEFINE4(32_rt_sigprocmask, int, how, compat_sigset_t __user *, set, ++ compat_sigset_t __user *, oset, unsigned int, sigsetsize) + { + sigset_t old_set, new_set; + int ret; +@@ -758,8 +758,8 @@ asmlinkage int sys32_rt_sigprocmask(int + return ret; + } + +-asmlinkage int sys32_rt_sigpending(compat_sigset_t __user *uset, +- unsigned int sigsetsize) ++SYSCALL_DEFINE2(32_rt_sigpending, compat_sigset_t __user *, uset, ++ unsigned int, sigsetsize) + { + int ret; + sigset_t set; +@@ -775,7 +775,8 @@ asmlinkage int sys32_rt_sigpending(compa + return ret; + } + +-asmlinkage int sys32_rt_sigqueueinfo(int pid, int sig, compat_siginfo_t __user *uinfo) ++SYSCALL_DEFINE3(32_rt_sigqueueinfo, int, pid, int, sig, ++ compat_siginfo_t __user *, uinfo) + { + siginfo_t info; + int ret; +@@ -790,10 +791,9 @@ asmlinkage int sys32_rt_sigqueueinfo(int + return ret; + } + +-asmlinkage long +-sys32_waitid(int which, compat_pid_t pid, +- compat_siginfo_t __user *uinfo, int options, +- struct compat_rusage __user *uru) ++SYSCALL_DEFINE5(32_waitid, int, which, compat_pid_t, pid, ++ compat_siginfo_t __user *, uinfo, int, options, ++ struct compat_rusage __user *, uru) + { + siginfo_t info; + struct rusage ru; +--- a/arch/mips/kernel/signal.c ++++ b/arch/mips/kernel/signal.c +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -338,8 +339,8 @@ asmlinkage int sys_rt_sigsuspend(nabi_no + } + + #ifdef CONFIG_TRAD_SIGNALS +-asmlinkage int sys_sigaction(int sig, const struct sigaction __user *act, +- struct sigaction __user *oact) ++SYSCALL_DEFINE3(sigaction, int, sig, const struct sigaction __user *, act, ++ struct sigaction __user *, oact) + { + struct k_sigaction new_ka, old_ka; + int ret; +--- a/arch/mips/kernel/syscall.c ++++ b/arch/mips/kernel/syscall.c +@@ -153,9 +153,9 @@ out: + return error; + } + +-asmlinkage unsigned long +-old_mmap(unsigned long addr, unsigned long len, int prot, +- int flags, int fd, off_t offset) ++SYSCALL_DEFINE6(mips_mmap, unsigned long, addr, unsigned long, len, ++ unsigned long, prot, unsigned long, flags, unsigned long, ++ fd, off_t, offset) + { + unsigned long result; + +@@ -169,9 +169,9 @@ out: + return result; + } + +-asmlinkage unsigned long +-sys_mmap2(unsigned long addr, unsigned long len, unsigned long prot, +- unsigned long flags, unsigned long fd, unsigned long pgoff) ++SYSCALL_DEFINE6(mips_mmap2, unsigned long, addr, unsigned long, len, ++ unsigned long, prot, unsigned long, flags, unsigned long, fd, ++ unsigned long, pgoff) + { + if (pgoff & (~PAGE_MASK >> 12)) + return -EINVAL; +@@ -241,7 +241,7 @@ out: + /* + * Compacrapability ... + */ +-asmlinkage int sys_uname(struct old_utsname __user * name) ++SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) + { + if (name && !copy_to_user(name, utsname(), sizeof (*name))) + return 0; +@@ -251,7 +251,7 @@ asmlinkage int sys_uname(struct old_utsn + /* + * Compacrapability ... + */ +-asmlinkage int sys_olduname(struct oldold_utsname __user * name) ++SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) + { + int error; + +@@ -280,7 +280,7 @@ asmlinkage int sys_olduname(struct oldol + return error; + } + +-asmlinkage int sys_set_thread_area(unsigned long addr) ++SYSCALL_DEFINE1(set_thread_area, unsigned long, addr) + { + struct thread_info *ti = task_thread_info(current); + +@@ -291,7 +291,7 @@ asmlinkage int sys_set_thread_area(unsig + return 0; + } + +-asmlinkage int _sys_sysmips(int cmd, long arg1, int arg2, int arg3) ++asmlinkage int _sys_sysmips(long cmd, long arg1, long arg2, long arg3) + { + switch (cmd) { + case MIPS_ATOMIC_SET: +@@ -326,8 +326,8 @@ asmlinkage int _sys_sysmips(int cmd, lon + * + * This is really horribly ugly. + */ +-asmlinkage int sys_ipc(unsigned int call, int first, int second, +- unsigned long third, void __user *ptr, long fifth) ++SYSCALL_DEFINE6(ipc, unsigned int, call, int, first, int, second, ++ unsigned long, third, void __user *, ptr, long, fifth) + { + int version, ret; + +@@ -412,7 +412,7 @@ asmlinkage int sys_ipc(unsigned int call + /* + * No implemented yet ... + */ +-asmlinkage int sys_cachectl(char *addr, int nbytes, int op) ++SYSCALL_DEFINE3(cachectl, char *, addr, int, nbytes, int, op) + { + return -ENOSYS; + } +--- a/arch/mips/mm/cache.c ++++ b/arch/mips/mm/cache.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -58,8 +59,8 @@ EXPORT_SYMBOL(_dma_cache_wback_inv); + * We could optimize the case where the cache argument is not BCACHE but + * that seems very atypical use ... + */ +-asmlinkage int sys_cacheflush(unsigned long addr, +- unsigned long bytes, unsigned int cache) ++SYSCALL_DEFINE3(cacheflush, unsigned long, addr, unsigned long, bytes, ++ unsigned int, cache) + { + if (bytes == 0) + return 0; diff --git a/queue-2.6.27/series b/queue-2.6.27/series index e886eb9e05f..cf66a82b5fa 100644 --- a/queue-2.6.27/series +++ b/queue-2.6.27/series @@ -8,3 +8,6 @@ kbuild-fix-module.markers-permission-error-under-cygwin.patch pagemap-require-aligned-length-non-null-reads-of-proc-pid-pagemap.patch pci-quirk-disable-msi-on-via-vt3364-chipsets.patch x86-pci-don-t-call-e820_all_mapped-with-1-in-the-mmconfig-case.patch +acpi-revert-conflicting-workaround-for-bios-w-mangled-prt-entries.patch +mips-cve-2009-0029-enable-syscall-wrappers.patch +usb-serial-fix-lifetime-and-locking-problems.patch diff --git a/queue-2.6.27/usb-serial-fix-lifetime-and-locking-problems.patch b/queue-2.6.27/usb-serial-fix-lifetime-and-locking-problems.patch new file mode 100644 index 00000000000..c18fc88fc7a --- /dev/null +++ b/queue-2.6.27/usb-serial-fix-lifetime-and-locking-problems.patch @@ -0,0 +1,278 @@ +From stern@rowland.harvard.edu Mon May 4 15:17:32 2009 +From: Alan Stern +Date: Mon, 4 May 2009 11:29:48 -0400 (EDT) +Subject: USB: serial: fix lifetime and locking problems +To: stable@kernel.org +Message-ID: + +From: Alan Stern + +This is commit 2d93148ab6988cad872e65d694c95e8944e1b626 back-ported to +2.6.27. + +This patch (as1229-1) fixes a few lifetime and locking problems in the +usb-serial driver. The main symptom is that an invalid kevent is +created when the serial device is unplugged while a connection is +active. + + Ports should be unregistered when device is disconnected, + not when the parent usb_serial structure is deallocated. + + Each open file should hold a reference to the corresponding + port structure, and the reference should be released when + the file is closed. + + serial->disc_mutex should be acquired in serial_open(), to + resolve the classic race between open and disconnect. + + serial_close() doesn't need to hold both serial->disc_mutex + and port->mutex at the same time. + + Release the subdriver's module reference only after releasing + all the other references, in case one of the release routines + needs to invoke some code in the subdriver module. + + Replace a call to flush_scheduled_work() (which is prone to + deadlocks) with cancel_work_sync(). Also, add a call to + cancel_work_sync() in the disconnect routine. + + Reduce the scope of serial->disc_mutex in serial_disconnect(). + The only place it really needs to protect is where the + "disconnected" flag is set. + + Call the shutdown method from within serial_disconnect() + instead of destroy_serial(), because some subdrivers expect + the port data structures still to be in existence when + their shutdown method runs. + +This fixes the bug reported in + + http://bugs.freedesktop.org/show_bug.cgi?id=20703 + + +Signed-off-by: Alan Stern +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/usb-serial.c | 97 +++++++++++++++++++++++++++------------- + 1 file changed, 67 insertions(+), 30 deletions(-) + +--- a/drivers/usb/serial/usb-serial.c ++++ b/drivers/usb/serial/usb-serial.c +@@ -136,22 +136,10 @@ static void destroy_serial(struct kref * + + dbg("%s - %s", __func__, serial->type->description); + +- serial->type->shutdown(serial); +- + /* return the minor range that this device had */ + if (serial->minor != SERIAL_TTY_NO_MINOR) + return_serial(serial); + +- for (i = 0; i < serial->num_ports; ++i) +- serial->port[i]->port.count = 0; +- +- /* the ports are cleaned up and released in port_release() */ +- for (i = 0; i < serial->num_ports; ++i) +- if (serial->port[i]->dev.parent != NULL) { +- device_unregister(&serial->port[i]->dev); +- serial->port[i] = NULL; +- } +- + /* If this is a "fake" port, we have to clean it up here, as it will + * not get cleaned up in port_release() as it was never registered with + * the driver core */ +@@ -186,7 +174,7 @@ static int serial_open (struct tty_struc + struct usb_serial *serial; + struct usb_serial_port *port; + unsigned int portNumber; +- int retval; ++ int retval = 0; + + dbg("%s", __func__); + +@@ -197,16 +185,24 @@ static int serial_open (struct tty_struc + return -ENODEV; + } + ++ mutex_lock(&serial->disc_mutex); + portNumber = tty->index - serial->minor; + port = serial->port[portNumber]; +- if (!port) { ++ if (!port || serial->disconnected) + retval = -ENODEV; +- goto bailout_kref_put; +- } ++ else ++ get_device(&port->dev); ++ /* ++ * Note: Our locking order requirement does not allow port->mutex ++ * to be acquired while serial->disc_mutex is held. ++ */ ++ mutex_unlock(&serial->disc_mutex); ++ if (retval) ++ goto bailout_serial_put; + + if (mutex_lock_interruptible(&port->mutex)) { + retval = -ERESTARTSYS; +- goto bailout_kref_put; ++ goto bailout_port_put; + } + + ++port->port.count; +@@ -226,14 +222,20 @@ static int serial_open (struct tty_struc + goto bailout_mutex_unlock; + } + +- retval = usb_autopm_get_interface(serial->interface); ++ mutex_lock(&serial->disc_mutex); ++ if (serial->disconnected) ++ retval = -ENODEV; ++ else ++ retval = usb_autopm_get_interface(serial->interface); + if (retval) + goto bailout_module_put; ++ + /* only call the device specific open if this + * is the first time the port is opened */ + retval = serial->type->open(tty, port, filp); + if (retval) + goto bailout_interface_put; ++ mutex_unlock(&serial->disc_mutex); + } + + mutex_unlock(&port->mutex); +@@ -242,13 +244,16 @@ static int serial_open (struct tty_struc + bailout_interface_put: + usb_autopm_put_interface(serial->interface); + bailout_module_put: ++ mutex_unlock(&serial->disc_mutex); + module_put(serial->type->driver.owner); + bailout_mutex_unlock: + port->port.count = 0; + tty->driver_data = NULL; + port->port.tty = NULL; + mutex_unlock(&port->mutex); +-bailout_kref_put: ++bailout_port_put: ++ put_device(&port->dev); ++bailout_serial_put: + usb_serial_put(serial); + return retval; + } +@@ -256,6 +261,9 @@ bailout_kref_put: + static void serial_close(struct tty_struct *tty, struct file *filp) + { + struct usb_serial_port *port = tty->driver_data; ++ struct usb_serial *serial; ++ struct module *owner; ++ int count; + + if (!port) + return; +@@ -263,6 +271,8 @@ static void serial_close(struct tty_stru + dbg("%s - port %d", __func__, port->number); + + mutex_lock(&port->mutex); ++ serial = port->serial; ++ owner = serial->type->driver.owner; + + if (port->port.count == 0) { + mutex_unlock(&port->mutex); +@@ -273,7 +283,7 @@ static void serial_close(struct tty_stru + if (port->port.count == 0) + /* only call the device specific close if this + * port is being closed by the last owner */ +- port->serial->type->close(tty, port, filp); ++ serial->type->close(tty, port, filp); + + if (port->port.count == (port->console? 1 : 0)) { + if (port->port.tty) { +@@ -283,16 +293,22 @@ static void serial_close(struct tty_stru + } + } + +- if (port->port.count == 0) { +- mutex_lock(&port->serial->disc_mutex); +- if (!port->serial->disconnected) +- usb_autopm_put_interface(port->serial->interface); +- mutex_unlock(&port->serial->disc_mutex); +- module_put(port->serial->type->driver.owner); ++ count = port->port.count; ++ mutex_unlock(&port->mutex); ++ put_device(&port->dev); ++ ++ /* Mustn't dereference port any more */ ++ if (count == 0) { ++ mutex_lock(&serial->disc_mutex); ++ if (!serial->disconnected) ++ usb_autopm_put_interface(serial->interface); ++ mutex_unlock(&serial->disc_mutex); + } ++ usb_serial_put(serial); + +- mutex_unlock(&port->mutex); +- usb_serial_put(port->serial); ++ /* Mustn't dereference serial any more */ ++ if (count == 0) ++ module_put(owner); + } + + static int serial_write(struct tty_struct *tty, const unsigned char *buf, +@@ -544,7 +560,13 @@ static void kill_traffic(struct usb_seri + + static void port_free(struct usb_serial_port *port) + { ++ /* ++ * Stop all the traffic before cancelling the work, so that ++ * nobody will restart it by calling usb_serial_port_softint. ++ */ + kill_traffic(port); ++ cancel_work_sync(&port->work); ++ + usb_free_urb(port->read_urb); + usb_free_urb(port->write_urb); + usb_free_urb(port->interrupt_in_urb); +@@ -553,7 +575,6 @@ static void port_free(struct usb_serial_ + kfree(port->bulk_out_buffer); + kfree(port->interrupt_in_buffer); + kfree(port->interrupt_out_buffer); +- flush_scheduled_work(); /* port->work */ + kfree(port); + } + +@@ -1037,17 +1058,33 @@ void usb_serial_disconnect(struct usb_in + usb_set_intfdata(interface, NULL); + /* must set a flag, to signal subdrivers */ + serial->disconnected = 1; ++ mutex_unlock(&serial->disc_mutex); ++ ++ /* Unfortunately, many of the sub-drivers expect the port structures ++ * to exist when their shutdown method is called, so we have to go ++ * through this awkward two-step unregistration procedure. ++ */ + for (i = 0; i < serial->num_ports; ++i) { + port = serial->port[i]; + if (port) { + if (port->port.tty) + tty_hangup(port->port.tty); + kill_traffic(port); ++ cancel_work_sync(&port->work); ++ device_del(&port->dev); + } + } ++ serial->type->shutdown(serial); ++ for (i = 0; i < serial->num_ports; ++i) { ++ port = serial->port[i]; ++ if (port) { ++ put_device(&port->dev); ++ serial->port[i] = NULL; ++ } ++ } ++ + /* let the last holder of this object + * cause it to be cleaned up */ +- mutex_unlock(&serial->disc_mutex); + usb_serial_put(serial); + dev_info(dev, "device disconnected\n"); + }