From: Greg Kroah-Hartman Date: Thu, 3 May 2012 20:19:34 +0000 (-0700) Subject: 3.3-stable patches X-Git-Tag: v3.3.5~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c621e2760bfda7033fcf8ba11f17d1d91831bb59;p=thirdparty%2Fkernel%2Fstable-queue.git 3.3-stable patches added patches: arm-7396-1-errata-only-handle-arm-erratum-326103-on-affected-cores.patch arm-7403-1-tls-remove-covert-channel-via-tpidrurw.patch arm-7406-1-hotplug-copy-the-affinity-mask-when-forcefully-migrating-irqs.patch efi-add-new-variable-attributes.patch efi-validate-uefi-boot-variables.patch mips-ath79-fix-ar933x-wmac-reset-code.patch scsi-libsas-fix-false-positive-device-attached-conditions.patch scsi-libsas-fix-sas_find_bcast_phy-in-the-presence-of-vacant-phys.patch usb-ehci-tegra-remove-redundant-gpio_set_value.patch --- diff --git a/queue-3.3/arm-7396-1-errata-only-handle-arm-erratum-326103-on-affected-cores.patch b/queue-3.3/arm-7396-1-errata-only-handle-arm-erratum-326103-on-affected-cores.patch new file mode 100644 index 00000000000..459d587f733 --- /dev/null +++ b/queue-3.3/arm-7396-1-errata-only-handle-arm-erratum-326103-on-affected-cores.patch @@ -0,0 +1,84 @@ +From f0c4b8d653f5ee091fb8d4d02ed7eaad397491bb Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Fri, 20 Apr 2012 17:20:08 +0100 +Subject: ARM: 7396/1: errata: only handle ARM erratum #326103 on affected cores + +From: Will Deacon + +commit f0c4b8d653f5ee091fb8d4d02ed7eaad397491bb upstream. + +Erratum #326103 ("FSR write bit incorrect on a SWP to read-only memory") +only affects the ARM 1136 core prior to r1p0. The workaround +disassembles the faulting instruction to determine whether it was a read +or write access on all v6 cores. + +An issue has been reported on the ARM 11MPCore whereby loading the +faulting instruction may happen in parallel with that page being +unmapped, resulting in a deadlock due to the lack of TLB broadcasting +in hardware: + +http://lists.infradead.org/pipermail/linux-arm-kernel/2012-March/091561.html + +This patch limits the workaround so that it is only used on affected +cores, which are known to be UP only. Other v6 cores can rely on the +FSR to indicate the access type correctly. + +Signed-off-by: Will Deacon +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/Kconfig | 9 +++++++++ + arch/arm/mm/abort-ev6.S | 17 +++++++++++------ + 2 files changed, 20 insertions(+), 6 deletions(-) + +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1163,6 +1163,15 @@ if !MMU + source "arch/arm/Kconfig-nommu" + endif + ++config ARM_ERRATA_326103 ++ bool "ARM errata: FSR write bit incorrect on a SWP to read-only memory" ++ depends on CPU_V6 ++ help ++ Executing a SWP instruction to read-only memory does not set bit 11 ++ of the FSR on the ARM 1136 prior to r1p0. This causes the kernel to ++ treat the access as a read, preventing a COW from occurring and ++ causing the faulting task to livelock. ++ + config ARM_ERRATA_411920 + bool "ARM errata: Invalidation of the Instruction Cache operation can fail" + depends on CPU_V6 || CPU_V6K +--- a/arch/arm/mm/abort-ev6.S ++++ b/arch/arm/mm/abort-ev6.S +@@ -26,18 +26,23 @@ ENTRY(v6_early_abort) + mrc p15, 0, r1, c5, c0, 0 @ get FSR + mrc p15, 0, r0, c6, c0, 0 @ get FAR + /* +- * Faulty SWP instruction on 1136 doesn't set bit 11 in DFSR (erratum 326103). +- * The test below covers all the write situations, including Java bytecodes ++ * Faulty SWP instruction on 1136 doesn't set bit 11 in DFSR. + */ +- bic r1, r1, #1 << 11 @ clear bit 11 of FSR ++#ifdef CONFIG_ARM_ERRATA_326103 ++ ldr ip, =0x4107b36 ++ mrc p15, 0, r3, c0, c0, 0 @ get processor id ++ teq ip, r3, lsr #4 @ r0 ARM1136? ++ bne do_DataAbort + tst r5, #PSR_J_BIT @ Java? ++ tsteq r5, #PSR_T_BIT @ Thumb? + bne do_DataAbort +- do_thumb_abort fsr=r1, pc=r4, psr=r5, tmp=r3 +- ldreq r3, [r4] @ read aborted ARM instruction ++ bic r1, r1, #1 << 11 @ clear bit 11 of FSR ++ ldr r3, [r4] @ read aborted ARM instruction + #ifdef CONFIG_CPU_ENDIAN_BE8 +- reveq r3, r3 ++ rev r3, r3 + #endif + do_ldrd_abort tmp=ip, insn=r3 + tst r3, #1 << 20 @ L = 0 -> write + orreq r1, r1, #1 << 11 @ yes. ++#endif + b do_DataAbort diff --git a/queue-3.3/arm-7403-1-tls-remove-covert-channel-via-tpidrurw.patch b/queue-3.3/arm-7403-1-tls-remove-covert-channel-via-tpidrurw.patch new file mode 100644 index 00000000000..8557c12629e --- /dev/null +++ b/queue-3.3/arm-7403-1-tls-remove-covert-channel-via-tpidrurw.patch @@ -0,0 +1,50 @@ +From 6a1c53124aa161eb624ce7b1e40ade728186d34c Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Fri, 27 Apr 2012 12:45:07 +0100 +Subject: ARM: 7403/1: tls: remove covert channel via TPIDRURW + +From: Will Deacon + +commit 6a1c53124aa161eb624ce7b1e40ade728186d34c upstream. + +TPIDRURW is a user read/write register forming part of the group of +thread registers in more recent versions of the ARM architecture (~v6+). + +Currently, the kernel does not touch this register, which allows tasks +to communicate covertly by reading and writing to the register without +context-switching affecting its contents. + +This patch clears TPIDRURW when TPIDRURO is updated via the set_tls +macro, which is called directly from __switch_to. Since the current +behaviour makes the register useless to userspace as far as thread +pointers are concerned, simply clearing the register (rather than saving +and restoring it) will not cause any problems to userspace. + +Signed-off-by: Will Deacon +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/include/asm/tls.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/arm/include/asm/tls.h ++++ b/arch/arm/include/asm/tls.h +@@ -7,6 +7,8 @@ + + .macro set_tls_v6k, tp, tmp1, tmp2 + mcr p15, 0, \tp, c13, c0, 3 @ set TLS register ++ mov \tmp1, #0 ++ mcr p15, 0, \tmp1, c13, c0, 2 @ clear user r/w TLS register + .endm + + .macro set_tls_v6, tp, tmp1, tmp2 +@@ -15,6 +17,8 @@ + mov \tmp2, #0xffff0fff + tst \tmp1, #HWCAP_TLS @ hardware TLS available? + mcrne p15, 0, \tp, c13, c0, 3 @ yes, set TLS register ++ movne \tmp1, #0 ++ mcrne p15, 0, \tmp1, c13, c0, 2 @ clear user r/w TLS register + streq \tp, [\tmp2, #-15] @ set TLS value at 0xffff0ff0 + .endm + diff --git a/queue-3.3/arm-7406-1-hotplug-copy-the-affinity-mask-when-forcefully-migrating-irqs.patch b/queue-3.3/arm-7406-1-hotplug-copy-the-affinity-mask-when-forcefully-migrating-irqs.patch new file mode 100644 index 00000000000..75167988eca --- /dev/null +++ b/queue-3.3/arm-7406-1-hotplug-copy-the-affinity-mask-when-forcefully-migrating-irqs.patch @@ -0,0 +1,50 @@ +From 5e7371ded05adfcfcee44a8bc070bfc37979b8f2 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Fri, 27 Apr 2012 12:56:24 +0100 +Subject: ARM: 7406/1: hotplug: copy the affinity mask when forcefully migrating IRQs + +From: Will Deacon + +commit 5e7371ded05adfcfcee44a8bc070bfc37979b8f2 upstream. + +When a CPU is hotplugged off, we migrate any IRQs currently affine to it +away and onto another online CPU by calling the irq_set_affinity +function of the relevant interrupt controller chip. This function +returns either IRQ_SET_MASK_OK or IRQ_SET_MASK_OK_NOCOPY, to indicate +whether irq_data.affinity was updated. + +If we are forcefully migrating an interrupt (because the affinity mask +no longer identifies any online CPUs) then we should update the IRQ +affinity mask to reflect the new CPU set. Failure to do so can +potentially leave /proc/irq/n/smp_affinity identifying only offline +CPUs, which may confuse userspace IRQ balancing daemons. + +This patch updates migrate_one_irq to copy the affinity mask when +the interrupt chip returns IRQ_SET_MASK_OK after forcefully changing the +affinity of an interrupt. + +Reported-by: Leif Lindholm +Signed-off-by: Will Deacon +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/kernel/irq.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/arm/kernel/irq.c ++++ b/arch/arm/kernel/irq.c +@@ -156,10 +156,10 @@ static bool migrate_one_irq(struct irq_d + } + + c = irq_data_get_irq_chip(d); +- if (c->irq_set_affinity) +- c->irq_set_affinity(d, affinity, true); +- else ++ if (!c->irq_set_affinity) + pr_debug("IRQ%u: unable to set affinity\n", d->irq); ++ else if (c->irq_set_affinity(d, affinity, true) == IRQ_SET_MASK_OK && ret) ++ cpumask_copy(d->affinity, affinity); + + return ret; + } diff --git a/queue-3.3/efi-add-new-variable-attributes.patch b/queue-3.3/efi-add-new-variable-attributes.patch new file mode 100644 index 00000000000..d10ce02d8fc --- /dev/null +++ b/queue-3.3/efi-add-new-variable-attributes.patch @@ -0,0 +1,41 @@ +From 41b3254c93acc56adc3c4477fef7c9512d47659e Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Mon, 30 Apr 2012 16:11:29 -0400 +Subject: efi: Add new variable attributes + +From: Matthew Garrett + +commit 41b3254c93acc56adc3c4477fef7c9512d47659e upstream. + +More recent versions of the UEFI spec have added new attributes for +variables. Add them. + +Signed-off-by: Matthew Garrett +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/efi.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -510,7 +510,18 @@ extern int __init efi_setup_pcdp_console + #define EFI_VARIABLE_NON_VOLATILE 0x0000000000000001 + #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x0000000000000002 + #define EFI_VARIABLE_RUNTIME_ACCESS 0x0000000000000004 ++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x0000000000000008 ++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x0000000000000010 ++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x0000000000000020 ++#define EFI_VARIABLE_APPEND_WRITE 0x0000000000000040 + ++#define EFI_VARIABLE_MASK (EFI_VARIABLE_NON_VOLATILE | \ ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | \ ++ EFI_VARIABLE_RUNTIME_ACCESS | \ ++ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ ++ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ ++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \ ++ EFI_VARIABLE_APPEND_WRITE) + /* + * The type of search to perform when calling boottime->locate_handle + */ diff --git a/queue-3.3/efi-validate-uefi-boot-variables.patch b/queue-3.3/efi-validate-uefi-boot-variables.patch new file mode 100644 index 00000000000..d09d16fdb79 --- /dev/null +++ b/queue-3.3/efi-validate-uefi-boot-variables.patch @@ -0,0 +1,229 @@ +From fec6c20b570bcf541e581fc97f2e0cbdb9725b98 Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Mon, 30 Apr 2012 16:11:30 -0400 +Subject: efi: Validate UEFI boot variables + +From: Matthew Garrett + +commit fec6c20b570bcf541e581fc97f2e0cbdb9725b98 upstream. + +A common flaw in UEFI systems is a refusal to POST triggered by a malformed +boot variable. Once in this state, machines may only be restored by +reflashing their firmware with an external hardware device. While this is +obviously a firmware bug, the serious nature of the outcome suggests that +operating systems should filter their variable writes in order to prevent +a malicious user from rendering the machine unusable. + +Signed-off-by: Matthew Garrett +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/firmware/efivars.c | 182 +++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 182 insertions(+) + +--- a/drivers/firmware/efivars.c ++++ b/drivers/firmware/efivars.c +@@ -191,6 +191,176 @@ utf16_strncmp(const efi_char16_t *a, con + } + } + ++static bool ++validate_device_path(struct efi_variable *var, int match, u8 *buffer, int len) ++{ ++ struct efi_generic_dev_path *node; ++ int offset = 0; ++ ++ node = (struct efi_generic_dev_path *)buffer; ++ ++ while (offset < len) { ++ offset += node->length; ++ ++ if (offset > len) ++ return false; ++ ++ if ((node->type == EFI_DEV_END_PATH || ++ node->type == EFI_DEV_END_PATH2) && ++ node->sub_type == EFI_DEV_END_ENTIRE) ++ return true; ++ ++ node = (struct efi_generic_dev_path *)(buffer + offset); ++ } ++ ++ /* ++ * If we're here then either node->length pointed past the end ++ * of the buffer or we reached the end of the buffer without ++ * finding a device path end node. ++ */ ++ return false; ++} ++ ++static bool ++validate_boot_order(struct efi_variable *var, int match, u8 *buffer, int len) ++{ ++ /* An array of 16-bit integers */ ++ if ((len % 2) != 0) ++ return false; ++ ++ return true; ++} ++ ++static bool ++validate_load_option(struct efi_variable *var, int match, u8 *buffer, int len) ++{ ++ u16 filepathlength; ++ int i, desclength = 0; ++ ++ /* Either "Boot" or "Driver" followed by four digits of hex */ ++ for (i = match; i < match+4; i++) { ++ if (hex_to_bin(var->VariableName[i] & 0xff) < 0) ++ return true; ++ } ++ ++ /* A valid entry must be at least 6 bytes */ ++ if (len < 6) ++ return false; ++ ++ filepathlength = buffer[4] | buffer[5] << 8; ++ ++ /* ++ * There's no stored length for the description, so it has to be ++ * found by hand ++ */ ++ desclength = utf16_strsize((efi_char16_t *)(buffer + 6), len) + 2; ++ ++ /* Each boot entry must have a descriptor */ ++ if (!desclength) ++ return false; ++ ++ /* ++ * If the sum of the length of the description, the claimed filepath ++ * length and the original header are greater than the length of the ++ * variable, it's malformed ++ */ ++ if ((desclength + filepathlength + 6) > len) ++ return false; ++ ++ /* ++ * And, finally, check the filepath ++ */ ++ return validate_device_path(var, match, buffer + desclength + 6, ++ filepathlength); ++} ++ ++static bool ++validate_uint16(struct efi_variable *var, int match, u8 *buffer, int len) ++{ ++ /* A single 16-bit integer */ ++ if (len != 2) ++ return false; ++ ++ return true; ++} ++ ++static bool ++validate_ascii_string(struct efi_variable *var, int match, u8 *buffer, int len) ++{ ++ int i; ++ ++ for (i = 0; i < len; i++) { ++ if (buffer[i] > 127) ++ return false; ++ ++ if (buffer[i] == 0) ++ return true; ++ } ++ ++ return false; ++} ++ ++struct variable_validate { ++ char *name; ++ bool (*validate)(struct efi_variable *var, int match, u8 *data, ++ int len); ++}; ++ ++static const struct variable_validate variable_validate[] = { ++ { "BootNext", validate_uint16 }, ++ { "BootOrder", validate_boot_order }, ++ { "DriverOrder", validate_boot_order }, ++ { "Boot*", validate_load_option }, ++ { "Driver*", validate_load_option }, ++ { "ConIn", validate_device_path }, ++ { "ConInDev", validate_device_path }, ++ { "ConOut", validate_device_path }, ++ { "ConOutDev", validate_device_path }, ++ { "ErrOut", validate_device_path }, ++ { "ErrOutDev", validate_device_path }, ++ { "Timeout", validate_uint16 }, ++ { "Lang", validate_ascii_string }, ++ { "PlatformLang", validate_ascii_string }, ++ { "", NULL }, ++}; ++ ++static bool ++validate_var(struct efi_variable *var, u8 *data, int len) ++{ ++ int i; ++ u16 *unicode_name = var->VariableName; ++ ++ for (i = 0; variable_validate[i].validate != NULL; i++) { ++ const char *name = variable_validate[i].name; ++ int match; ++ ++ for (match = 0; ; match++) { ++ char c = name[match]; ++ u16 u = unicode_name[match]; ++ ++ /* All special variables are plain ascii */ ++ if (u > 127) ++ return true; ++ ++ /* Wildcard in the matching name means we've matched */ ++ if (c == '*') ++ return variable_validate[i].validate(var, ++ match, data, len); ++ ++ /* Case sensitive match */ ++ if (c != u) ++ break; ++ ++ /* Reached the end of the string while matching */ ++ if (!c) ++ return variable_validate[i].validate(var, ++ match, data, len); ++ } ++ } ++ ++ return true; ++} ++ + static efi_status_t + get_var_data_locked(struct efivars *efivars, struct efi_variable *var) + { +@@ -324,6 +494,12 @@ efivar_store_raw(struct efivar_entry *en + return -EINVAL; + } + ++ if ((new_var->Attributes & ~EFI_VARIABLE_MASK) != 0 || ++ validate_var(new_var, new_var->Data, new_var->DataSize) == false) { ++ printk(KERN_ERR "efivars: Malformed variable content\n"); ++ return -EINVAL; ++ } ++ + spin_lock(&efivars->lock); + status = efivars->ops->set_variable(new_var->VariableName, + &new_var->VendorGuid, +@@ -626,6 +802,12 @@ static ssize_t efivar_create(struct file + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + ++ if ((new_var->Attributes & ~EFI_VARIABLE_MASK) != 0 || ++ validate_var(new_var, new_var->Data, new_var->DataSize) == false) { ++ printk(KERN_ERR "efivars: Malformed variable content\n"); ++ return -EINVAL; ++ } ++ + spin_lock(&efivars->lock); + + /* diff --git a/queue-3.3/mips-ath79-fix-ar933x-wmac-reset-code.patch b/queue-3.3/mips-ath79-fix-ar933x-wmac-reset-code.patch new file mode 100644 index 00000000000..312e52bc0b6 --- /dev/null +++ b/queue-3.3/mips-ath79-fix-ar933x-wmac-reset-code.patch @@ -0,0 +1,36 @@ +From de14ca6ae2c592d66db88f1e5596b26f7f011384 Mon Sep 17 00:00:00 2001 +From: Gabor Juhos +Date: Wed, 14 Mar 2012 10:28:35 +0100 +Subject: MIPS: ath79: fix AR933X WMAC reset code + +From: Gabor Juhos + +commit de14ca6ae2c592d66db88f1e5596b26f7f011384 upstream. + +The current code puts the built-in WMAC device of the +AR933X SoCs into reset instead of starting it. This +causes a hard lock on AR933X based boards when the +wireless driver tries to access the device. + +Signed-off-by: Gabor Juhos +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/3484/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/ath79/dev-wmac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/ath79/dev-wmac.c ++++ b/arch/mips/ath79/dev-wmac.c +@@ -58,8 +58,8 @@ static void __init ar913x_wmac_setup(voi + + static int ar933x_wmac_reset(void) + { +- ath79_device_reset_clear(AR933X_RESET_WMAC); + ath79_device_reset_set(AR933X_RESET_WMAC); ++ ath79_device_reset_clear(AR933X_RESET_WMAC); + + return 0; + } diff --git a/queue-3.3/scsi-libsas-fix-false-positive-device-attached-conditions.patch b/queue-3.3/scsi-libsas-fix-false-positive-device-attached-conditions.patch new file mode 100644 index 00000000000..f245893f735 --- /dev/null +++ b/queue-3.3/scsi-libsas-fix-false-positive-device-attached-conditions.patch @@ -0,0 +1,45 @@ +From 7d1d865181185bdf1316d236b1b4bd02c9020729 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 20 Mar 2012 10:50:27 -0700 +Subject: SCSI: libsas: fix false positive 'device attached' conditions + +From: Dan Williams + +commit 7d1d865181185bdf1316d236b1b4bd02c9020729 upstream. + +Normalize phy->attached_sas_addr to return a zero-address in the case +when device-type == NO_DEVICE or the linkrate is invalid to handle +expanders that put non-zero sas addresses in the discovery response: + + sas: ex 5001b4da000f903f phy02:U:0 attached: 0100000000000000 (no device) + sas: ex 5001b4da000f903f phy01:U:0 attached: 0100000000000000 (no device) + sas: ex 5001b4da000f903f phy03:U:0 attached: 0100000000000000 (no device) + sas: ex 5001b4da000f903f phy00:U:0 attached: 0100000000000000 (no device) + +Reported-by: Andrzej Jakowski +Signed-off-by: Dan Williams +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/libsas/sas_expander.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/libsas/sas_expander.c ++++ b/drivers/scsi/libsas/sas_expander.c +@@ -192,7 +192,14 @@ static void sas_set_ex_phy(struct domain + phy->attached_sata_ps = dr->attached_sata_ps; + phy->attached_iproto = dr->iproto << 1; + phy->attached_tproto = dr->tproto << 1; +- memcpy(phy->attached_sas_addr, dr->attached_sas_addr, SAS_ADDR_SIZE); ++ /* help some expanders that fail to zero sas_address in the 'no ++ * device' case ++ */ ++ if (phy->attached_dev_type == NO_DEVICE || ++ phy->linkrate < SAS_LINK_RATE_1_5_GBPS) ++ memset(phy->attached_sas_addr, 0, SAS_ADDR_SIZE); ++ else ++ memcpy(phy->attached_sas_addr, dr->attached_sas_addr, SAS_ADDR_SIZE); + phy->attached_phy_id = dr->attached_phy_id; + phy->phy_change_count = dr->change_count; + phy->routing_attr = dr->routing_attr; diff --git a/queue-3.3/scsi-libsas-fix-sas_find_bcast_phy-in-the-presence-of-vacant-phys.patch b/queue-3.3/scsi-libsas-fix-sas_find_bcast_phy-in-the-presence-of-vacant-phys.patch new file mode 100644 index 00000000000..ee16938f6bf --- /dev/null +++ b/queue-3.3/scsi-libsas-fix-sas_find_bcast_phy-in-the-presence-of-vacant-phys.patch @@ -0,0 +1,56 @@ +From 1699490db339e2c6b3037ea8e7dcd6b2755b688e Mon Sep 17 00:00:00 2001 +From: Thomas Jackson +Date: Fri, 17 Feb 2012 18:33:10 -0800 +Subject: SCSI: libsas: fix sas_find_bcast_phy() in the presence of 'vacant' phys + +From: Thomas Jackson + +commit 1699490db339e2c6b3037ea8e7dcd6b2755b688e upstream. + +If an expander reports 'PHY VACANT' for a phy index prior to the one +that generated a BCN libsas fails rediscovery. Since a vacant phy is +defined as a valid phy index that will never have an attached device +just continue the search. + +Signed-off-by: Thomas Jackson +Signed-off-by: Dan Williams +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/libsas/sas_expander.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/libsas/sas_expander.c ++++ b/drivers/scsi/libsas/sas_expander.c +@@ -1643,9 +1643,17 @@ static int sas_find_bcast_phy(struct dom + int phy_change_count = 0; + + res = sas_get_phy_change_count(dev, i, &phy_change_count); +- if (res) +- goto out; +- else if (phy_change_count != ex->ex_phy[i].phy_change_count) { ++ switch (res) { ++ case SMP_RESP_PHY_VACANT: ++ case SMP_RESP_NO_PHY: ++ continue; ++ case SMP_RESP_FUNC_ACC: ++ break; ++ default: ++ return res; ++ } ++ ++ if (phy_change_count != ex->ex_phy[i].phy_change_count) { + if (update) + ex->ex_phy[i].phy_change_count = + phy_change_count; +@@ -1653,8 +1661,7 @@ static int sas_find_bcast_phy(struct dom + return 0; + } + } +-out: +- return res; ++ return 0; + } + + static int sas_get_ex_change_count(struct domain_device *dev, int *ecc) diff --git a/queue-3.3/series b/queue-3.3/series index fe9f270505a..dccdeed36a5 100644 --- a/queue-3.3/series +++ b/queue-3.3/series @@ -35,3 +35,12 @@ pipes-add-a-packetized-pipe-mode-for-writing.patch autofs-make-the-autofsv5-packet-file-descriptor-use-a-packetized-pipe.patch crypto-talitos-properly-lock-access-to-global-talitos-registers.patch input-synaptics-fix-regression-with-image-sensor-trackpads.patch +usb-ehci-tegra-remove-redundant-gpio_set_value.patch +arm-7396-1-errata-only-handle-arm-erratum-326103-on-affected-cores.patch +arm-7403-1-tls-remove-covert-channel-via-tpidrurw.patch +arm-7406-1-hotplug-copy-the-affinity-mask-when-forcefully-migrating-irqs.patch +mips-ath79-fix-ar933x-wmac-reset-code.patch +scsi-libsas-fix-sas_find_bcast_phy-in-the-presence-of-vacant-phys.patch +scsi-libsas-fix-false-positive-device-attached-conditions.patch +efi-add-new-variable-attributes.patch +efi-validate-uefi-boot-variables.patch diff --git a/queue-3.3/usb-ehci-tegra-remove-redundant-gpio_set_value.patch b/queue-3.3/usb-ehci-tegra-remove-redundant-gpio_set_value.patch new file mode 100644 index 00000000000..33f64819ce4 --- /dev/null +++ b/queue-3.3/usb-ehci-tegra-remove-redundant-gpio_set_value.patch @@ -0,0 +1,31 @@ +From 04c235c92ce8474e9f2b358bd97f013a500385f2 Mon Sep 17 00:00:00 2001 +From: Stephen Warren +Date: Mon, 30 Apr 2012 17:24:10 -0600 +Subject: USB: ehci-tegra: remove redundant gpio_set_value + +From: Stephen Warren + +commit 04c235c92ce8474e9f2b358bd97f013a500385f2 upstream. + +The immediately preceding gpio_direction_output() already set the value, +so there's no need to repeat it. This also prevents gpio_set_value() from +WARNing when the GPIO is sleepable (e.g. is on an I2C expander); the set +direction API is always sleepable, but plain set_value isn't. + +Signed-off-by: Stephen Warren +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/ehci-tegra.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/usb/host/ehci-tegra.c ++++ b/drivers/usb/host/ehci-tegra.c +@@ -601,7 +601,6 @@ static int setup_vbus_gpio(struct platfo + dev_err(&pdev->dev, "can't enable vbus\n"); + return err; + } +- gpio_set_value(gpio, 1); + + return err; + }