From: Greg Kroah-Hartman Date: Thu, 18 Feb 2010 17:01:03 +0000 (-0800) Subject: more patches X-Git-Tag: v2.6.32.9~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=976bf4e21c27f614cbfec37a765d01c914ecea51;p=thirdparty%2Fkernel%2Fstable-queue.git more patches --- diff --git a/queue-2.6.32/acpi-add-null-pointer-check-in-acpi_bus_start.patch b/queue-2.6.32/acpi-add-null-pointer-check-in-acpi_bus_start.patch new file mode 100644 index 00000000000..d556015d428 --- /dev/null +++ b/queue-2.6.32/acpi-add-null-pointer-check-in-acpi_bus_start.patch @@ -0,0 +1,44 @@ +From d2f6650a950dadd20667a04a9dc785f240d43695 Mon Sep 17 00:00:00 2001 +From: Thomas Renninger +Date: Fri, 29 Jan 2010 17:48:51 +0100 +Subject: ACPI: Add NULL pointer check in acpi_bus_start + +From: Thomas Renninger + +commit d2f6650a950dadd20667a04a9dc785f240d43695 upstream. + +If acpi_bus_add does not return a device and it's passed +to acpi_bus_start, bad things will happen: + +BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 +IP: [] acpi_bus_start+0x14/0x24 +... +[] acpiphp_bus_add+0xba/0x130 [acpiphp] +[] enable_device+0x132/0x2ff [acpiphp] +[] acpiphp_enable_slot+0xb8/0x130 [acpiphp] +[] handle_hotplug_event_func+0x87/0x190 [acpiphp] + +Next patch would make this NULL pointer check obsolete, but +better having one more than one missing... + +Signed-off-by: Thomas Renninger +Acked-by: Bjorn Helgaas +Signed-off-by: Len Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/scan.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -1357,6 +1357,9 @@ int acpi_bus_start(struct acpi_device *d + { + struct acpi_bus_ops ops; + ++ if (!device) ++ return -EINVAL; ++ + memset(&ops, 0, sizeof(ops)); + ops.acpi_op_start = 1; + diff --git a/queue-2.6.32/acpi-fix-high-cpu-temperature-with-2.6.32.patch b/queue-2.6.32/acpi-fix-high-cpu-temperature-with-2.6.32.patch new file mode 100644 index 00000000000..bcbb580b743 --- /dev/null +++ b/queue-2.6.32/acpi-fix-high-cpu-temperature-with-2.6.32.patch @@ -0,0 +1,52 @@ +From 370d5cd88509b93b76eb2f5f97efbd71c25061cb Mon Sep 17 00:00:00 2001 +From: Arjan van de Ven +Date: Wed, 27 Jan 2010 15:25:39 -0800 +Subject: ACPI: fix High cpu temperature with 2.6.32 + +From: Arjan van de Ven + +commit 370d5cd88509b93b76eb2f5f97efbd71c25061cb upstream. + +Since the rewrite of the CPU idle governor in 2.6.32, two laptops have +surfaced where the BIOS advertises a C2 power state, but for some reason +this state is not functioning (as verified in both cases by powertop +before the patch in .32). + +The old governor had the accidental behavior that if a non-working state +was chosen too many times, it would end up falling back to C1. The new +governor works differently and this accidental behavior is no longer +there; the result is a high temperature on these two machines. + +This patch adds these 2 machines to the DMI table for C state anomalies; +by just not using C2 both these machines are better off (the TSC can be +used instead of the pm timer, giving a performance boost for example). + +Addresses http://bugzilla.kernel.org/show_bug.cgi?id=14742 + +Signed-off-by: Arjan van de Ven +Reported-by: +Signed-off-by: Andrew Morton +Signed-off-by: Len Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/processor_idle.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/acpi/processor_idle.c ++++ b/drivers/acpi/processor_idle.c +@@ -110,6 +110,14 @@ static struct dmi_system_id __cpuinitdat + DMI_MATCH(DMI_BIOS_VENDOR,"Phoenix Technologies LTD"), + DMI_MATCH(DMI_BIOS_VERSION,"SHE845M0.86C.0013.D.0302131307")}, + (void *)2}, ++ { set_max_cstate, "Pavilion zv5000", { ++ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), ++ DMI_MATCH(DMI_PRODUCT_NAME,"Pavilion zv5000 (DS502A#ABA)")}, ++ (void *)1}, ++ { set_max_cstate, "Asus L8400B", { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME,"L8400B series Notebook PC")}, ++ (void *)1}, + {}, + }; + diff --git a/queue-2.6.32/b43-fix-throughput-regression.patch b/queue-2.6.32/b43-fix-throughput-regression.patch new file mode 100644 index 00000000000..b6baf873f9a --- /dev/null +++ b/queue-2.6.32/b43-fix-throughput-regression.patch @@ -0,0 +1,69 @@ +From b6c3f5be7c6ac3375f44de4545c1ffe216b34022 Mon Sep 17 00:00:00 2001 +From: Larry Finger +Date: Tue, 2 Feb 2010 10:08:19 -0600 +Subject: b43: Fix throughput regression + +From: Larry Finger + +commit b6c3f5be7c6ac3375f44de4545c1ffe216b34022 upstream. + +Commit c7ab5ef9bcd281135c21b4732c9be779585181be entitled "b43: implement +short slot and basic rate handling" reduced the transmit throughput for +my BCM4311 device from 18 Mb/s to 0.7 Mb/s. The basic rate handling +portion is OK, the problem is in the short slot handling. + +Prior to this change, the short slot enable/disable routines were never +called. Experimentation showed that the critical part was changing the +value at offset 0x0010 in the shared memory. This is supposed to contain +the 802.11 Slot Time in usec, but if it is changed from its initial value +of zero, performance is destroyed. On the other hand, changing the value +in the MMIO register corresponding to the Interframe Slot Time increased +performance from 18 to 22 Mb/s. A BCM4306/3 also shows dramatic +improvement of the transmit rate from 5.3 to 19.0 Mb/s. + +Other changes in the patch include removal of the magic number for the +MMIO register, and allowing the slot time to be set for any PHY operating +in the 2.4 GHz band. Previously, the routine was executed only for G PHYs. + +Signed-off-by: Larry Finger +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/b43/b43.h | 1 + + drivers/net/wireless/b43/main.c | 13 ++++++++++--- + 2 files changed, 11 insertions(+), 3 deletions(-) + +--- a/drivers/net/wireless/b43/b43.h ++++ b/drivers/net/wireless/b43/b43.h +@@ -117,6 +117,7 @@ + #define B43_MMIO_TSF_2 0x636 /* core rev < 3 only */ + #define B43_MMIO_TSF_3 0x638 /* core rev < 3 only */ + #define B43_MMIO_RNG 0x65A ++#define B43_MMIO_IFSSLOT 0x684 /* Interframe slot time */ + #define B43_MMIO_IFSCTL 0x688 /* Interframe space control */ + #define B43_MMIO_IFSCTL_USE_EDCF 0x0004 + #define B43_MMIO_POWERUP_DELAY 0x6A8 +--- a/drivers/net/wireless/b43/main.c ++++ b/drivers/net/wireless/b43/main.c +@@ -628,10 +628,17 @@ static void b43_upload_card_macaddress(s + static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time) + { + /* slot_time is in usec. */ +- if (dev->phy.type != B43_PHYTYPE_G) ++ /* This test used to exit for all but a G PHY. */ ++ if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ) + return; +- b43_write16(dev, 0x684, 510 + slot_time); +- b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time); ++ b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time); ++ /* Shared memory location 0x0010 is the slot time and should be ++ * set to slot_time; however, this register is initially 0 and changing ++ * the value adversely affects the transmit rate for BCM4311 ++ * devices. Until this behavior is unterstood, delete this step ++ * ++ * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time); ++ */ + } + + static void b43_short_slot_timing_enable(struct b43_wldev *dev) diff --git a/queue-2.6.32/class-free-the-class-private-data-in-class_release.patch b/queue-2.6.32/class-free-the-class-private-data-in-class_release.patch new file mode 100644 index 00000000000..d51298c3c6b --- /dev/null +++ b/queue-2.6.32/class-free-the-class-private-data-in-class_release.patch @@ -0,0 +1,31 @@ +From 18d19c96457d172d913510c083bc7411ed40cb10 Mon Sep 17 00:00:00 2001 +From: Laurent Pinchart +Date: Wed, 10 Feb 2010 13:32:49 +0100 +Subject: class: Free the class private data in class_release + +From: Laurent Pinchart + +commit 18d19c96457d172d913510c083bc7411ed40cb10 upstream. + +Fix a memory leak by freeing the memory allocated in __class_register +for the class private data. + +Signed-off-by: Laurent Pinchart +Acked-by: Artem Bityutskiy +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/class.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/base/class.c ++++ b/drivers/base/class.c +@@ -59,6 +59,8 @@ static void class_release(struct kobject + else + pr_debug("class '%s' does not have a release() function, " + "be careful\n", class->name); ++ ++ kfree(cp); + } + + static struct sysfs_ops class_sysfs_ops = { diff --git a/queue-2.6.32/drm-radeon-kms-use-udelay-for-short-delays.patch b/queue-2.6.32/drm-radeon-kms-use-udelay-for-short-delays.patch new file mode 100644 index 00000000000..81ff46f62eb --- /dev/null +++ b/queue-2.6.32/drm-radeon-kms-use-udelay-for-short-delays.patch @@ -0,0 +1,33 @@ +From 01d4503968f471f876fb44335800d2cf8dc5a2ce Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Sun, 31 Jan 2010 07:07:14 +1000 +Subject: drm/radeon/kms: use udelay for short delays + +From: Dave Airlie + +commit 01d4503968f471f876fb44335800d2cf8dc5a2ce upstream. + +For usec delays use udelay instead of scheduling, this should +allow reclocking to happen faster. This also was the cause +of reported 33s delays at bootup on certain systems. + +fixes: freedesktop.org bug 25506 + +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/radeon/atom.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/radeon/atom.c ++++ b/drivers/gpu/drm/radeon/atom.c +@@ -607,7 +607,7 @@ static void atom_op_delay(atom_exec_cont + uint8_t count = U8((*ptr)++); + SDEBUG(" count: %d\n", count); + if (arg == ATOM_UNIT_MICROSEC) +- schedule_timeout_uninterruptible(usecs_to_jiffies(count)); ++ udelay(count); + else + schedule_timeout_uninterruptible(msecs_to_jiffies(count)); + } diff --git a/queue-2.6.32/ecryptfs-add-getattr-function.patch b/queue-2.6.32/ecryptfs-add-getattr-function.patch new file mode 100644 index 00000000000..3973b4e60f9 --- /dev/null +++ b/queue-2.6.32/ecryptfs-add-getattr-function.patch @@ -0,0 +1,67 @@ +From f8f484d1b6677dd5cd5e7e605db747e8c30bbd47 Mon Sep 17 00:00:00 2001 +From: Tyler Hicks +Date: Wed, 4 Nov 2009 02:48:01 -0600 +Subject: eCryptfs: Add getattr function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Tyler Hicks + +commit f8f484d1b6677dd5cd5e7e605db747e8c30bbd47 upstream. + +The i_blocks field of an eCryptfs inode cannot be trusted, but +generic_fillattr() uses it to instantiate the blocks field of a stat() +syscall when a filesystem doesn't implement its own getattr(). Users +have noticed that the output of du is incorrect on newly created files. + +This patch creates ecryptfs_getattr() which calls into the lower +filesystem's getattr() so that eCryptfs can use its kstat.blocks value +after calling generic_fillattr(). It is important to note that the +block count includes the eCryptfs metadata stored in the beginning of +the lower file plus any padding used to fill an extent before +encryption. + +https://bugs.launchpad.net/ecryptfs/+bug/390833 + +Reported-by: Dominic Sacré +Signed-off-by: Tyler Hicks +Cc: Tim Gardner +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ecryptfs/inode.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/fs/ecryptfs/inode.c ++++ b/fs/ecryptfs/inode.c +@@ -971,6 +971,21 @@ out: + return rc; + } + ++int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry, ++ struct kstat *stat) ++{ ++ struct kstat lower_stat; ++ int rc; ++ ++ rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry), ++ ecryptfs_dentry_to_lower(dentry), &lower_stat); ++ if (!rc) { ++ generic_fillattr(dentry->d_inode, stat); ++ stat->blocks = lower_stat.blocks; ++ } ++ return rc; ++} ++ + int + ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, + size_t size, int flags) +@@ -1100,6 +1115,7 @@ const struct inode_operations ecryptfs_d + const struct inode_operations ecryptfs_main_iops = { + .permission = ecryptfs_permission, + .setattr = ecryptfs_setattr, ++ .getattr = ecryptfs_getattr, + .setxattr = ecryptfs_setxattr, + .getxattr = ecryptfs_getxattr, + .listxattr = ecryptfs_listxattr, diff --git a/queue-2.6.32/nfs-too-many-getattr-and-access-calls-after-direct-i-o.patch b/queue-2.6.32/nfs-too-many-getattr-and-access-calls-after-direct-i-o.patch new file mode 100644 index 00000000000..6f0add9dbb3 --- /dev/null +++ b/queue-2.6.32/nfs-too-many-getattr-and-access-calls-after-direct-i-o.patch @@ -0,0 +1,72 @@ +From 65d269538a1129495ac45a14a777cd11cfe881d8 Mon Sep 17 00:00:00 2001 +From: Chuck Lever +Date: Mon, 15 Feb 2010 12:19:53 -0500 +Subject: NFS: Too many GETATTR and ACCESS calls after direct I/O + +From: Chuck Lever + +commit 65d269538a1129495ac45a14a777cd11cfe881d8 upstream. + +The cached read and write paths initialize fattr->time_start in their +setup procedures. The value of fattr->time_start is propagated to +read_cache_jiffies by nfs_update_inode(). Subsequent calls to +nfs_attribute_timeout() will then use a good time stamp when +computing the attribute cache timeout, and squelch unneeded GETATTR +calls. + +Since the direct I/O paths erroneously leave the inode's +fattr->time_start field set to zero, read_cache_jiffies for that inode +is set to zero after any direct read or write operation. This +triggers an otw GETATTR or ACCESS call to update the file's attribute +and access caches properly, even when the NFS READ or WRITE replies +have usable post-op attributes. + +Make sure the direct read and write setup code performs the same fattr +initialization as the cached I/O paths to prevent unnecessary GETATTR +calls. + +This was likely introduced by commit 0e574af1 in 2.6.15, which appears +to add new nfs_fattr_init() call sites in the cached read and write +paths, but not in the equivalent places in fs/nfs/direct.c. A +subsequent commit in the same series, 33801147, introduces the +fattr->time_start field. + +Interestingly, the direct write reschedule path already has a call to +nfs_fattr_init() in the right place. + +Reported-by: Quentin Barnes +Signed-off-by: Chuck Lever +Signed-off-by: Trond Myklebust +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/direct.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -342,6 +342,7 @@ static ssize_t nfs_direct_read_schedule_ + data->res.fattr = &data->fattr; + data->res.eof = 0; + data->res.count = bytes; ++ nfs_fattr_init(&data->fattr); + msg.rpc_argp = &data->args; + msg.rpc_resp = &data->res; + +@@ -575,6 +576,7 @@ static void nfs_direct_commit_schedule(s + data->res.count = 0; + data->res.fattr = &data->fattr; + data->res.verf = &data->verf; ++ nfs_fattr_init(&data->fattr); + + NFS_PROTO(data->inode)->commit_setup(data, &msg); + +@@ -766,6 +768,7 @@ static ssize_t nfs_direct_write_schedule + data->res.fattr = &data->fattr; + data->res.count = bytes; + data->res.verf = &data->verf; ++ nfs_fattr_init(&data->fattr); + + task_setup_data.task = &data->task; + task_setup_data.callback_data = data; diff --git a/queue-2.6.32/rtl8187-add-new-device-id.patch b/queue-2.6.32/rtl8187-add-new-device-id.patch new file mode 100644 index 00000000000..40a226e9820 --- /dev/null +++ b/queue-2.6.32/rtl8187-add-new-device-id.patch @@ -0,0 +1,29 @@ +From 174b24963eaf96dc5e093502ee09639aed13eb2f Mon Sep 17 00:00:00 2001 +From: Jelle Martijn Kok +Date: Wed, 10 Feb 2010 09:34:09 -0600 +Subject: rtl8187: Add new device ID + +From: Jelle Martijn Kok + +commit 174b24963eaf96dc5e093502ee09639aed13eb2f upstream. + +Add new RTL8187B device. + +Signed-off-by: Larry Finger +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtl818x/rtl8187_dev.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wireless/rtl818x/rtl8187_dev.c ++++ b/drivers/net/wireless/rtl818x/rtl8187_dev.c +@@ -65,6 +65,7 @@ static struct usb_device_id rtl8187_tabl + /* Sitecom */ + {USB_DEVICE(0x0df6, 0x000d), .driver_info = DEVICE_RTL8187}, + {USB_DEVICE(0x0df6, 0x0028), .driver_info = DEVICE_RTL8187B}, ++ {USB_DEVICE(0x0df6, 0x0029), .driver_info = DEVICE_RTL8187B}, + /* Sphairon Access Systems GmbH */ + {USB_DEVICE(0x114B, 0x0150), .driver_info = DEVICE_RTL8187}, + /* Dick Smith Electronics */ diff --git a/queue-2.6.32/serial-8250-add-serial-transmitter-fully-empty-test.patch b/queue-2.6.32/serial-8250-add-serial-transmitter-fully-empty-test.patch new file mode 100644 index 00000000000..dcf9f5fb00d --- /dev/null +++ b/queue-2.6.32/serial-8250-add-serial-transmitter-fully-empty-test.patch @@ -0,0 +1,83 @@ +From bca476139d2ded86be146dae09b06e22548b67f3 Mon Sep 17 00:00:00 2001 +From: Dick Hollenbeck +Date: Wed, 9 Dec 2009 12:31:34 -0800 +Subject: serial: 8250: add serial transmitter fully empty test + +From: Dick Hollenbeck + +commit bca476139d2ded86be146dae09b06e22548b67f3 upstream. + +When controlling an industrial radio modem it can be necessary to +manipulate the handshake lines in order to control the radio modem's +transmitter, from userspace. + +The transmitter should not be turned off before all characters have been +transmitted. serial8250_tx_empty() was reporting that all characters were +transmitted before they actually were. + +=== + +Discovered in parallel with more testing and analysis by Kees Schoenmakers +as follows: + +I ran into an NetMos 9835 serial pci board which behaves a little +different than the standard. This type of expansion board is very common. + +"Standard" 8250 compatible devices clear the 'UART_LST_TEMT" bit together +with the "UART_LSR_THRE" bit when writing data to the device. + +The NetMos device does it slightly different + +I believe that the TEMT bit is coupled to the shift register. The problem +is that after writing data to the device and very quickly after that one +does call serial8250_tx_empty, it returns the wrong information. + +My patch makes the test more robust (and solves the problem) and it does +not affect the already correct devices. + +Alan: + + We may yet need to quirk this but now we know which chips we have a + way to do that should we find this breaks some other 8250 clone with + dodgy THRE. + +Signed-off-by: Dick Hollenbeck +Signed-off-by: Alan Cox +Cc: Kees Schoenmakers +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/serial/8250.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/serial/8250.c ++++ b/drivers/serial/8250.c +@@ -83,6 +83,9 @@ static unsigned int skip_txen_test; /* f + + #define PASS_LIMIT 256 + ++#define BOTH_EMPTY (UART_LSR_TEMT | UART_LSR_THRE) ++ ++ + /* + * We default to IRQ0 for the "no irq" hack. Some + * machine types want others as well - they're free +@@ -1792,7 +1795,7 @@ static unsigned int serial8250_tx_empty( + up->lsr_saved_flags |= lsr & LSR_SAVE_FLAGS; + spin_unlock_irqrestore(&up->port.lock, flags); + +- return lsr & UART_LSR_TEMT ? TIOCSER_TEMT : 0; ++ return (lsr & BOTH_EMPTY) == BOTH_EMPTY ? TIOCSER_TEMT : 0; + } + + static unsigned int serial8250_get_mctrl(struct uart_port *port) +@@ -1850,8 +1853,6 @@ static void serial8250_break_ctl(struct + spin_unlock_irqrestore(&up->port.lock, flags); + } + +-#define BOTH_EMPTY (UART_LSR_TEMT | UART_LSR_THRE) +- + /* + * Wait for transmitter & holding register to empty + */ diff --git a/queue-2.6.32/series b/queue-2.6.32/series index a2a4e996a4a..f3b7a218077 100644 --- a/queue-2.6.32/series +++ b/queue-2.6.32/series @@ -75,3 +75,15 @@ x86-re-get-cfg_new-in-case-reuse-move-irq_desc.patch tg3-fix-5906-transmit-hangs.patch staging-fix-rtl8187se-compilation-errors-with-mac80211.patch alsa-usb-audio-avoid-oops-after-disconnect.patch +serial-8250-add-serial-transmitter-fully-empty-test.patch +sysfs-sysfs_sd_setattr-set-iattrs-unconditionally.patch +class-free-the-class-private-data-in-class_release.patch +usb-usbfs-only-copy-the-actual-data-received.patch +usb-usbfs-properly-clean-up-the-as-structure-on-error-paths.patch +rtl8187-add-new-device-id.patch +acpi-add-null-pointer-check-in-acpi_bus_start.patch +acpi-fix-high-cpu-temperature-with-2.6.32.patch +drm-radeon-kms-use-udelay-for-short-delays.patch +nfs-too-many-getattr-and-access-calls-after-direct-i-o.patch +ecryptfs-add-getattr-function.patch +b43-fix-throughput-regression.patch diff --git a/queue-2.6.32/sysfs-sysfs_sd_setattr-set-iattrs-unconditionally.patch b/queue-2.6.32/sysfs-sysfs_sd_setattr-set-iattrs-unconditionally.patch new file mode 100644 index 00000000000..852513f4fb0 --- /dev/null +++ b/queue-2.6.32/sysfs-sysfs_sd_setattr-set-iattrs-unconditionally.patch @@ -0,0 +1,80 @@ +From 7c0ff870d1ed287504a61ed865f3d728c757436b Mon Sep 17 00:00:00 2001 +From: Eric W. Biederman +Date: Wed, 3 Feb 2010 23:13:24 -0800 +Subject: sysfs: sysfs_sd_setattr set iattrs unconditionally + +From: Eric W. Biederman + +commit 7c0ff870d1ed287504a61ed865f3d728c757436b upstream. + +There is currently a bug in sysfs_sd_setattr inherited from +sysfs_setattr in 2.6.32 where the first time we set the attributes +on a sysfs file we allocate backing store but do not set the +backing store attributes. Resulting in overly restrictive +permissions on sysfs files. + +The fix is to simply modify the code so that it always executes +when we update the sysfs attributes, as we did in 2.6.31 and earlier. + +Signed-off-by: Eric W. Biederman +Tested-by: Jean Delvare +Signed-off-by: Greg Kroah-Hartman + +--- + fs/sysfs/inode.c | 43 +++++++++++++++++++++---------------------- + 1 file changed, 21 insertions(+), 22 deletions(-) + +--- a/fs/sysfs/inode.c ++++ b/fs/sysfs/inode.c +@@ -94,30 +94,29 @@ int sysfs_setattr(struct dentry * dentry + if (!sd_attrs) + return -ENOMEM; + sd->s_iattr = sd_attrs; +- } else { +- /* attributes were changed at least once in past */ +- iattrs = &sd_attrs->ia_iattr; ++ } ++ /* attributes were changed at least once in past */ ++ iattrs = &sd_attrs->ia_iattr; + +- if (ia_valid & ATTR_UID) +- iattrs->ia_uid = iattr->ia_uid; +- if (ia_valid & ATTR_GID) +- iattrs->ia_gid = iattr->ia_gid; +- if (ia_valid & ATTR_ATIME) +- iattrs->ia_atime = timespec_trunc(iattr->ia_atime, +- inode->i_sb->s_time_gran); +- if (ia_valid & ATTR_MTIME) +- iattrs->ia_mtime = timespec_trunc(iattr->ia_mtime, +- inode->i_sb->s_time_gran); +- if (ia_valid & ATTR_CTIME) +- iattrs->ia_ctime = timespec_trunc(iattr->ia_ctime, +- inode->i_sb->s_time_gran); +- if (ia_valid & ATTR_MODE) { +- umode_t mode = iattr->ia_mode; ++ if (ia_valid & ATTR_UID) ++ iattrs->ia_uid = iattr->ia_uid; ++ if (ia_valid & ATTR_GID) ++ iattrs->ia_gid = iattr->ia_gid; ++ if (ia_valid & ATTR_ATIME) ++ iattrs->ia_atime = timespec_trunc(iattr->ia_atime, ++ inode->i_sb->s_time_gran); ++ if (ia_valid & ATTR_MTIME) ++ iattrs->ia_mtime = timespec_trunc(iattr->ia_mtime, ++ inode->i_sb->s_time_gran); ++ if (ia_valid & ATTR_CTIME) ++ iattrs->ia_ctime = timespec_trunc(iattr->ia_ctime, ++ inode->i_sb->s_time_gran); ++ if (ia_valid & ATTR_MODE) { ++ umode_t mode = iattr->ia_mode; + +- if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID)) +- mode &= ~S_ISGID; +- iattrs->ia_mode = sd->s_mode = mode; +- } ++ if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID)) ++ mode &= ~S_ISGID; ++ iattrs->ia_mode = sd->s_mode = mode; + } + return error; + } diff --git a/queue-2.6.32/usb-usbfs-only-copy-the-actual-data-received.patch b/queue-2.6.32/usb-usbfs-only-copy-the-actual-data-received.patch new file mode 100644 index 00000000000..747a8d6d93a --- /dev/null +++ b/queue-2.6.32/usb-usbfs-only-copy-the-actual-data-received.patch @@ -0,0 +1,50 @@ +From d4a4683ca054ed9917dfc9e3ff0f7ecf74ad90d6 Mon Sep 17 00:00:00 2001 +From: Greg KH +Date: Mon, 15 Feb 2010 09:37:46 -0800 +Subject: USB: usbfs: only copy the actual data received + +From: Greg KH + +commit d4a4683ca054ed9917dfc9e3ff0f7ecf74ad90d6 upstream. + +We need to only copy the data received by the device to userspace, not +the whole kernel buffer, which can contain "stale" data. + +Thanks to Marcus Meissner for pointing this out and testing the fix. + +Reported-by: Marcus Meissner +Tested-by: Marcus Meissner +Cc: Alan Stern +Cc: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/devio.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -1312,9 +1312,9 @@ static int processcompl(struct async *as + void __user *addr = as->userurb; + unsigned int i; + +- if (as->userbuffer) ++ if (as->userbuffer && urb->actual_length) + if (copy_to_user(as->userbuffer, urb->transfer_buffer, +- urb->transfer_buffer_length)) ++ urb->actual_length)) + goto err_out; + if (put_user(as->status, &userurb->status)) + goto err_out; +@@ -1435,9 +1435,9 @@ static int processcompl_compat(struct as + void __user *addr = as->userurb; + unsigned int i; + +- if (as->userbuffer) ++ if (as->userbuffer && urb->actual_length) + if (copy_to_user(as->userbuffer, urb->transfer_buffer, +- urb->transfer_buffer_length)) ++ urb->actual_length)) + return -EFAULT; + if (put_user(as->status, &userurb->status)) + return -EFAULT; diff --git a/queue-2.6.32/usb-usbfs-properly-clean-up-the-as-structure-on-error-paths.patch b/queue-2.6.32/usb-usbfs-properly-clean-up-the-as-structure-on-error-paths.patch new file mode 100644 index 00000000000..3a11f2cd628 --- /dev/null +++ b/queue-2.6.32/usb-usbfs-properly-clean-up-the-as-structure-on-error-paths.patch @@ -0,0 +1,121 @@ +From ddeee0b2eec2a51b0712b04de4b39e7bec892a53 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Tue, 16 Feb 2010 12:35:07 -0800 +Subject: USB: usbfs: properly clean up the as structure on error paths + +From: Linus Torvalds + +commit ddeee0b2eec2a51b0712b04de4b39e7bec892a53 upstream. + +I notice that the processcompl_compat() function seems to be leaking the +'struct async *as' in the error paths. + +I think that the calling convention is fundamentally buggered. The +caller is the one that did the "reap_as()" to get the as thing, the +caller should be the one to free it too. + +Freeing it in the caller also means that it very clearly always gets +freed, and avoids the need for any "free in the error case too". + +From: Linus Torvalds +Cc: Alan Stern +Cc: Marcus Meissner +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/devio.c | 40 ++++++++++++++++++++++++++-------------- + 1 file changed, 26 insertions(+), 14 deletions(-) + +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -1334,14 +1334,11 @@ static int processcompl(struct async *as + } + } + +- free_async(as); +- + if (put_user(addr, (void __user * __user *)arg)) + return -EFAULT; + return 0; + + err_out: +- free_async(as); + return -EFAULT; + } + +@@ -1371,8 +1368,11 @@ static struct async *reap_as(struct dev_ + static int proc_reapurb(struct dev_state *ps, void __user *arg) + { + struct async *as = reap_as(ps); +- if (as) +- return processcompl(as, (void __user * __user *)arg); ++ if (as) { ++ int retval = processcompl(as, (void __user * __user *)arg); ++ free_async(as); ++ return retval; ++ } + if (signal_pending(current)) + return -EINTR; + return -EIO; +@@ -1380,11 +1380,16 @@ static int proc_reapurb(struct dev_state + + static int proc_reapurbnonblock(struct dev_state *ps, void __user *arg) + { ++ int retval; + struct async *as; + +- if (!(as = async_getcompleted(ps))) +- return -EAGAIN; +- return processcompl(as, (void __user * __user *)arg); ++ as = async_getcompleted(ps); ++ retval = -EAGAIN; ++ if (as) { ++ retval = processcompl(as, (void __user * __user *)arg); ++ free_async(as); ++ } ++ return retval; + } + + #ifdef CONFIG_COMPAT +@@ -1457,7 +1462,6 @@ static int processcompl_compat(struct as + } + } + +- free_async(as); + if (put_user(ptr_to_compat(addr), (u32 __user *)arg)) + return -EFAULT; + return 0; +@@ -1466,8 +1470,11 @@ static int processcompl_compat(struct as + static int proc_reapurb_compat(struct dev_state *ps, void __user *arg) + { + struct async *as = reap_as(ps); +- if (as) +- return processcompl_compat(as, (void __user * __user *)arg); ++ if (as) { ++ int retval = processcompl_compat(as, (void __user * __user *)arg); ++ free_async(as); ++ return retval; ++ } + if (signal_pending(current)) + return -EINTR; + return -EIO; +@@ -1475,11 +1482,16 @@ static int proc_reapurb_compat(struct de + + static int proc_reapurbnonblock_compat(struct dev_state *ps, void __user *arg) + { ++ int retval; + struct async *as; + +- if (!(as = async_getcompleted(ps))) +- return -EAGAIN; +- return processcompl_compat(as, (void __user * __user *)arg); ++ retval = -EAGAIN; ++ as = async_getcompleted(ps); ++ if (as) { ++ retval = processcompl_compat(as, (void __user * __user *)arg); ++ free_async(as); ++ } ++ return retval; + } + + #endif