From: Greg Kroah-Hartman Date: Wed, 1 Aug 2012 20:37:33 +0000 (-0700) Subject: 3.4-stable patches X-Git-Tag: v3.5.1~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f55bd9d7ed3f6511fd99def70a1d7fc0a03da16;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: ftrace-disable-function-tracing-during-suspend-resume-and-hibernation-again.patch iwlwifi-fix-debug-print-in-iwl_sta_calc_ht_flags.patch mac80211-fail-authentication-when-ap-denied-authentication.patch pm-sleep-call-early-resume-handlers-when-suspend_noirq-fails.patch tpm-chip-disabled-state-erronously-being-reported-as-error.patch tun-fix-a-crash-bug-and-a-memory-leak.patch --- diff --git a/queue-3.4/ftrace-disable-function-tracing-during-suspend-resume-and-hibernation-again.patch b/queue-3.4/ftrace-disable-function-tracing-during-suspend-resume-and-hibernation-again.patch new file mode 100644 index 00000000000..9ea13ef78a0 --- /dev/null +++ b/queue-3.4/ftrace-disable-function-tracing-during-suspend-resume-and-hibernation-again.patch @@ -0,0 +1,108 @@ +From 443772d408a25af62498793f6f805ce3c559309a Mon Sep 17 00:00:00 2001 +From: "Srivatsa S. Bhat" +Date: Sat, 16 Jun 2012 15:30:45 +0200 +Subject: ftrace: Disable function tracing during suspend/resume and hibernation, again + +From: "Srivatsa S. Bhat" + +commit 443772d408a25af62498793f6f805ce3c559309a upstream. + +If function tracing is enabled for some of the low-level suspend/resume +functions, it leads to triple fault during resume from suspend, ultimately +ending up in a reboot instead of a resume (or a total refusal to come out +of suspended state, on some machines). + +This issue was explained in more detail in commit f42ac38c59e0a03d (ftrace: +disable tracing for suspend to ram). However, the changes made by that commit +got reverted by commit cbe2f5a6e84eebb (tracing: allow tracing of +suspend/resume & hibernation code again). So, unfortunately since things are +not yet robust enough to allow tracing of low-level suspend/resume functions, +suspend/resume is still broken when ftrace is enabled. + +So fix this by disabling function tracing during suspend/resume & hibernation. + +Signed-off-by: Srivatsa S. Bhat +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/power/hibernate.c | 6 ++++++ + kernel/power/suspend.c | 3 +++ + 2 files changed, 9 insertions(+) + +--- a/kernel/power/hibernate.c ++++ b/kernel/power/hibernate.c +@@ -352,6 +352,7 @@ int hibernation_snapshot(int platform_mo + } + + suspend_console(); ++ ftrace_stop(); + pm_restrict_gfp_mask(); + + error = dpm_suspend(PMSG_FREEZE); +@@ -377,6 +378,7 @@ int hibernation_snapshot(int platform_mo + if (error || !in_suspend) + pm_restore_gfp_mask(); + ++ ftrace_start(); + resume_console(); + dpm_complete(msg); + +@@ -479,6 +481,7 @@ int hibernation_restore(int platform_mod + + pm_prepare_console(); + suspend_console(); ++ ftrace_stop(); + pm_restrict_gfp_mask(); + error = dpm_suspend_start(PMSG_QUIESCE); + if (!error) { +@@ -486,6 +489,7 @@ int hibernation_restore(int platform_mod + dpm_resume_end(PMSG_RECOVER); + } + pm_restore_gfp_mask(); ++ ftrace_start(); + resume_console(); + pm_restore_console(); + return error; +@@ -512,6 +516,7 @@ int hibernation_platform_enter(void) + + entering_platform_hibernation = true; + suspend_console(); ++ ftrace_stop(); + error = dpm_suspend_start(PMSG_HIBERNATE); + if (error) { + if (hibernation_ops->recover) +@@ -555,6 +560,7 @@ int hibernation_platform_enter(void) + Resume_devices: + entering_platform_hibernation = false; + dpm_resume_end(PMSG_RESTORE); ++ ftrace_start(); + resume_console(); + + Close: +--- a/kernel/power/suspend.c ++++ b/kernel/power/suspend.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + + #include "power.h" +@@ -212,6 +213,7 @@ int suspend_devices_and_enter(suspend_st + goto Close; + } + suspend_console(); ++ ftrace_stop(); + suspend_test_start(); + error = dpm_suspend_start(PMSG_SUSPEND); + if (error) { +@@ -231,6 +233,7 @@ int suspend_devices_and_enter(suspend_st + suspend_test_start(); + dpm_resume_end(PMSG_RESUME); + suspend_test_finish("resume devices"); ++ ftrace_start(); + resume_console(); + Close: + if (suspend_ops->end) diff --git a/queue-3.4/iwlwifi-fix-debug-print-in-iwl_sta_calc_ht_flags.patch b/queue-3.4/iwlwifi-fix-debug-print-in-iwl_sta_calc_ht_flags.patch new file mode 100644 index 00000000000..f99efb62951 --- /dev/null +++ b/queue-3.4/iwlwifi-fix-debug-print-in-iwl_sta_calc_ht_flags.patch @@ -0,0 +1,32 @@ +From a35e270881a5db1ec9ac8bc6d61ebc3e85c14f33 Mon Sep 17 00:00:00 2001 +From: Meenakshi Venkataraman +Date: Wed, 16 May 2012 22:40:50 +0200 +Subject: iwlwifi: fix debug print in iwl_sta_calc_ht_flags + +From: Meenakshi Venkataraman + +commit a35e270881a5db1ec9ac8bc6d61ebc3e85c14f33 upstream. + +We missed passing an argument to the +debug print. Fix it. + +Signed-off-by: Meenakshi Venkataraman +Reviewed-by: Emmanuel Grumbach +Signed-off-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/iwlwifi/iwl-agn-sta.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c ++++ b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c +@@ -191,6 +191,7 @@ static void iwl_sta_calc_ht_flags(struct + mimo_ps_mode = (sta_ht_inf->cap & IEEE80211_HT_CAP_SM_PS) >> 2; + + IWL_DEBUG_INFO(priv, "STA %pM SM PS mode: %s\n", ++ sta->addr, + (mimo_ps_mode == WLAN_HT_CAP_SM_PS_STATIC) ? + "static" : + (mimo_ps_mode == WLAN_HT_CAP_SM_PS_DYNAMIC) ? diff --git a/queue-3.4/mac80211-fail-authentication-when-ap-denied-authentication.patch b/queue-3.4/mac80211-fail-authentication-when-ap-denied-authentication.patch new file mode 100644 index 00000000000..f9e6a42bcdb --- /dev/null +++ b/queue-3.4/mac80211-fail-authentication-when-ap-denied-authentication.patch @@ -0,0 +1,44 @@ +From dac211ec10d268b9d09000093a9fa2ac1773894f Mon Sep 17 00:00:00 2001 +From: Eliad Peller +Date: Sun, 13 May 2012 18:07:04 +0300 +Subject: mac80211: fail authentication when AP denied authentication + +From: Eliad Peller + +commit dac211ec10d268b9d09000093a9fa2ac1773894f upstream. + +ieee80211_rx_mgmt_auth() doesn't handle denied authentication +properly - it authenticates the station and waits for association +(for 5 seconds) instead of failing the authentication. + +Fix it by destroying auth_data and bailing out instead. + +Signed-off-by: Eliad Peller +Acked-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/mlme.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -1813,7 +1813,8 @@ ieee80211_rx_mgmt_auth(struct ieee80211_ + if (status_code != WLAN_STATUS_SUCCESS) { + printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n", + sdata->name, mgmt->sa, status_code); +- goto out; ++ ieee80211_destroy_auth_data(sdata, false); ++ return RX_MGMT_CFG80211_RX_AUTH; + } + + switch (ifmgd->auth_data->algorithm) { +@@ -1835,7 +1836,6 @@ ieee80211_rx_mgmt_auth(struct ieee80211_ + } + + printk(KERN_DEBUG "%s: authenticated\n", sdata->name); +- out: + ifmgd->auth_data->done = true; + ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; + run_again(ifmgd, ifmgd->auth_data->timeout); diff --git a/queue-3.4/pm-sleep-call-early-resume-handlers-when-suspend_noirq-fails.patch b/queue-3.4/pm-sleep-call-early-resume-handlers-when-suspend_noirq-fails.patch new file mode 100644 index 00000000000..e907858ea63 --- /dev/null +++ b/queue-3.4/pm-sleep-call-early-resume-handlers-when-suspend_noirq-fails.patch @@ -0,0 +1,47 @@ +From 064b021fbe470ecc9ca10f9f87af48c0fc0865fb Mon Sep 17 00:00:00 2001 +From: Colin Cross +Date: Thu, 19 Jul 2012 10:38:06 +0200 +Subject: PM / Sleep: call early resume handlers when suspend_noirq fails + +From: Colin Cross + +commit 064b021fbe470ecc9ca10f9f87af48c0fc0865fb upstream. + +Commit cf579dfb82550e34de7ccf3ef090d8b834ccd3a9 (PM / Sleep: Introduce +"late suspend" and "early resume" of devices) introduced a bug where +suspend_late handlers would be called, but if dpm_suspend_noirq returned +an error the early_resume handlers would never be called. All devices +would end up on the dpm_late_early_list, and would never be resumed +again. + +Fix it by calling dpm_resume_early when dpm_suspend_noirq returns +an error. + +Signed-off-by: Colin Cross +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/power/main.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/base/power/main.c ++++ b/drivers/base/power/main.c +@@ -979,8 +979,16 @@ static int dpm_suspend_late(pm_message_t + int dpm_suspend_end(pm_message_t state) + { + int error = dpm_suspend_late(state); ++ if (error) ++ return error; + +- return error ? : dpm_suspend_noirq(state); ++ error = dpm_suspend_noirq(state); ++ if (error) { ++ dpm_resume_early(state); ++ return error; ++ } ++ ++ return 0; + } + EXPORT_SYMBOL_GPL(dpm_suspend_end); + diff --git a/queue-3.4/series b/queue-3.4/series index 439fe696c04..b91785d3b32 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -27,3 +27,9 @@ alsa-hda-add-dock-support-for-thinkpad-x230-tablet.patch x86-mce-fix-siginfo_t-si_addr-value-for-non-recoverable-memory-faults.patch locks-fix-checking-of-fcntl_setlease-argument.patch batman-adv-fix-skb-data-assignment.patch +ftrace-disable-function-tracing-during-suspend-resume-and-hibernation-again.patch +pm-sleep-call-early-resume-handlers-when-suspend_noirq-fails.patch +tpm-chip-disabled-state-erronously-being-reported-as-error.patch +tun-fix-a-crash-bug-and-a-memory-leak.patch +mac80211-fail-authentication-when-ap-denied-authentication.patch +iwlwifi-fix-debug-print-in-iwl_sta_calc_ht_flags.patch diff --git a/queue-3.4/tpm-chip-disabled-state-erronously-being-reported-as-error.patch b/queue-3.4/tpm-chip-disabled-state-erronously-being-reported-as-error.patch new file mode 100644 index 00000000000..e3f4a22ada0 --- /dev/null +++ b/queue-3.4/tpm-chip-disabled-state-erronously-being-reported-as-error.patch @@ -0,0 +1,62 @@ +From 24ebe6670de3d1f0dca11c9eb372134c7ab05503 Mon Sep 17 00:00:00 2001 +From: Rajiv Andrade +Date: Tue, 24 Apr 2012 17:38:17 -0300 +Subject: TPM: chip disabled state erronously being reported as error + +From: Rajiv Andrade + +commit 24ebe6670de3d1f0dca11c9eb372134c7ab05503 upstream. + +tpm_do_selftest() attempts to read a PCR in order to +decide if one can rely on the TPM being used or not. +The function that's used by __tpm_pcr_read() does not +expect the TPM to be disabled or deactivated, and if so, +reports an error. + +It's fine if the TPM returns this error when trying to +use it for the first time after a power cycle, but it's +definitely not if it already returned success for a +previous attempt to read one of its PCRs. + +The tpm_do_selftest() was modified so that the driver only +reports this return code as an error when it really is. + +Reported-and-tested-by: Paul Bolle +Signed-off-by: Rajiv Andrade +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tpm/tpm.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- a/drivers/char/tpm/tpm.c ++++ b/drivers/char/tpm/tpm.c +@@ -827,10 +827,10 @@ EXPORT_SYMBOL_GPL(tpm_pcr_extend); + int tpm_do_selftest(struct tpm_chip *chip) + { + int rc; +- u8 digest[TPM_DIGEST_SIZE]; + unsigned int loops; + unsigned int delay_msec = 1000; + unsigned long duration; ++ struct tpm_cmd_t cmd; + + duration = tpm_calc_ordinal_duration(chip, + TPM_ORD_CONTINUE_SELFTEST); +@@ -845,7 +845,15 @@ int tpm_do_selftest(struct tpm_chip *chi + return rc; + + do { +- rc = __tpm_pcr_read(chip, 0, digest); ++ /* Attempt to read a PCR value */ ++ cmd.header.in = pcrread_header; ++ cmd.params.pcrread_in.pcr_idx = cpu_to_be32(0); ++ rc = tpm_transmit(chip, (u8 *) &cmd, READ_PCR_RESULT_SIZE); ++ ++ if (rc < TPM_HEADER_SIZE) ++ return -EFAULT; ++ ++ rc = be32_to_cpu(cmd.header.out.return_code); + if (rc == TPM_ERR_DISABLED || rc == TPM_ERR_DEACTIVATED) { + dev_info(chip->dev, + "TPM is disabled/deactivated (0x%X)\n", rc); diff --git a/queue-3.4/tun-fix-a-crash-bug-and-a-memory-leak.patch b/queue-3.4/tun-fix-a-crash-bug-and-a-memory-leak.patch new file mode 100644 index 00000000000..6b66ff5791c --- /dev/null +++ b/queue-3.4/tun-fix-a-crash-bug-and-a-memory-leak.patch @@ -0,0 +1,79 @@ +From b09e786bd1dd66418b69348cb110f3a64764626a Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Thu, 19 Jul 2012 06:13:36 +0000 +Subject: tun: fix a crash bug and a memory leak + +From: Mikulas Patocka + +commit b09e786bd1dd66418b69348cb110f3a64764626a upstream. + +This patch fixes a crash +tun_chr_close -> netdev_run_todo -> tun_free_netdev -> sk_release_kernel -> +sock_release -> iput(SOCK_INODE(sock)) +introduced by commit 1ab5ecb90cb6a3df1476e052f76a6e8f6511cb3d + +The problem is that this socket is embedded in struct tun_struct, it has +no inode, iput is called on invalid inode, which modifies invalid memory +and optionally causes a crash. + +sock_release also decrements sockets_in_use, this causes a bug that +"sockets: used" field in /proc/*/net/sockstat keeps on decreasing when +creating and closing tun devices. + +This patch introduces a flag SOCK_EXTERNALLY_ALLOCATED that instructs +sock_release to not free the inode and not decrement sockets_in_use, +fixing both memory corruption and sockets_in_use underflow. + +It should be backported to 3.3 an 3.4 stabke. + +Signed-off-by: Mikulas Patocka +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/tun.c | 3 +++ + include/linux/net.h | 1 + + net/socket.c | 3 +++ + 3 files changed, 7 insertions(+) + +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -358,6 +358,8 @@ static void tun_free_netdev(struct net_d + { + struct tun_struct *tun = netdev_priv(dev); + ++ BUG_ON(!test_bit(SOCK_EXTERNALLY_ALLOCATED, &tun->socket.flags)); ++ + sk_release_kernel(tun->socket.sk); + } + +@@ -1115,6 +1117,7 @@ static int tun_set_iff(struct net *net, + tun->flags = flags; + tun->txflt.count = 0; + tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr); ++ set_bit(SOCK_EXTERNALLY_ALLOCATED, &tun->socket.flags); + + err = -ENOMEM; + sk = sk_alloc(&init_net, AF_UNSPEC, GFP_KERNEL, &tun_proto); +--- a/include/linux/net.h ++++ b/include/linux/net.h +@@ -72,6 +72,7 @@ struct net; + #define SOCK_NOSPACE 2 + #define SOCK_PASSCRED 3 + #define SOCK_PASSSEC 4 ++#define SOCK_EXTERNALLY_ALLOCATED 5 + + #ifndef ARCH_HAS_SOCKET_TYPES + /** +--- a/net/socket.c ++++ b/net/socket.c +@@ -522,6 +522,9 @@ void sock_release(struct socket *sock) + if (rcu_dereference_protected(sock->wq, 1)->fasync_list) + printk(KERN_ERR "sock_release: fasync list not empty!\n"); + ++ if (test_bit(SOCK_EXTERNALLY_ALLOCATED, &sock->flags)) ++ return; ++ + percpu_sub(sockets_in_use, 1); + if (!sock->file) { + iput(SOCK_INODE(sock));