From: Greg Kroah-Hartman Date: Mon, 23 Apr 2007 23:48:44 +0000 (-0700) Subject: more patches added to 2.6.20 queue X-Git-Tag: v2.6.20.8~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a97f91428978852b6a37ba4e5ad7f08423606a90;p=thirdparty%2Fkernel%2Fstable-queue.git more patches added to 2.6.20 queue --- diff --git a/queue-2.6.20/cache_k8_northbridges-overflows-beyond-allocation.patch b/queue-2.6.20/cache_k8_northbridges-overflows-beyond-allocation.patch new file mode 100644 index 00000000000..73882b17b11 --- /dev/null +++ b/queue-2.6.20/cache_k8_northbridges-overflows-beyond-allocation.patch @@ -0,0 +1,40 @@ +From stable-bounces@linux.kernel.org Tue Apr 17 12:54:30 2007 +From: Badari Pulavarty +Date: Tue, 17 Apr 2007 15:53:09 -0400 +Subject: cache_k8_northbridges() overflows beyond allocation +To: linux-stable +Cc: Andi Kleen +Message-ID: <462525A5.9080706@redhat.com> + + +From: Badari Pulavarty + +cache_k8_northbridges() overflows beyond allocation + +cache_k8_northbridges() is storing config values to incorrect locations +(in flush_words) and also its overflowing beyond the allocation, causing +slab verification failures. + +Signed-off-by: Badari Pulavarty +Signed-off-by: Linus Torvalds +Cc: Andi Kleen +Cc: Chuck Ebbert +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86_64/kernel/k8.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86_64/kernel/k8.c ++++ b/arch/x86_64/kernel/k8.c +@@ -61,8 +61,8 @@ int cache_k8_northbridges(void) + dev = NULL; + i = 0; + while ((dev = next_k8_northbridge(dev)) != NULL) { +- k8_northbridges[i++] = dev; +- pci_read_config_dword(dev, 0x9c, &flush_words[i]); ++ k8_northbridges[i] = dev; ++ pci_read_config_dword(dev, 0x9c, &flush_words[i++]); + } + k8_northbridges[i] = NULL; + return 0; diff --git a/queue-2.6.20/exec.c-fix-coredump-to-pipe-problem-and-obscure-security-hole.patch b/queue-2.6.20/exec.c-fix-coredump-to-pipe-problem-and-obscure-security-hole.patch new file mode 100644 index 00000000000..08f5d3a262a --- /dev/null +++ b/queue-2.6.20/exec.c-fix-coredump-to-pipe-problem-and-obscure-security-hole.patch @@ -0,0 +1,91 @@ +From git-commits-head-owner@vger.kernel.org Tue Apr 17 16:59:13 2007 +From: Alan Cox +Date: Tue, 17 Apr 2007 23:59:01 GMT +Subject: exec.c: fix coredump to pipe problem and obscure "security hole" +To: git-commits-head@vger.kernel.org +Message-ID: <200704172359.l3HNx1x0024174@hera.kernel.org> + +From: Alan Cox + +exec.c: fix coredump to pipe problem and obscure "security hole" + +The patch checks for "|" in the pattern not the output and doesn't nail a +pid on to a piped name (as it is a program name not a file) + +Also fixes a very very obscure security corner case. If you happen to have +decided on a core pattern that starts with the program name then the user +can run a program called "|myevilhack" as it stands. I doubt anyone does +this. + +Signed-off-by: Alan Cox +Confirmed-by: Christopher S. Aker +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/exec.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1246,13 +1246,17 @@ EXPORT_SYMBOL(set_binfmt); + * name into corename, which must have space for at least + * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator. + */ +-static void format_corename(char *corename, const char *pattern, long signr) ++static int format_corename(char *corename, const char *pattern, long signr) + { + const char *pat_ptr = pattern; + char *out_ptr = corename; + char *const out_end = corename + CORENAME_MAX_SIZE; + int rc; + int pid_in_pattern = 0; ++ int ispipe = 0; ++ ++ if (*pattern == '|') ++ ispipe = 1; + + /* Repeat as long as we have more pattern to process and more output + space */ +@@ -1343,8 +1347,8 @@ static void format_corename(char *corena + * + * If core_pattern does not include a %p (as is the default) + * and core_uses_pid is set, then .%pid will be appended to +- * the filename */ +- if (!pid_in_pattern ++ * the filename. Do not do this for piped commands. */ ++ if (!ispipe && !pid_in_pattern + && (core_uses_pid || atomic_read(¤t->mm->mm_users) != 1)) { + rc = snprintf(out_ptr, out_end - out_ptr, + ".%d", current->tgid); +@@ -1352,8 +1356,9 @@ static void format_corename(char *corena + goto out; + out_ptr += rc; + } +- out: ++out: + *out_ptr = 0; ++ return ispipe; + } + + static void zap_process(struct task_struct *start) +@@ -1504,16 +1509,15 @@ int do_coredump(long signr, int exit_cod + * uses lock_kernel() + */ + lock_kernel(); +- format_corename(corename, core_pattern, signr); ++ ispipe = format_corename(corename, core_pattern, signr); + unlock_kernel(); +- if (corename[0] == '|') { ++ if (ispipe) { + /* SIGPIPE can happen, but it's just never processed */ + if(call_usermodehelper_pipe(corename+1, NULL, NULL, &file)) { + printk(KERN_INFO "Core dump to %s pipe failed\n", + corename); + goto fail_unlock; + } +- ispipe = 1; + } else + file = filp_open(corename, + O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, diff --git a/queue-2.6.20/fix-bogus-inline-directive-in-sparc64-pci-code.patch b/queue-2.6.20/fix-bogus-inline-directive-in-sparc64-pci-code.patch new file mode 100644 index 00000000000..69057cedafe --- /dev/null +++ b/queue-2.6.20/fix-bogus-inline-directive-in-sparc64-pci-code.patch @@ -0,0 +1,35 @@ +From stable-bounces@linux.kernel.org Tue Apr 17 14:43:30 2007 +From: Tom "spot" Callaway +Date: Tue, 17 Apr 2007 14:42:12 -0700 (PDT) +Subject: Fix bogus inline directive in sparc64 PCI code +To: stable@kernel.org +Cc: bunk@stusta.de +Message-ID: <20070417.144212.115909291.davem@davemloft.net> + +From: Tom "spot" Callaway + +[SPARC64]: Fix inline directive in pci_iommu.c + +While building a test kernel for the new esp driver (against +git-current), I hit this bug. Trivial fix, put the inline declaration +in the right place. :) + +Signed-off-by: Tom "spot" Callaway +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc64/kernel/pci_iommu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sparc64/kernel/pci_iommu.c ++++ b/arch/sparc64/kernel/pci_iommu.c +@@ -64,7 +64,7 @@ static void __iommu_flushall(struct pci_ + #define IOPTE_IS_DUMMY(iommu, iopte) \ + ((iopte_val(*iopte) & IOPTE_PAGE) == (iommu)->dummy_page_pa) + +-static void inline iopte_make_dummy(struct pci_iommu *iommu, iopte_t *iopte) ++static inline void iopte_make_dummy(struct pci_iommu *iommu, iopte_t *iopte) + { + unsigned long val = iopte_val(*iopte); + diff --git a/queue-2.6.20/fix-compat-sys_ipc-on-sparc64.patch b/queue-2.6.20/fix-compat-sys_ipc-on-sparc64.patch new file mode 100644 index 00000000000..eff095225e9 --- /dev/null +++ b/queue-2.6.20/fix-compat-sys_ipc-on-sparc64.patch @@ -0,0 +1,54 @@ +From stable-bounces@linux.kernel.org Tue Apr 17 14:42:01 2007 +From: David Miller +Date: Tue, 17 Apr 2007 14:40:46 -0700 (PDT) +Subject: Fix compat sys_ipc() on sparc64 +To: stable@kernel.org +Cc: bunk@stusta.de +Message-ID: <20070417.144046.59656081.davem@davemloft.net> + +From: David Miller + +The 32-bit syscall trampoline for sys_ipc() on sparc64 +was sign extending various arguments, which is bogus when +using compat_sys_ipc() since that function expects zero +extended copies of all the arguments. + +This bug breaks the sparc64 kernel when built with gcc-4.2.x +among other things. + +[SPARC64]: Fix arg passing to compat_sys_ipc(). + +Do not sign extend args using the sys32_ipc stub, that is +buggy and unnecessary. + +Based upon an excellent report by Mikael Pettersson. + +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc64/kernel/sys32.S | 1 - + arch/sparc64/kernel/systbls.S | 2 +- + 2 files changed, 1 insertion(+), 2 deletions(-) + +--- a/arch/sparc64/kernel/sys32.S ++++ b/arch/sparc64/kernel/sys32.S +@@ -91,7 +91,6 @@ SIGN1(sys32_select, compat_sys_select, % + SIGN1(sys32_mkdir, sys_mkdir, %o1) + SIGN3(sys32_futex, compat_sys_futex, %o1, %o2, %o5) + SIGN1(sys32_sysfs, compat_sys_sysfs, %o0) +-SIGN3(sys32_ipc, compat_sys_ipc, %o1, %o2, %o3) + SIGN2(sys32_sendfile, compat_sys_sendfile, %o0, %o1) + SIGN2(sys32_sendfile64, compat_sys_sendfile64, %o0, %o1) + SIGN1(sys32_prctl, sys_prctl, %o0) +--- a/arch/sparc64/kernel/systbls.S ++++ b/arch/sparc64/kernel/systbls.S +@@ -62,7 +62,7 @@ sys_call_table32: + /*200*/ .word sys32_ssetmask, sys_sigsuspend, compat_sys_newlstat, sys_uselib, compat_sys_old_readdir + .word sys32_readahead, sys32_socketcall, sys32_syslog, sys32_lookup_dcookie, sys32_fadvise64 + /*210*/ .word sys32_fadvise64_64, sys32_tgkill, sys32_waitpid, sys_swapoff, sys32_sysinfo +- .word sys32_ipc, sys32_sigreturn, sys_clone, sys32_ioprio_get, compat_sys_adjtimex ++ .word compat_sys_ipc, sys32_sigreturn, sys_clone, sys32_ioprio_get, compat_sys_adjtimex + /*220*/ .word sys32_sigprocmask, sys_ni_syscall, sys32_delete_module, sys_ni_syscall, sys32_getpgid + .word sys32_bdflush, sys32_sysfs, sys_nis_syscall, sys32_setfsuid16, sys32_setfsgid16 + /*230*/ .word sys32_select, compat_sys_time, sys32_splice, compat_sys_stime, compat_sys_statfs64 diff --git a/queue-2.6.20/fix-errors-in-tcp_mem-calculations.patch b/queue-2.6.20/fix-errors-in-tcp_mem-calculations.patch new file mode 100644 index 00000000000..978533e2640 --- /dev/null +++ b/queue-2.6.20/fix-errors-in-tcp_mem-calculations.patch @@ -0,0 +1,55 @@ +From stable-bounces@linux.kernel.org Tue Apr 17 14:45:21 2007 +From: John Heffner +Date: Tue, 17 Apr 2007 14:44:06 -0700 (PDT) +Subject: Fix errors in tcp_mem[] calculations. +To: stable@kernel.org +Cc: bunk@stusta.de +Message-ID: <20070417.144406.48528481.davem@davemloft.net> + +From: John Heffner + +In 2.6.18 a change was made to the tcp_mem[] calculations, +but this causes regressions for some folks up to 2.6.20 + +The following fix to smooth out the calculation from the +pending 2.6.21 tree by John Heffner fixes the problem for +these folks. + +[TCP]: Fix tcp_mem[] initialization. + +Change tcp_mem initialization function. The fraction of total memory +is now a continuous function of memory size, and independent of page +size. + +Signed-off-by: John Heffner +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/tcp.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -2457,11 +2457,18 @@ void __init tcp_init(void) + sysctl_max_syn_backlog = 128; + } + +- /* Allow no more than 3/4 kernel memory (usually less) allocated to TCP */ +- sysctl_tcp_mem[0] = (1536 / sizeof (struct inet_bind_hashbucket)) << order; +- sysctl_tcp_mem[1] = sysctl_tcp_mem[0] * 4 / 3; ++ /* Set the pressure threshold to be a fraction of global memory that ++ * is up to 1/2 at 256 MB, decreasing toward zero with the amount of ++ * memory, with a floor of 128 pages. ++ */ ++ limit = min(nr_all_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT); ++ limit = (limit * (nr_all_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11); ++ limit = max(limit, 128UL); ++ sysctl_tcp_mem[0] = limit / 4 * 3; ++ sysctl_tcp_mem[1] = limit; + sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2; + ++ /* Set per-socket limits to no more than 1/128 the pressure threshold */ + limit = ((unsigned long)sysctl_tcp_mem[1]) << (PAGE_SHIFT - 7); + max_share = min(4UL*1024*1024, limit); + diff --git a/queue-2.6.20/fix-irda-oops-er.patch b/queue-2.6.20/fix-irda-oops-er.patch new file mode 100644 index 00000000000..195897a05da --- /dev/null +++ b/queue-2.6.20/fix-irda-oops-er.patch @@ -0,0 +1,57 @@ +From stable-bounces@linux.kernel.org Wed Apr 18 15:15:24 2007 +From: Olaf Kirch +Date: Wed, 18 Apr 2007 15:14:14 -0700 (PDT) +Subject: Fix IRDA oops'er +To: stable@kernel.org +Cc: bunk@stusta.de +Message-ID: <20070418.151414.10298165.davem@davemloft.net> + +From: Olaf Kirch + +This fixes and OOPS due to incorrect socket orpahning in the +IRDA stack. + +[IrDA]: Correctly handling socket error + +This patch fixes an oops first reported in mid 2006 - see +http://lkml.org/lkml/2006/8/29/358 The cause of this bug report is that +when an error is signalled on the socket, irda_recvmsg_stream returns +without removing a local wait_queue variable from the socket's sk_sleep +queue. This causes havoc further down the road. + +In response to this problem, a patch was made that invoked sock_orphan on +the socket when receiving a disconnect indication. This is not a good fix, +as this sets sk_sleep to NULL, causing applications sleeping in recvmsg +(and other places) to oops. + +This is against the latest net-2.6 and should be considered for -stable +inclusion. + +Signed-off-by: Olaf Kirch +Signed-off-by: Samuel Ortiz +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/irda/af_irda.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/net/irda/af_irda.c ++++ b/net/irda/af_irda.c +@@ -138,7 +138,6 @@ static void irda_disconnect_indication(v + sk->sk_shutdown |= SEND_SHUTDOWN; + + sk->sk_state_change(sk); +- sock_orphan(sk); + release_sock(sk); + + /* Close our TSAP. +@@ -1446,7 +1445,7 @@ static int irda_recvmsg_stream(struct ki + */ + ret = sock_error(sk); + if (ret) +- break; ++ ; + else if (sk->sk_shutdown & RCV_SHUTDOWN) + ; + else if (noblock) diff --git a/queue-2.6.20/fix-netpoll-udp-input-path.patch b/queue-2.6.20/fix-netpoll-udp-input-path.patch new file mode 100644 index 00000000000..803d4b1eb58 --- /dev/null +++ b/queue-2.6.20/fix-netpoll-udp-input-path.patch @@ -0,0 +1,46 @@ +From stable-bounces@linux.kernel.org Tue Apr 17 14:47:42 2007 +From: Aubrey.Li +Date: Tue, 17 Apr 2007 14:46:33 -0700 (PDT) +Subject: Fix netpoll UDP input path +To: stable@kernel.org +Cc: bunk@stusta.de +Message-ID: <20070417.144633.08322607.davem@davemloft.net> + +From: Aubrey.Li + +Netpoll UDP input handler needs to pull up the UDP headers +and handle receive checksum offloading properly just like +the normal UDP input path does else we get corrupted +checksums. + +[NET]: Fix UDP checksum issue in net poll mode. + +In net poll mode, the current checksum function doesn't consider the +kind of packet which is padded to reach a specific minimum length. I +believe that's the problem causing my test case failed. The following +patch fixed this issue. + +Signed-off-by: Aubrey.Li +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/core/netpoll.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/net/core/netpoll.c ++++ b/net/core/netpoll.c +@@ -471,6 +471,13 @@ int __netpoll_rx(struct sk_buff *skb) + if (skb->len < len || len < iph->ihl*4) + goto out; + ++ /* ++ * Our transport medium may have padded the buffer out. ++ * Now We trim to the true length of the frame. ++ */ ++ if (pskb_trim_rcsum(skb, len)) ++ goto out; ++ + if (iph->protocol != IPPROTO_UDP) + goto out; + diff --git a/queue-2.6.20/fix-qlogicpti-dma-unmapping.patch b/queue-2.6.20/fix-qlogicpti-dma-unmapping.patch new file mode 100644 index 00000000000..888d7d34491 --- /dev/null +++ b/queue-2.6.20/fix-qlogicpti-dma-unmapping.patch @@ -0,0 +1,35 @@ +From stable-bounces@linux.kernel.org Tue Apr 17 14:36:22 2007 +From: David Miller +Date: Tue, 17 Apr 2007 14:35:07 -0700 (PDT) +Subject: Fix qlogicpti DMA unmapping +To: stable@kernel.org +Cc: bunk@stusta.de +Message-ID: <20070417.143507.85411086.davem@davemloft.net> + +From: David Miller + +[SCSI] QLOGICPTI: Do not unmap DMA unless we actually mapped something. + +We only map DMA when cmd->request_bufflen is non-zero for non-sg +buffers, we thus should make the same check when unmapping. + +Based upon a report from Pasi Pirhonen. + +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/qlogicpti.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/qlogicpti.c ++++ b/drivers/scsi/qlogicpti.c +@@ -1281,7 +1281,7 @@ static struct scsi_cmnd *qlogicpti_intr_ + (struct scatterlist *)Cmnd->request_buffer, + Cmnd->use_sg, + Cmnd->sc_data_direction); +- } else { ++ } else if (Cmnd->request_bufflen) { + sbus_unmap_single(qpti->sdev, + (__u32)((unsigned long)Cmnd->SCp.ptr), + Cmnd->request_bufflen, diff --git a/queue-2.6.20/nfs-fix-an-oops-in-nfs_setattr.patch b/queue-2.6.20/nfs-fix-an-oops-in-nfs_setattr.patch new file mode 100644 index 00000000000..d59ae1b3e88 --- /dev/null +++ b/queue-2.6.20/nfs-fix-an-oops-in-nfs_setattr.patch @@ -0,0 +1,52 @@ +From stable-bounces@linux.kernel.org Thu Apr 19 13:33:06 2007 +From: Trond Myklebust +Date: Thu, 19 Apr 2007 16:31:23 -0400 +Subject: [stable] NFS: Fix an Oops in nfs_setattr() +To: linux-stable +Cc: Trond Myklebust +Message-ID: <4627D19B.10208@redhat.com> + +From: Trond Myklebust + +NFS: Fix an Oops in nfs_setattr() + +It looks like nfs_setattr() and nfs_rename() also need to test whether the +target is a regular file before calling nfs_wb_all()... + +Signed-off-by: Trond Myklebust +Signed-off-by: Linus Torvalds +Cc: Chuck Ebbert +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/dir.c | 3 ++- + fs/nfs/inode.c | 6 ++++-- + 2 files changed, 6 insertions(+), 3 deletions(-) + +--- a/fs/nfs/dir.c ++++ b/fs/nfs/dir.c +@@ -1659,7 +1659,8 @@ go_ahead: + * ... prune child dentries and writebacks if needed. + */ + if (atomic_read(&old_dentry->d_count) > 1) { +- nfs_wb_all(old_inode); ++ if (S_ISREG(old_inode->i_mode)) ++ nfs_wb_all(old_inode); + shrink_dcache_parent(old_dentry); + } + nfs_inode_return_delegation(old_inode); +--- a/fs/nfs/inode.c ++++ b/fs/nfs/inode.c +@@ -334,8 +334,10 @@ nfs_setattr(struct dentry *dentry, struc + lock_kernel(); + nfs_begin_data_update(inode); + /* Write all dirty data */ +- filemap_write_and_wait(inode->i_mapping); +- nfs_wb_all(inode); ++ if (S_ISREG(inode->i_mode)) { ++ filemap_write_and_wait(inode->i_mapping); ++ nfs_wb_all(inode); ++ } + /* + * Return any delegations if we're going to change ACLs + */ diff --git a/queue-2.6.20/series b/queue-2.6.20/series index 27177a7f199..e0f80c38017 100644 --- a/queue-2.6.20/series +++ b/queue-2.6.20/series @@ -8,3 +8,14 @@ holepunch-fix-shmem_truncate_range-punch-locking.patch holepunch-fix-disconnected-pages-after-second-truncate.patch holepunch-fix-mmap_sem-i_mutex-deadlock.patch fix-sparc64-sbus-iommu-allocator.patch +fix-qlogicpti-dma-unmapping.patch +fix-compat-sys_ipc-on-sparc64.patch +fix-bogus-inline-directive-in-sparc64-pci-code.patch +fix-errors-in-tcp_mem-calculations.patch +fix-netpoll-udp-input-path.patch +fix-irda-oops-er.patch +cache_k8_northbridges-overflows-beyond-allocation.patch +exec.c-fix-coredump-to-pipe-problem-and-obscure-security-hole.patch +nfs-fix-an-oops-in-nfs_setattr.patch +x86-don-t-probe-for-ddc-on-vbe1.2.patch +vt-fix-potential-race-in-vt_waitactive-handler.patch diff --git a/queue-2.6.20/vt-fix-potential-race-in-vt_waitactive-handler.patch b/queue-2.6.20/vt-fix-potential-race-in-vt_waitactive-handler.patch new file mode 100644 index 00000000000..c2acbf0373b --- /dev/null +++ b/queue-2.6.20/vt-fix-potential-race-in-vt_waitactive-handler.patch @@ -0,0 +1,55 @@ +From stable-bounces@linux.kernel.org Thu Apr 19 13:36:11 2007 +From: Michal Januszewski +Date: Thu, 19 Apr 2007 16:34:50 -0400 +Subject: vt: fix potential race in VT_WAITACTIVE handler +To: linux-stable +Cc: Antonino Daplas +Message-ID: <4627D26A.70806@redhat.com> + +From: Michal Januszewski + +[PATCH] vt: fix potential race in VT_WAITACTIVE handler + +On a multiprocessor machine the VT_WAITACTIVE ioctl call may return 0 if +fg_console has already been updated in redraw_screen() but the console +switch itself hasn't been completed. Fix this by checking fg_console in +vt_waitactive() with the console sem held. + +Signed-off-by: Michal Januszewski +Acked-by: Antonino Daplas +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Chuck Ebbert +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/vt_ioctl.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +--- a/drivers/char/vt_ioctl.c ++++ b/drivers/char/vt_ioctl.c +@@ -1038,10 +1038,22 @@ int vt_waitactive(int vt) + + add_wait_queue(&vt_activate_queue, &wait); + for (;;) { +- set_current_state(TASK_INTERRUPTIBLE); + retval = 0; +- if (vt == fg_console) ++ ++ /* ++ * Synchronize with redraw_screen(). By acquiring the console ++ * semaphore we make sure that the console switch is completed ++ * before we return. If we didn't wait for the semaphore, we ++ * could return at a point where fg_console has already been ++ * updated, but the console switch hasn't been completed. ++ */ ++ acquire_console_sem(); ++ set_current_state(TASK_INTERRUPTIBLE); ++ if (vt == fg_console) { ++ release_console_sem(); + break; ++ } ++ release_console_sem(); + retval = -EINTR; + if (signal_pending(current)) + break; diff --git a/queue-2.6.20/x86-don-t-probe-for-ddc-on-vbe1.2.patch b/queue-2.6.20/x86-don-t-probe-for-ddc-on-vbe1.2.patch new file mode 100644 index 00000000000..cccb598623a --- /dev/null +++ b/queue-2.6.20/x86-don-t-probe-for-ddc-on-vbe1.2.patch @@ -0,0 +1,113 @@ +From stable-bounces@linux.kernel.org Thu Apr 19 13:34:34 2007 +From: Zwane Mwaikambo +Date: Thu, 19 Apr 2007 16:33:13 -0400 +Subject: x86: Don't probe for DDC on VBE1.2 +To: linux-stable +Cc: Andi Kleen , Zwane Mwaikambo +Message-ID: <4627D209.4000201@redhat.com> + +From: Zwane Mwaikambo + +[PATCH] x86: Don't probe for DDC on VBE1.2 + +VBE1.2 doesn't support function 15h (DDC) resulting in a 'hang' whilst +uncompressing kernel with some video cards. Make sure we check VBE version +before fiddling around with DDC. + +http://bugzilla.kernel.org/show_bug.cgi?id=1458 + +Opened: 2003-10-30 09:12 Last update: 2007-02-13 22:03 + +Much thanks to Tobias Hain for help in testing and investigating the bug. +Tested on; + +i386, Chips & Technologies 65548 VESA VBE 1.2 +CONFIG_VIDEO_SELECT=Y +CONFIG_FIRMWARE_EDID=Y + +Untested on x86_64. + +Signed-off-by: Zwane Mwaikambo +Signed-off-by: Andi Kleen +Cc: Chuck Ebbert +Signed-off-by: Greg Kroah-Hartman + +--- + arch/i386/boot/video.S | 14 ++++++++++++++ + arch/x86_64/boot/video.S | 14 ++++++++++++++ + 2 files changed, 28 insertions(+) + +--- a/arch/i386/boot/video.S ++++ b/arch/i386/boot/video.S +@@ -571,6 +571,16 @@ setr1: lodsw + jmp _m_s + + check_vesa: ++#ifdef CONFIG_FIRMWARE_EDID ++ leaw modelist+1024, %di ++ movw $0x4f00, %ax ++ int $0x10 ++ cmpw $0x004f, %ax ++ jnz setbad ++ ++ movw 4(%di), %ax ++ movw %ax, vbe_version ++#endif + leaw modelist+1024, %di + subb $VIDEO_FIRST_VESA>>8, %bh + movw %bx, %cx # Get mode information structure +@@ -1945,6 +1955,9 @@ store_edid: + rep + stosl + ++ cmpw $0x0200, vbe_version # only do EDID on >= VBE2.0 ++ jl no_edid ++ + pushw %es # save ES + xorw %di, %di # Report Capability + pushw %di +@@ -1987,6 +2000,7 @@ do_restore: .byte 0 # Screen contents al + svga_prefix: .byte VIDEO_FIRST_BIOS>>8 # Default prefix for BIOS modes + graphic_mode: .byte 0 # Graphic mode with a linear frame buffer + dac_size: .byte 6 # DAC bit depth ++vbe_version: .word 0 # VBE bios version + + # Status messages + keymsg: .ascii "Press to see video modes available, " +--- a/arch/x86_64/boot/video.S ++++ b/arch/x86_64/boot/video.S +@@ -571,6 +571,16 @@ setr1: lodsw + jmp _m_s + + check_vesa: ++#ifdef CONFIG_FIRMWARE_EDID ++ leaw modelist+1024, %di ++ movw $0x4f00, %ax ++ int $0x10 ++ cmpw $0x004f, %ax ++ jnz setbad ++ ++ movw 4(%di), %ax ++ movw %ax, vbe_version ++#endif + leaw modelist+1024, %di + subb $VIDEO_FIRST_VESA>>8, %bh + movw %bx, %cx # Get mode information structure +@@ -1945,6 +1955,9 @@ store_edid: + rep + stosl + ++ cmpw $0x0200, vbe_version # only do EDID on >= VBE2.0 ++ jl no_edid ++ + pushw %es # save ES + xorw %di, %di # Report Capability + pushw %di +@@ -1987,6 +2000,7 @@ do_restore: .byte 0 # Screen contents al + svga_prefix: .byte VIDEO_FIRST_BIOS>>8 # Default prefix for BIOS modes + graphic_mode: .byte 0 # Graphic mode with a linear frame buffer + dac_size: .byte 6 # DAC bit depth ++vbe_version: .word 0 # VBE bios version + + # Status messages + keymsg: .ascii "Press to see video modes available, "