From: Greg Kroah-Hartman Date: Mon, 4 Jan 2010 20:11:26 +0000 (-0800) Subject: start .31 queue X-Git-Tag: v2.6.31.10~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b913234f656a4339c10a1638bd138bcbded0117b;p=thirdparty%2Fkernel%2Fstable-queue.git start .31 queue --- diff --git a/queue-2.6.31/acerhdf-limit-modalias-matching-to-supported.patch b/queue-2.6.31/acerhdf-limit-modalias-matching-to-supported.patch new file mode 100644 index 00000000000..3ec0386c1b7 --- /dev/null +++ b/queue-2.6.31/acerhdf-limit-modalias-matching-to-supported.patch @@ -0,0 +1,44 @@ +From bdc731bc5fcd1794e9ac8ac80c389d302381c123 Mon Sep 17 00:00:00 2001 +From: Stefan Bader +Date: Mon, 21 Dec 2009 16:20:04 -0800 +Subject: acerhdf: limit modalias matching to supported + +From: Stefan Bader + +commit bdc731bc5fcd1794e9ac8ac80c389d302381c123 upstream. + +BugLink: https://bugs.launchpad.net/ubuntu/+bug/435958 + +The module alias currently matches any Acer computer but when loaded the +BIOS checks will only succeed on Aspire One models. This causes a invalid +BIOS warning for all other models (seen on Aspire 4810T). This is not +fatal but worries users that see this message. Limiting the moule alias +to models starting with AOA or DOA for Packard Bell. + +Signed-off-by: Stefan Bader +Acked-by: Borislav Petkov +Acked-by: Peter Feuerer +Signed-off-by: Andrew Morton +Signed-off-by: Len Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/platform/x86/acerhdf.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/platform/x86/acerhdf.c ++++ b/drivers/platform/x86/acerhdf.c +@@ -633,9 +633,10 @@ static void __exit acerhdf_exit(void) + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Peter Feuerer"); + MODULE_DESCRIPTION("Aspire One temperature and fan driver"); +-MODULE_ALIAS("dmi:*:*Acer*:*:"); +-MODULE_ALIAS("dmi:*:*Gateway*:*:"); +-MODULE_ALIAS("dmi:*:*Packard Bell*:*:"); ++MODULE_ALIAS("dmi:*:*Acer*:pnAOA*:"); ++MODULE_ALIAS("dmi:*:*Gateway*:pnAOA*:"); ++MODULE_ALIAS("dmi:*:*Packard Bell*:pnAOA*:"); ++MODULE_ALIAS("dmi:*:*Packard Bell*:pnDOA*:"); + + module_init(acerhdf_init); + module_exit(acerhdf_exit); diff --git a/queue-2.6.31/asoc-do-not-write-to-invalid-registers-on-the-wm9712.patch b/queue-2.6.31/asoc-do-not-write-to-invalid-registers-on-the-wm9712.patch new file mode 100644 index 00000000000..a99ad5a7c75 --- /dev/null +++ b/queue-2.6.31/asoc-do-not-write-to-invalid-registers-on-the-wm9712.patch @@ -0,0 +1,36 @@ +From 48e3cbb3f67a27d9c2db075f3d0f700246c40caa Mon Sep 17 00:00:00 2001 +From: Eric Millbrandt +Date: Tue, 22 Dec 2009 10:13:24 -0500 +Subject: ASoC: Do not write to invalid registers on the wm9712. + +From: Eric Millbrandt + +commit 48e3cbb3f67a27d9c2db075f3d0f700246c40caa upstream. + +This patch fixes a bug where "virtual" registers were being written to the ac97 +bus. This was causing unrelated registers to become corrupted (headphone 0x04, +touchscreen 0x78, etc). + +This patch duplicates protection that was included in the wm9713 driver. + +Signed-off-by: Eric Millbrandt +Acked-by: Liam Girdwood +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/codecs/wm9712.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/sound/soc/codecs/wm9712.c ++++ b/sound/soc/codecs/wm9712.c +@@ -464,7 +464,8 @@ static int ac97_write(struct snd_soc_cod + { + u16 *cache = codec->reg_cache; + +- soc_ac97_ops.write(codec->ac97, reg, val); ++ if (reg < 0x7c) ++ soc_ac97_ops.write(codec->ac97, reg, val); + reg = reg >> 1; + if (reg < (ARRAY_SIZE(wm9712_reg))) + cache[reg] = val; diff --git a/queue-2.6.31/cifs-null-out-tcon-psesinfo-and-srvtcp-pointers-when-chasing-dfs-referrals.patch b/queue-2.6.31/cifs-null-out-tcon-psesinfo-and-srvtcp-pointers-when-chasing-dfs-referrals.patch new file mode 100644 index 00000000000..8029a91cd35 --- /dev/null +++ b/queue-2.6.31/cifs-null-out-tcon-psesinfo-and-srvtcp-pointers-when-chasing-dfs-referrals.patch @@ -0,0 +1,71 @@ +From a2934c7b363ddcc001964f2444649f909e583bef Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Thu, 3 Dec 2009 08:09:41 -0500 +Subject: cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS referrals + +From: Jeff Layton + +commit a2934c7b363ddcc001964f2444649f909e583bef upstream. + +The scenario is this: + +The kernel gets EREMOTE and starts chasing a DFS referral at mount time. +The tcon reference is put, which puts the session reference too, but +neither pointer is zeroed out. + +The mount gets retried (goto try_mount_again) with new mount info. +Session setup fails fails and rc ends up being non-zero. The code then +falls through to the end and tries to put the previously freed tcon +pointer again. Oops at: cifs_put_smb_ses+0x14/0xd0 + +Fix this by moving the initialization of the rc variable and the tcon, +pSesInfo and srvTcp pointers below the try_mount_again label. Also, add +a FreeXid() before the goto to prevent xid "leaks". + +Signed-off-by: Jeff Layton +Reported-by: Gustavo Carvalho Homem +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/connect.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -2267,12 +2267,12 @@ int + cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, + char *mount_data_global, const char *devname) + { +- int rc = 0; ++ int rc; + int xid; + struct smb_vol *volume_info; +- struct cifsSesInfo *pSesInfo = NULL; +- struct cifsTconInfo *tcon = NULL; +- struct TCP_Server_Info *srvTcp = NULL; ++ struct cifsSesInfo *pSesInfo; ++ struct cifsTconInfo *tcon; ++ struct TCP_Server_Info *srvTcp; + char *full_path; + char *mount_data = mount_data_global; + #ifdef CONFIG_CIFS_DFS_UPCALL +@@ -2281,6 +2281,10 @@ cifs_mount(struct super_block *sb, struc + int referral_walks_count = 0; + try_mount_again: + #endif ++ rc = 0; ++ tcon = NULL; ++ pSesInfo = NULL; ++ srvTcp = NULL; + full_path = NULL; + + xid = GetXid(); +@@ -2577,6 +2581,7 @@ remote_path_check: + + cleanup_volume_info(&volume_info); + referral_walks_count++; ++ FreeXid(xid); + goto try_mount_again; + } + #else /* No DFS support, return error on mount */ diff --git a/queue-2.6.31/clockevents-prevent-clockevent_devices-list-corruption-on-cpu-hotplug.patch b/queue-2.6.31/clockevents-prevent-clockevent_devices-list-corruption-on-cpu-hotplug.patch new file mode 100644 index 00000000000..a470e4f2f2d --- /dev/null +++ b/queue-2.6.31/clockevents-prevent-clockevent_devices-list-corruption-on-cpu-hotplug.patch @@ -0,0 +1,67 @@ +From bb6eddf7676e1c1f3e637aa93c5224488d99036f Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Thu, 10 Dec 2009 15:35:10 +0100 +Subject: clockevents: Prevent clockevent_devices list corruption on cpu hotplug + +From: Thomas Gleixner + +commit bb6eddf7676e1c1f3e637aa93c5224488d99036f upstream. + +Xiaotian Feng triggered a list corruption in the clock events list on +CPU hotplug and debugged the root cause. + +If a CPU registers more than one per cpu clock event device, then only +the active clock event device is removed on CPU_DEAD. The unused +devices are kept in the clock events device list. + +On CPU up the clock event devices are registered again, which means +that we list_add an already enqueued list_head. That results in list +corruption. + +Resolve this by removing all devices which are associated to the dead +CPU on CPU_DEAD. + +Reported-by: Xiaotian Feng +Signed-off-by: Thomas Gleixner +Tested-by: Xiaotian Feng +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/clockevents.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +--- a/kernel/time/clockevents.c ++++ b/kernel/time/clockevents.c +@@ -237,8 +237,9 @@ void clockevents_exchange_device(struct + */ + void clockevents_notify(unsigned long reason, void *arg) + { +- struct list_head *node, *tmp; ++ struct clock_event_device *dev, *tmp; + unsigned long flags; ++ int cpu; + + spin_lock_irqsave(&clockevents_lock, flags); + clockevents_do_notify(reason, arg); +@@ -249,8 +250,19 @@ void clockevents_notify(unsigned long re + * Unregister the clock event devices which were + * released from the users in the notify chain. + */ +- list_for_each_safe(node, tmp, &clockevents_released) +- list_del(node); ++ list_for_each_entry_safe(dev, tmp, &clockevents_released, list) ++ list_del(&dev->list); ++ /* ++ * Now check whether the CPU has left unused per cpu devices ++ */ ++ cpu = *((int *)arg); ++ list_for_each_entry_safe(dev, tmp, &clockevent_devices, list) { ++ if (cpumask_test_cpu(cpu, dev->cpumask) && ++ cpumask_weight(dev->cpumask) == 1) { ++ BUG_ON(dev->mode != CLOCK_EVT_MODE_UNUSED); ++ list_del(&dev->list); ++ } ++ } + break; + default: + break; diff --git a/queue-2.6.31/dma-at_hdmac-correct-incompatible-type-for-argument-1-of-spin_lock_bh.patch b/queue-2.6.31/dma-at_hdmac-correct-incompatible-type-for-argument-1-of-spin_lock_bh.patch new file mode 100644 index 00000000000..9dda607ff3e --- /dev/null +++ b/queue-2.6.31/dma-at_hdmac-correct-incompatible-type-for-argument-1-of-spin_lock_bh.patch @@ -0,0 +1,39 @@ +From 4297a462f455e38f08976df7b16c849614a287da Mon Sep 17 00:00:00 2001 +From: Nicolas Ferre +Date: Wed, 16 Dec 2009 16:28:03 +0100 +Subject: dma: at_hdmac: correct incompatible type for argument 1 of 'spin_lock_bh' + +From: Nicolas Ferre + +commit 4297a462f455e38f08976df7b16c849614a287da upstream. + +Correct a typo error in locking calls. + +Signed-off-by: Nicolas Ferre +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/dma/at_hdmac.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/dma/at_hdmac.c ++++ b/drivers/dma/at_hdmac.c +@@ -813,7 +813,7 @@ atc_is_tx_complete(struct dma_chan *chan + dev_vdbg(chan2dev(chan), "is_tx_complete: %d (d%d, u%d)\n", + cookie, done ? *done : 0, used ? *used : 0); + +- spin_lock_bh(atchan->lock); ++ spin_lock_bh(&atchan->lock); + + last_complete = atchan->completed_cookie; + last_used = chan->cookie; +@@ -828,7 +828,7 @@ atc_is_tx_complete(struct dma_chan *chan + ret = dma_async_is_complete(cookie, last_complete, last_used); + } + +- spin_unlock_bh(atchan->lock); ++ spin_unlock_bh(&atchan->lock); + + if (done) + *done = last_complete; diff --git a/queue-2.6.31/drivers-net-usb-correct-code-taking-the-size-of-a-pointer.patch b/queue-2.6.31/drivers-net-usb-correct-code-taking-the-size-of-a-pointer.patch new file mode 100644 index 00000000000..869cd46688b --- /dev/null +++ b/queue-2.6.31/drivers-net-usb-correct-code-taking-the-size-of-a-pointer.patch @@ -0,0 +1,45 @@ +From 6057912d7baad31be9819518674ffad349a065b1 Mon Sep 17 00:00:00 2001 +From: Julia Lawall +Date: Sun, 13 Dec 2009 05:47:04 +0000 +Subject: drivers/net/usb: Correct code taking the size of a pointer + +From: Julia Lawall + +commit 6057912d7baad31be9819518674ffad349a065b1 upstream. + +sizeof(dev->dev_addr) is the size of a pointer. A few lines above, the +size of this field is obtained using netdev->addr_len for a call to memcpy, +so do the same here. + +A simplified version of the semantic patch that finds this problem is as +follows: (http://coccinelle.lip6.fr/) + +// +@@ +expression *x; +expression f; +type T; +@@ + +*f(...,(T)x,...) +// + +Signed-off-by: Julia Lawall +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/usb/rtl8150.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/usb/rtl8150.c ++++ b/drivers/net/usb/rtl8150.c +@@ -324,7 +324,7 @@ static int rtl8150_set_mac_address(struc + dbg("%02X:", netdev->dev_addr[i]); + dbg("%02X\n", netdev->dev_addr[i]); + /* Set the IDR registers. */ +- set_registers(dev, IDR, sizeof(netdev->dev_addr), netdev->dev_addr); ++ set_registers(dev, IDR, netdev->addr_len, netdev->dev_addr); + #ifdef EEPROM_WRITE + { + u8 cr; diff --git a/queue-2.6.31/iwmc3200wifi-fix-array-out-of-boundary-access.patch b/queue-2.6.31/iwmc3200wifi-fix-array-out-of-boundary-access.patch new file mode 100644 index 00000000000..63b0f428856 --- /dev/null +++ b/queue-2.6.31/iwmc3200wifi-fix-array-out-of-boundary-access.patch @@ -0,0 +1,31 @@ +From 6c853da3f30c93eae847ecbcd9fdf10ba0da04c2 Mon Sep 17 00:00:00 2001 +From: Zhu Yi +Date: Mon, 28 Dec 2009 14:23:11 +0800 +Subject: iwmc3200wifi: fix array out-of-boundary access + +From: Zhu Yi + +commit 6c853da3f30c93eae847ecbcd9fdf10ba0da04c2 upstream. + +Allocate priv->rx_packets[IWM_RX_ID_HASH + 1] because the max array +index is IWM_RX_ID_HASH according to IWM_RX_ID_GET_HASH(). + +Signed-off-by: Zhu Yi +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/iwmc3200wifi/iwm.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/iwmc3200wifi/iwm.h ++++ b/drivers/net/wireless/iwmc3200wifi/iwm.h +@@ -268,7 +268,7 @@ struct iwm_priv { + + struct sk_buff_head rx_list; + struct list_head rx_tickets; +- struct list_head rx_packets[IWM_RX_ID_HASH]; ++ struct list_head rx_packets[IWM_RX_ID_HASH + 1]; + struct workqueue_struct *rx_wq; + struct work_struct rx_worker; + diff --git a/queue-2.6.31/libertas-fix-buffer-overflow-in-lbs_get_essid.patch b/queue-2.6.31/libertas-fix-buffer-overflow-in-lbs_get_essid.patch new file mode 100644 index 00000000000..6c077d2731a --- /dev/null +++ b/queue-2.6.31/libertas-fix-buffer-overflow-in-lbs_get_essid.patch @@ -0,0 +1,50 @@ +From 45b241689179a6065384260242637cf21dabfb2d Mon Sep 17 00:00:00 2001 +From: Daniel Mack +Date: Wed, 16 Dec 2009 05:12:58 +0100 +Subject: Libertas: fix buffer overflow in lbs_get_essid() + +From: Daniel Mack + +commit 45b241689179a6065384260242637cf21dabfb2d upstream. + +The libertas driver copies the SSID buffer back to the wireless core and +appends a trailing NULL character for termination. This is + +a) unnecessary because the buffer is allocated with kzalloc and is hence + already NULLed when this function is called, and + +b) for priv->curbssparams.ssid_len == 32, it writes back one byte too + much which causes memory corruptions. + +Fix this by removing the extra write. + +Signed-off-by: Daniel Mack +Cc: Stephen Hemminger +Cc: Maithili Hinge +Cc: Kiran Divekar +Cc: Michael Hirsch +Cc: netdev@vger.kernel.org +Cc: libertas-dev@lists.infradead.org +Cc: linux-wireless@lists.infradead.org +Acked-by: Holger Schurig +Acked-by: Dan Williams +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/libertas/wext.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/net/wireless/libertas/wext.c ++++ b/drivers/net/wireless/libertas/wext.c +@@ -1951,10 +1951,8 @@ static int lbs_get_essid(struct net_devi + if (priv->connect_status == LBS_CONNECTED) { + memcpy(extra, priv->curbssparams.ssid, + priv->curbssparams.ssid_len); +- extra[priv->curbssparams.ssid_len] = '\0'; + } else { + memset(extra, 0, 32); +- extra[priv->curbssparams.ssid_len] = '\0'; + } + /* + * If none, we may want to get the one that was set diff --git a/queue-2.6.31/md-fix-unfortunate-interaction-with-evms.patch b/queue-2.6.31/md-fix-unfortunate-interaction-with-evms.patch new file mode 100644 index 00000000000..35e07fa4756 --- /dev/null +++ b/queue-2.6.31/md-fix-unfortunate-interaction-with-evms.patch @@ -0,0 +1,57 @@ +From cbd1998377504df005302ac90d49db72a48552a6 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Wed, 30 Dec 2009 12:08:49 +1100 +Subject: md: Fix unfortunate interaction with evms + +From: NeilBrown + +commit cbd1998377504df005302ac90d49db72a48552a6 upstream. + +evms configures md arrays by: + open device + send ioctl + close device + +for each different ioctl needed. +Since 2.6.29, the device can disappear after the 'close' +unless a significant configuration has happened to the device. +The change made by "SET_ARRAY_INFO" can too minor to stop the device +from disappearing, but important enough that losing the change is bad. + +So: make sure SET_ARRAY_INFO sets mddev->ctime, and keep the device +active as long as ctime is non-zero (it gets zeroed with lots of other +things when the array is stopped). + +This is suitable for -stable kernels since 2.6.29. + +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -276,7 +276,9 @@ static void mddev_put(mddev_t *mddev) + if (!atomic_dec_and_lock(&mddev->active, &all_mddevs_lock)) + return; + if (!mddev->raid_disks && list_empty(&mddev->disks) && +- !mddev->hold_active) { ++ mddev->ctime == 0 && !mddev->hold_active) { ++ /* Array is not configured at all, and not held active, ++ * so destroy it */ + list_del(&mddev->all_mddevs); + if (mddev->gendisk) { + /* we did a probe so need to clean up. +@@ -5040,6 +5042,10 @@ static int set_array_info(mddev_t * mdde + mddev->minor_version = info->minor_version; + mddev->patch_version = info->patch_version; + mddev->persistent = !info->not_persistent; ++ /* ensure mddev_put doesn't delete this now that there ++ * is some minimal configuration. ++ */ ++ mddev->ctime = get_seconds(); + return 0; + } + mddev->major_version = MD_MAJOR_VERSION; diff --git a/queue-2.6.31/pata_cmd64x-fix-overclocking-of-udma0-2-modes.patch b/queue-2.6.31/pata_cmd64x-fix-overclocking-of-udma0-2-modes.patch new file mode 100644 index 00000000000..07fad5069cf --- /dev/null +++ b/queue-2.6.31/pata_cmd64x-fix-overclocking-of-udma0-2-modes.patch @@ -0,0 +1,38 @@ +From 509426bd46ad0903dca409803e0ee3d30f99f1e8 Mon Sep 17 00:00:00 2001 +From: Bartlomiej Zolnierkiewicz +Date: Sun, 20 Dec 2009 19:22:33 +0100 +Subject: pata_cmd64x: fix overclocking of UDMA0-2 modes + +From: Bartlomiej Zolnierkiewicz + +commit 509426bd46ad0903dca409803e0ee3d30f99f1e8 upstream. + +adev->dma_mode stores the transfer mode value not UDMA mode number +so the condition in cmd64x_set_dmamode() is always true and the higher +UDMA clock is always selected. This can potentially result in data +corruption when UDMA33 device is used, when 40-wire cable is used or +when the error recovery code decides to lower the device speed down. + +The issue was introduced in the commit 6a40da0 ("libata cmd64x: whack +into a shape that looks like the documentation") which goes back to +kernel 2.6.20. + +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Jeff Garzik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/pata_cmd64x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/ata/pata_cmd64x.c ++++ b/drivers/ata/pata_cmd64x.c +@@ -219,7 +219,7 @@ static void cmd64x_set_dmamode(struct at + regU |= udma_data[adev->dma_mode - XFER_UDMA_0] << shift; + /* Merge the control bits */ + regU |= 1 << adev->devno; /* UDMA on */ +- if (adev->dma_mode > 2) /* 15nS timing */ ++ if (adev->dma_mode > XFER_UDMA_2) /* 15nS timing */ + regU |= 4 << adev->devno; + } else { + regU &= ~ (1 << adev->devno); /* UDMA off */ diff --git a/queue-2.6.31/pata_hpt3x2n-fix-clock-turnaround.patch b/queue-2.6.31/pata_hpt3x2n-fix-clock-turnaround.patch new file mode 100644 index 00000000000..7305835eed9 --- /dev/null +++ b/queue-2.6.31/pata_hpt3x2n-fix-clock-turnaround.patch @@ -0,0 +1,170 @@ +From 256ace9bbd4cdb6d48d5f55d55d42fa20527fad1 Mon Sep 17 00:00:00 2001 +From: Sergei Shtylyov +Date: Thu, 17 Dec 2009 01:11:27 -0500 +Subject: pata_hpt3x2n: fix clock turnaround + +From: Sergei Shtylyov + +commit 256ace9bbd4cdb6d48d5f55d55d42fa20527fad1 upstream. + +The clock turnaround code still doesn't work for several reasons: + +- 'USE_DPLL' flag in 'ap->host->private_data' is never initialized + or updated, so the driver can only set the chip to the DPLL clock + mode, not the PCI mode; + +- the driver doesn't serialize access to the channels depending on + the current clock mode like the vendor drivers, so the clock + turnaround is only executed "optionally", not always as it should be; + +- the wrong ports are written to when hpt3x2n_set_clock() is called + for the secondary channel; + +- hpt3x2n_set_clock() can inadvertently enable the disabled channels + when resetting the channel state machines. + +Signed-off-by: Sergei Shtylyov +Signed-off-by: Jeff Garzik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/pata_hpt3x2n.c | 64 ++++++++++++++++++++++++--------------------- + 1 file changed, 35 insertions(+), 29 deletions(-) + +--- a/drivers/ata/pata_hpt3x2n.c ++++ b/drivers/ata/pata_hpt3x2n.c +@@ -8,7 +8,7 @@ + * Copyright (C) 1999-2003 Andre Hedrick + * Portions Copyright (C) 2001 Sun Microsystems, Inc. + * Portions Copyright (C) 2003 Red Hat Inc +- * Portions Copyright (C) 2005-2007 MontaVista Software, Inc. ++ * Portions Copyright (C) 2005-2009 MontaVista Software, Inc. + * + * + * TODO +@@ -25,7 +25,7 @@ + #include + + #define DRV_NAME "pata_hpt3x2n" +-#define DRV_VERSION "0.3.7" ++#define DRV_VERSION "0.3.8" + + enum { + HPT_PCI_FAST = (1 << 31), +@@ -262,7 +262,7 @@ static void hpt3x2n_bmdma_stop(struct at + + static void hpt3x2n_set_clock(struct ata_port *ap, int source) + { +- void __iomem *bmdma = ap->ioaddr.bmdma_addr; ++ void __iomem *bmdma = ap->ioaddr.bmdma_addr - ap->port_no * 8; + + /* Tristate the bus */ + iowrite8(0x80, bmdma+0x73); +@@ -272,9 +272,9 @@ static void hpt3x2n_set_clock(struct ata + iowrite8(source, bmdma+0x7B); + iowrite8(0xC0, bmdma+0x79); + +- /* Reset state machines */ +- iowrite8(0x37, bmdma+0x70); +- iowrite8(0x37, bmdma+0x74); ++ /* Reset state machines, avoid enabling the disabled channels */ ++ iowrite8(ioread8(bmdma+0x70) | 0x32, bmdma+0x70); ++ iowrite8(ioread8(bmdma+0x74) | 0x32, bmdma+0x74); + + /* Complete reset */ + iowrite8(0x00, bmdma+0x79); +@@ -284,21 +284,10 @@ static void hpt3x2n_set_clock(struct ata + iowrite8(0x00, bmdma+0x77); + } + +-/* Check if our partner interface is busy */ +- +-static int hpt3x2n_pair_idle(struct ata_port *ap) +-{ +- struct ata_host *host = ap->host; +- struct ata_port *pair = host->ports[ap->port_no ^ 1]; +- +- if (pair->hsm_task_state == HSM_ST_IDLE) +- return 1; +- return 0; +-} +- + static int hpt3x2n_use_dpll(struct ata_port *ap, int writing) + { + long flags = (long)ap->host->private_data; ++ + /* See if we should use the DPLL */ + if (writing) + return USE_DPLL; /* Needed for write */ +@@ -307,20 +296,35 @@ static int hpt3x2n_use_dpll(struct ata_p + return 0; + } + ++static int hpt3x2n_qc_defer(struct ata_queued_cmd *qc) ++{ ++ struct ata_port *ap = qc->ap; ++ struct ata_port *alt = ap->host->ports[ap->port_no ^ 1]; ++ int rc, flags = (long)ap->host->private_data; ++ int dpll = hpt3x2n_use_dpll(ap, qc->tf.flags & ATA_TFLAG_WRITE); ++ ++ /* First apply the usual rules */ ++ rc = ata_std_qc_defer(qc); ++ if (rc != 0) ++ return rc; ++ ++ if ((flags & USE_DPLL) != dpll && alt->qc_active) ++ return ATA_DEFER_PORT; ++ return 0; ++} ++ + static unsigned int hpt3x2n_qc_issue(struct ata_queued_cmd *qc) + { +- struct ata_taskfile *tf = &qc->tf; + struct ata_port *ap = qc->ap; + int flags = (long)ap->host->private_data; ++ int dpll = hpt3x2n_use_dpll(ap, qc->tf.flags & ATA_TFLAG_WRITE); + +- if (hpt3x2n_pair_idle(ap)) { +- int dpll = hpt3x2n_use_dpll(ap, (tf->flags & ATA_TFLAG_WRITE)); +- if ((flags & USE_DPLL) != dpll) { +- if (dpll == 1) +- hpt3x2n_set_clock(ap, 0x21); +- else +- hpt3x2n_set_clock(ap, 0x23); +- } ++ if ((flags & USE_DPLL) != dpll) { ++ flags &= ~USE_DPLL; ++ flags |= dpll; ++ ap->host->private_data = (void *)(long)flags; ++ ++ hpt3x2n_set_clock(ap, dpll ? 0x21 : 0x23); + } + return ata_sff_qc_issue(qc); + } +@@ -337,6 +341,8 @@ static struct ata_port_operations hpt3x2 + .inherits = &ata_bmdma_port_ops, + + .bmdma_stop = hpt3x2n_bmdma_stop, ++ ++ .qc_defer = hpt3x2n_qc_defer, + .qc_issue = hpt3x2n_qc_issue, + + .cable_detect = hpt3x2n_cable_detect, +@@ -454,7 +460,7 @@ static int hpt3x2n_init_one(struct pci_d + unsigned int f_low, f_high; + int adjust; + unsigned long iobase = pci_resource_start(dev, 4); +- void *hpriv = NULL; ++ void *hpriv = (void *)USE_DPLL; + int rc; + + rc = pcim_enable_device(dev); +@@ -542,7 +548,7 @@ static int hpt3x2n_init_one(struct pci_d + /* Set our private data up. We only need a few flags so we use + it directly */ + if (pci_mhz > 60) { +- hpriv = (void *)PCI66; ++ hpriv = (void *)(PCI66 | USE_DPLL); + /* + * On HPT371N, if ATA clock is 66 MHz we must set bit 2 in + * the MISC. register to stretch the UltraDMA Tss timing. diff --git a/queue-2.6.31/scsi-fc-class-fix-fc_transport_init-error-handling.patch b/queue-2.6.31/scsi-fc-class-fix-fc_transport_init-error-handling.patch new file mode 100644 index 00000000000..250b40f62b6 --- /dev/null +++ b/queue-2.6.31/scsi-fc-class-fix-fc_transport_init-error-handling.patch @@ -0,0 +1,52 @@ +From 48de68a40aef032a2e198437f4781a83bfb938db Mon Sep 17 00:00:00 2001 +From: Mike Christie +Date: Tue, 17 Nov 2009 21:25:16 -0600 +Subject: SCSI: fc class: fix fc_transport_init error handling + +From: Mike Christie + +commit 48de68a40aef032a2e198437f4781a83bfb938db upstream. + +If transport_class_register fails we should unregister any +registered classes, or we will leak memory or other +resources. + +I did a quick modprobe of scsi_transport_fc to test the +patch. + +Signed-off-by: Mike Christie +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/scsi_transport_fc.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/scsi_transport_fc.c ++++ b/drivers/scsi/scsi_transport_fc.c +@@ -648,11 +648,22 @@ static __init int fc_transport_init(void + return error; + error = transport_class_register(&fc_vport_class); + if (error) +- return error; ++ goto unreg_host_class; + error = transport_class_register(&fc_rport_class); + if (error) +- return error; +- return transport_class_register(&fc_transport_class); ++ goto unreg_vport_class; ++ error = transport_class_register(&fc_transport_class); ++ if (error) ++ goto unreg_rport_class; ++ return 0; ++ ++unreg_rport_class: ++ transport_class_unregister(&fc_rport_class); ++unreg_vport_class: ++ transport_class_unregister(&fc_vport_class); ++unreg_host_class: ++ transport_class_unregister(&fc_host_class); ++ return error; + } + + static void __exit fc_transport_exit(void) diff --git a/queue-2.6.31/scsi-mpt2sas-add-missing-initialization-of-scsih_cmds.patch b/queue-2.6.31/scsi-mpt2sas-add-missing-initialization-of-scsih_cmds.patch new file mode 100644 index 00000000000..3c8e06671c6 --- /dev/null +++ b/queue-2.6.31/scsi-mpt2sas-add-missing-initialization-of-scsih_cmds.patch @@ -0,0 +1,33 @@ +From d685c262083dcd5fd98b7499b22a377a3225229c Mon Sep 17 00:00:00 2001 +From: Kashyap, Desai +Date: Tue, 17 Nov 2009 13:16:37 +0530 +Subject: SCSI: mpt2sas: add missing initialization of scsih_cmds + +From: Kashyap, Desai + +commit d685c262083dcd5fd98b7499b22a377a3225229c upstream. + +Internal command scsih_cmds init is included in mpt2sas_base_attach. + +Signed-off-by: Kashyap Desai +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/mpt2sas/mpt2sas_base.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/scsi/mpt2sas/mpt2sas_base.c ++++ b/drivers/scsi/mpt2sas/mpt2sas_base.c +@@ -3302,6 +3302,11 @@ mpt2sas_base_attach(struct MPT2SAS_ADAPT + mutex_init(&ioc->transport_cmds.mutex); + init_completion(&ioc->transport_cmds.done); + ++ /* scsih internal command bits */ ++ ioc->scsih_cmds.reply = kzalloc(ioc->reply_sz, GFP_KERNEL); ++ ioc->scsih_cmds.status = MPT2_CMD_NOT_USED; ++ mutex_init(&ioc->scsih_cmds.mutex); ++ + /* task management internal command bits */ + ioc->tm_cmds.reply = kzalloc(ioc->reply_sz, GFP_KERNEL); + ioc->tm_cmds.status = MPT2_CMD_NOT_USED; diff --git a/queue-2.6.31/series b/queue-2.6.31/series new file mode 100644 index 00000000000..20c4e16713e --- /dev/null +++ b/queue-2.6.31/series @@ -0,0 +1,19 @@ +acerhdf-limit-modalias-matching-to-supported.patch +asoc-do-not-write-to-invalid-registers-on-the-wm9712.patch +cifs-null-out-tcon-psesinfo-and-srvtcp-pointers-when-chasing-dfs-referrals.patch +clockevents-prevent-clockevent_devices-list-corruption-on-cpu-hotplug.patch +dma-at_hdmac-correct-incompatible-type-for-argument-1-of-spin_lock_bh.patch +drivers-net-usb-correct-code-taking-the-size-of-a-pointer.patch +iwmc3200wifi-fix-array-out-of-boundary-access.patch +libertas-fix-buffer-overflow-in-lbs_get_essid.patch +md-fix-unfortunate-interaction-with-evms.patch +pata_cmd64x-fix-overclocking-of-udma0-2-modes.patch +pata_hpt3x2n-fix-clock-turnaround.patch +scsi-fc-class-fix-fc_transport_init-error-handling.patch +scsi-mpt2sas-add-missing-initialization-of-scsih_cmds.patch +sound-sgio2audio-pdaudiocf-usb-audio-initialize-pcm-buffer.patch +usb-emi62-fix-crash-when-trying-to-load-emi-6-2-firmware.patch +usb-fix-a-bug-on-appledisplay.c-regarding-signedness.patch +usb-musb-gadget_ep0-avoid-setupend-interrupt.patch +usb-option-support-hi-speed-for-modem-haier-ce100.patch +x86-cpuid-add-volatile-to-asm-in-native_cpuid.patch diff --git a/queue-2.6.31/sound-sgio2audio-pdaudiocf-usb-audio-initialize-pcm-buffer.patch b/queue-2.6.31/sound-sgio2audio-pdaudiocf-usb-audio-initialize-pcm-buffer.patch new file mode 100644 index 00000000000..050720fb14b --- /dev/null +++ b/queue-2.6.31/sound-sgio2audio-pdaudiocf-usb-audio-initialize-pcm-buffer.patch @@ -0,0 +1,57 @@ +From 3e85fd614c7b6bb7f33bb04a0dcb5a3bfca4c0fe Mon Sep 17 00:00:00 2001 +From: Clemens Ladisch +Date: Fri, 18 Dec 2009 09:27:24 +0100 +Subject: sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer + +From: Clemens Ladisch + +commit 3e85fd614c7b6bb7f33bb04a0dcb5a3bfca4c0fe upstream. + +When allocating the PCM buffer, use vmalloc_user() instead of vmalloc(). +Otherwise, it would be possible for applications to play the previous +contents of the kernel memory to the speakers, or to read it directly if +the buffer is exported to userspace. + +Signed-off-by: Clemens Ladisch +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/mips/sgio2audio.c | 2 +- + sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c | 2 +- + sound/usb/usbaudio.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +--- a/sound/mips/sgio2audio.c ++++ b/sound/mips/sgio2audio.c +@@ -609,7 +609,7 @@ static int snd_sgio2audio_pcm_hw_params( + /* alloc virtual 'dma' area */ + if (runtime->dma_area) + vfree(runtime->dma_area); +- runtime->dma_area = vmalloc(size); ++ runtime->dma_area = vmalloc_user(size); + if (runtime->dma_area == NULL) + return -ENOMEM; + runtime->dma_bytes = size; +--- a/sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c ++++ b/sound/pcmcia/pdaudiocf/pdaudiocf_pcm.c +@@ -51,7 +51,7 @@ static int snd_pcm_alloc_vmalloc_buffer( + return 0; /* already enough large */ + vfree(runtime->dma_area); + } +- runtime->dma_area = vmalloc_32(size); ++ runtime->dma_area = vmalloc_32_user(size); + if (! runtime->dma_area) + return -ENOMEM; + runtime->dma_bytes = size; +--- a/sound/usb/usbaudio.c ++++ b/sound/usb/usbaudio.c +@@ -752,7 +752,7 @@ static int snd_pcm_alloc_vmalloc_buffer( + return 0; /* already large enough */ + vfree(runtime->dma_area); + } +- runtime->dma_area = vmalloc(size); ++ runtime->dma_area = vmalloc_user(size); + if (!runtime->dma_area) + return -ENOMEM; + runtime->dma_bytes = size; diff --git a/queue-2.6.31/usb-emi62-fix-crash-when-trying-to-load-emi-6-2-firmware.patch b/queue-2.6.31/usb-emi62-fix-crash-when-trying-to-load-emi-6-2-firmware.patch new file mode 100644 index 00000000000..c73e2241250 --- /dev/null +++ b/queue-2.6.31/usb-emi62-fix-crash-when-trying-to-load-emi-6-2-firmware.patch @@ -0,0 +1,43 @@ +From ac06c06770bb8761b1f1f9bdf2f5420fa6d3e9fa Mon Sep 17 00:00:00 2001 +From: Clemens Ladisch +Date: Mon, 21 Dec 2009 15:36:44 -0800 +Subject: USB: emi62: fix crash when trying to load EMI 6|2 firmware + +From: Clemens Ladisch + +commit ac06c06770bb8761b1f1f9bdf2f5420fa6d3e9fa upstream. + +While converting emi62 to use request_firmware(), the driver was also +changed to use the ihex helper functions. However, this broke the loading +of the FPGA firmware because the code tries to access the addr field of +the EOF record which works with a plain array that has an empty last +record but not with the ihex helper functions where the end of the data is +signaled with a NULL record pointer, resulting in: + +BUG: unable to handle kernel NULL pointer dereference at (null) +IP: [] emi62_load_firmware+0x33c/0x740 [emi62] + +This can be fixed by changing the loop condition to test the return value +of ihex_next_binrec() directly (like in emi26.c). + +Signed-off-by: Clemens Ladisch +Reported-and-tested-by: Der Mickster +Acked-by: David Woodhouse +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/misc/emi62.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/misc/emi62.c ++++ b/drivers/usb/misc/emi62.c +@@ -167,7 +167,7 @@ static int emi62_load_firmware (struct u + err("%s - error loading firmware: error = %d", __func__, err); + goto wraperr; + } +- } while (i > 0); ++ } while (rec); + + /* Assert reset (stop the CPU in the EMI) */ + err = emi62_set_reset(dev,1); diff --git a/queue-2.6.31/usb-fix-a-bug-on-appledisplay.c-regarding-signedness.patch b/queue-2.6.31/usb-fix-a-bug-on-appledisplay.c-regarding-signedness.patch new file mode 100644 index 00000000000..993573da917 --- /dev/null +++ b/queue-2.6.31/usb-fix-a-bug-on-appledisplay.c-regarding-signedness.patch @@ -0,0 +1,38 @@ +From 37e9066b2f85480d99d3795373f5ef0b00ac1189 Mon Sep 17 00:00:00 2001 +From: pancho horrillo +Date: Wed, 23 Dec 2009 11:09:13 +0100 +Subject: USB: Fix a bug on appledisplay.c regarding signedness + +From: pancho horrillo + +commit 37e9066b2f85480d99d3795373f5ef0b00ac1189 upstream. + +brightness status is reported by the Apple Cinema Displays as an +'unsigned char' (u8) value, but the code used 'char' instead. + +Note that he driver was developed on the PowerPC architecture, +where the two types are synonymous, which is not always the case. + +Fixed that. Otherwise the driver will interpret brightness +levels > 127 as negative, and fail to load. + +Signed-off-by: pancho horrillo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/misc/appledisplay.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/usb/misc/appledisplay.c ++++ b/drivers/usb/misc/appledisplay.c +@@ -72,8 +72,8 @@ struct appledisplay { + struct usb_device *udev; /* usb device */ + struct urb *urb; /* usb request block */ + struct backlight_device *bd; /* backlight device */ +- char *urbdata; /* interrupt URB data buffer */ +- char *msgdata; /* control message data buffer */ ++ u8 *urbdata; /* interrupt URB data buffer */ ++ u8 *msgdata; /* control message data buffer */ + + struct delayed_work work; + int button_pressed; diff --git a/queue-2.6.31/usb-musb-gadget_ep0-avoid-setupend-interrupt.patch b/queue-2.6.31/usb-musb-gadget_ep0-avoid-setupend-interrupt.patch new file mode 100644 index 00000000000..008425f0803 --- /dev/null +++ b/queue-2.6.31/usb-musb-gadget_ep0-avoid-setupend-interrupt.patch @@ -0,0 +1,58 @@ +From 17be5c5f5ef99c94374e07f71effa78e93a20eda Mon Sep 17 00:00:00 2001 +From: Sergei Shtylyov +Date: Tue, 15 Dec 2009 13:30:01 +0200 +Subject: USB: musb: gadget_ep0: avoid SetupEnd interrupt + +From: Sergei Shtylyov + +commit 17be5c5f5ef99c94374e07f71effa78e93a20eda upstream. + +Gadget stalling a zero-length SETUP request results in this error message: + +SetupEnd came in a wrong ep0stage idle + +In order to avoid it, always set the CSR0.DataEnd bit after detecting a zero- +length request. Add the missing '\n' to the error message itself as well... + +Signed-off-by: Sergei Shtylyov +Acked-by: Anand Gadiyar +Signed-off-by: Felipe Balbi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/musb/musb_gadget_ep0.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/usb/musb/musb_gadget_ep0.c ++++ b/drivers/usb/musb/musb_gadget_ep0.c +@@ -646,7 +646,7 @@ irqreturn_t musb_g_ep0_irq(struct musb * + musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; + break; + default: +- ERR("SetupEnd came in a wrong ep0stage %s", ++ ERR("SetupEnd came in a wrong ep0stage %s\n", + decode_ep0stage(musb->ep0_state)); + } + csr = musb_readw(regs, MUSB_CSR0); +@@ -769,12 +769,18 @@ setup: + handled = service_zero_data_request( + musb, &setup); + ++ /* ++ * We're expecting no data in any case, so ++ * always set the DATAEND bit -- doing this ++ * here helps avoid SetupEnd interrupt coming ++ * in the idle stage when we're stalling... ++ */ ++ musb->ackpend |= MUSB_CSR0_P_DATAEND; ++ + /* status stage might be immediate */ +- if (handled > 0) { +- musb->ackpend |= MUSB_CSR0_P_DATAEND; ++ if (handled > 0) + musb->ep0_state = + MUSB_EP0_STAGE_STATUSIN; +- } + break; + + /* sequence #1 (IN to host), includes GET_STATUS diff --git a/queue-2.6.31/usb-option-support-hi-speed-for-modem-haier-ce100.patch b/queue-2.6.31/usb-option-support-hi-speed-for-modem-haier-ce100.patch new file mode 100644 index 00000000000..804ad8151ea --- /dev/null +++ b/queue-2.6.31/usb-option-support-hi-speed-for-modem-haier-ce100.patch @@ -0,0 +1,47 @@ +From c983202bd03eb82394ef1dce5906702fcbc7bb80 Mon Sep 17 00:00:00 2001 +From: Donny Kurnia +Date: Wed, 23 Dec 2009 19:03:12 +0700 +Subject: USB: option: support hi speed for modem Haier CE100 + +From: Donny Kurnia + +commit c983202bd03eb82394ef1dce5906702fcbc7bb80 upstream. + +I made this patch for usbserial driver to add the support for EVDO modem +Haier CE100. The bugs report for this is here: +https://bugs.launchpad.net/ubuntu/+source/linux/+bug/490068 + +This patch based on these post: +http://blankblondtank.wordpress.com/2009/09/04/mengoptimalkan-koneksi-modem-haier-ce-100-cdma-di-linux/ +http://tantos.web.id/blogs/how-to-internet-connection-using-cdma-evdo-modem-and-karmic-koala-ubuntu-9-10 + +I hope this patch can help other that have the Haier C100 modem, mostly in my country, Indonesia. + +Signed-off-by: Donny Kurnia +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/option.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -337,6 +337,10 @@ static int option_resume(struct usb_ser + #define AIRPLUS_VENDOR_ID 0x1011 + #define AIRPLUS_PRODUCT_MCD650 0x3198 + ++/* Haier products */ ++#define HAIER_VENDOR_ID 0x201e ++#define HAIER_PRODUCT_CE100 0x2009 ++ + static struct usb_device_id option_ids[] = { + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) }, +@@ -637,6 +641,7 @@ static struct usb_device_id option_ids[] + { USB_DEVICE(ALCATEL_VENDOR_ID, ALCATEL_PRODUCT_X060S) }, + { USB_DEVICE(AIRPLUS_VENDOR_ID, AIRPLUS_PRODUCT_MCD650) }, + { USB_DEVICE(TLAYTECH_VENDOR_ID, TLAYTECH_PRODUCT_TEU800) }, ++ { USB_DEVICE(HAIER_VENDOR_ID, HAIER_PRODUCT_CE100) }, + { } /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(usb, option_ids); diff --git a/queue-2.6.31/x86-cpuid-add-volatile-to-asm-in-native_cpuid.patch b/queue-2.6.31/x86-cpuid-add-volatile-to-asm-in-native_cpuid.patch new file mode 100644 index 00000000000..250790752af --- /dev/null +++ b/queue-2.6.31/x86-cpuid-add-volatile-to-asm-in-native_cpuid.patch @@ -0,0 +1,48 @@ +From 45a94d7cd45ed991914011919e7d40eb6d2546d1 Mon Sep 17 00:00:00 2001 +From: Suresh Siddha +Date: Wed, 16 Dec 2009 16:25:42 -0800 +Subject: x86, cpuid: Add "volatile" to asm in native_cpuid() + +From: Suresh Siddha + +commit 45a94d7cd45ed991914011919e7d40eb6d2546d1 upstream. + +xsave_cntxt_init() does something like: + + cpuid(0xd, ..); // find out what features FP/SSE/.. etc are supported + + xsetbv(); // enable the features known to OS + + cpuid(0xd, ..); // find out the size of the context for features enabled + +Depending on what features get enabled in xsetbv(), value of the +cpuid.eax=0xd.ecx=0.ebx changes correspondingly (representing the +size of the context that is enabled). + +As we don't have volatile keyword for native_cpuid(), gcc 4.1.2 +optimizes away the second cpuid and the kernel continues to use +the cpuid information obtained before xsetbv(), ultimately leading to kernel +crash on processors supporting more state than the legacy FP/SSE. + +Add "volatile" for native_cpuid(). + +Signed-off-by: Suresh Siddha +LKML-Reference: <1261009542.2745.55.camel@sbs-t61.sc.intel.com> +Signed-off-by: H. Peter Anvin +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/processor.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/include/asm/processor.h ++++ b/arch/x86/include/asm/processor.h +@@ -179,7 +179,7 @@ static inline void native_cpuid(unsigned + unsigned int *ecx, unsigned int *edx) + { + /* ecx is often an input as well as an output. */ +- asm("cpuid" ++ asm volatile("cpuid" + : "=a" (*eax), + "=b" (*ebx), + "=c" (*ecx),