From: Greg Kroah-Hartman Date: Wed, 16 Dec 2009 18:13:35 +0000 (-0800) Subject: more .32 patches X-Git-Tag: v2.6.27.42~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d45584272aedc608fc2c2b2db1aefa893c4ff096;p=thirdparty%2Fkernel%2Fstable-queue.git more .32 patches --- diff --git a/queue-2.6.32/b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch b/queue-2.6.32/b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch new file mode 100644 index 00000000000..e334cbc302f --- /dev/null +++ b/queue-2.6.32/b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch @@ -0,0 +1,44 @@ +From a11c1840c2bb485387ce45c537585753ab3058f5 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Tue, 8 Dec 2009 21:00:22 -0800 +Subject: b44 WOL setup: one-bit-off stack corruption kernel panic fix + +From: Stanislav Brabec + +[ Upstream commit: e0188829cb724e7d12a2d4e343b368ff1d6e1471 ] + +About 50% of shutdowns of b44 Ethernet adapter ends by kernel panic +with kernels compiled with stack-protector. + +Checking b44_magic_pattern() return values, one call of +b44_magic_pattern() returns 127. It means, that set_bit(128, pmask) +was called on line 1509. It means that bit 0 of 17th byte of pmask was +overwritten. But pmask has only 16 bytes. Stack corruption happens. + +It seems that set_bit() on line 1509 always writes one bit off. + +The fix does not only solve the stack corruption, but also makes Wake +On LAN working on my onboard B44 on Asus A7V-333X mainboard. + +It seems that this problem affects all kernel versions since commit +725ad800 ([PATCH] b44: add wol for old nic) on 2006-06-20. + +Signed-off-by: Stanislav Brabec +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/b44.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/net/b44.c ++++ b/drivers/net/b44.c +@@ -1505,8 +1505,7 @@ static int b44_magic_pattern(u8 *macaddr + for (k = 0; k< ethaddr_bytes; k++) { + ppattern[offset + magicsync + + (j * ETH_ALEN) + k] = macaddr[k]; +- len++; +- set_bit(len, (unsigned long *) pmask); ++ set_bit(len++, (unsigned long *) pmask); + } + } + return len - 1; diff --git a/queue-2.6.32/ip_fragment-also-adjust-skb-truesize-for-packets-not-owned-by-a-socket.patch b/queue-2.6.32/ip_fragment-also-adjust-skb-truesize-for-packets-not-owned-by-a-socket.patch new file mode 100644 index 00000000000..8a4f746671d --- /dev/null +++ b/queue-2.6.32/ip_fragment-also-adjust-skb-truesize-for-packets-not-owned-by-a-socket.patch @@ -0,0 +1,40 @@ +From 9ac3e5275a6ba17846a33b9aeef7aaea3fa5ecb9 Mon Sep 17 00:00:00 2001 +From: Patrick McHardy +Date: Tue, 1 Dec 2009 15:53:57 -0800 +Subject: ip_fragment: also adjust skb->truesize for packets not owned by a socket + +From: Patrick McHardy + +[ Upstream commit b2722b1c3a893ec6021508da15b32282ec79f4da ] + +When a large packet gets reassembled by ip_defrag(), the head skb +accounts for all the fragments in skb->truesize. If this packet is +refragmented again, skb->truesize is not re-adjusted to reflect only +the head size since its not owned by a socket. If the head fragment +then gets recycled and reused for another received fragment, it might +exceed the defragmentation limits due to its large truesize value. + +skb_recycle_check() explicitly checks for linear skbs, so any recycled +skb should reflect its true size in skb->truesize. Change ip_fragment() +to also adjust the truesize value of skbs not owned by a socket. + +Reported-and-tested-by: Ben Menchaca +Signed-off-by: Patrick McHardy +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/ip_output.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -501,8 +501,8 @@ int ip_fragment(struct sk_buff *skb, int + if (skb->sk) { + frag->sk = skb->sk; + frag->destructor = sock_wfree; +- truesizes += frag->truesize; + } ++ truesizes += frag->truesize; + } + + /* Everything is OK. Generate! */ diff --git a/queue-2.6.32/series b/queue-2.6.32/series index 0fdcd1234fe..f04f5b9fd7b 100644 --- a/queue-2.6.32/series +++ b/queue-2.6.32/series @@ -104,3 +104,11 @@ dm-avoid-_hash_lock-deadlock.patch dm-snapshot-cope-with-chunk-size-larger-than-origin.patch dm-crypt-separate-essiv-allocation-from-initialisation.patch dm-crypt-make-wipe-message-also-wipe-essiv-key.patch +slc90e66-fix-udma-handling.patch +tcp-stalling-connections-fix-timeout-calculation-routine.patch +ip_fragment-also-adjust-skb-truesize-for-packets-not-owned-by-a-socket.patch +b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch +sparc64-don-t-specify-irqf_shared-for-ldc-interrupts.patch +sparc64-fix-overly-strict-range-type-matching-for-pci-devices.patch +sparc64-fix-stack-debugging-irq-stack-regression.patch +sparc-set-uts_machine-correctly.patch diff --git a/queue-2.6.32/slc90e66-fix-udma-handling.patch b/queue-2.6.32/slc90e66-fix-udma-handling.patch new file mode 100644 index 00000000000..2179c14d4e2 --- /dev/null +++ b/queue-2.6.32/slc90e66-fix-udma-handling.patch @@ -0,0 +1,31 @@ +From 773625b6310aa8cf18ab039bedf0faa23b1c7d9f Mon Sep 17 00:00:00 2001 +From: Bartlomiej Zolnierkiewicz +Date: Mon, 30 Nov 2009 08:55:18 +0000 +Subject: slc90e66: fix UDMA handling + +From: Bartlomiej Zolnierkiewicz + +[ Upstream commit ee31527a02b0a8e1aa4a5e4084d2db5fa34737ed ] + +Fix checking of the currently programmed UDMA mode. + +Signed-off-by: Bartlomiej Zolnierkiewicz +Acked-by: Sergei Shtylyov +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ide/slc90e66.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/ide/slc90e66.c ++++ b/drivers/ide/slc90e66.c +@@ -91,8 +91,7 @@ static void slc90e66_set_dma_mode(ide_dr + + if (!(reg48 & u_flag)) + pci_write_config_word(dev, 0x48, reg48|u_flag); +- /* FIXME: (reg4a & a_speed) ? */ +- if ((reg4a & u_speed) != u_speed) { ++ if ((reg4a & a_speed) != u_speed) { + pci_write_config_word(dev, 0x4a, reg4a & ~a_speed); + pci_read_config_word(dev, 0x4a, ®4a); + pci_write_config_word(dev, 0x4a, reg4a|u_speed); diff --git a/queue-2.6.32/sparc-set-uts_machine-correctly.patch b/queue-2.6.32/sparc-set-uts_machine-correctly.patch new file mode 100644 index 00000000000..ba8cdb2a2ad --- /dev/null +++ b/queue-2.6.32/sparc-set-uts_machine-correctly.patch @@ -0,0 +1,42 @@ +From a68c20e3b14aebfbdadc68a9935cc722c6f228ef Mon Sep 17 00:00:00 2001 +From: David S. Miller +Date: Sat, 5 Dec 2009 17:17:55 -0800 +Subject: sparc: Set UTS_MACHINE correctly. + +From: David S. Miller + +[ Upstream commit 7f5620a5fcd658f219e85831d3691908f1eccbde ] + +"ARCH" can be just about anything, so we shouldn't end up +with UTS_MACHINE of "sparc" in a 64-bit kernel build just +because someone set the personality using 'sparc32' or +similar. CONFIG_SPARC64 drives the compilation and +therefore provides the definitive value, not "ARCH". + +This mirrors commit 8c6531f7a99f29ba8817ffb12cc9ecf190049bd6 +(x86: correctly set UTS_MACHINE for "make ARCH=x86") + +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/Makefile | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/sparc/Makefile ++++ b/arch/sparc/Makefile +@@ -27,6 +27,7 @@ AS := $(AS) -32 + LDFLAGS := -m elf32_sparc + CHECKFLAGS += -D__sparc__ + export BITS := 32 ++UTS_MACHINE := sparc + + #KBUILD_CFLAGS += -g -pipe -fcall-used-g5 -fcall-used-g7 + KBUILD_CFLAGS += -m32 -pipe -mno-fpu -fcall-used-g5 -fcall-used-g7 +@@ -46,6 +47,7 @@ CHECKFLAGS += -D__sparc__ -D__sparc + + LDFLAGS := -m elf64_sparc + export BITS := 64 ++UTS_MACHINE := sparc64 + + KBUILD_CFLAGS += -m64 -pipe -mno-fpu -mcpu=ultrasparc -mcmodel=medlow \ + -ffixed-g4 -ffixed-g5 -fcall-used-g7 -Wno-sign-compare \ diff --git a/queue-2.6.32/sparc64-don-t-specify-irqf_shared-for-ldc-interrupts.patch b/queue-2.6.32/sparc64-don-t-specify-irqf_shared-for-ldc-interrupts.patch new file mode 100644 index 00000000000..b1f3d7d2dc7 --- /dev/null +++ b/queue-2.6.32/sparc64-don-t-specify-irqf_shared-for-ldc-interrupts.patch @@ -0,0 +1,35 @@ +From f49c93fa196dadcc6fac9671ea7e3c8360d56038 Mon Sep 17 00:00:00 2001 +From: David S. Miller +Date: Wed, 9 Dec 2009 23:44:43 -0800 +Subject: sparc64: Don't specify IRQF_SHARED for LDC interrupts. + +From: David S. Miller + +[ Upstream commit 08a036d583409e3517e3d15b7478d029b25f2cf2 ] + +IRQF_SHARED and IRQF_DISABLED don't mix. + +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/ldc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/sparc/kernel/ldc.c ++++ b/arch/sparc/kernel/ldc.c +@@ -1242,13 +1242,13 @@ int ldc_bind(struct ldc_channel *lp, con + snprintf(lp->tx_irq_name, LDC_IRQ_NAME_MAX, "%s TX", name); + + err = request_irq(lp->cfg.rx_irq, ldc_rx, +- IRQF_SAMPLE_RANDOM | IRQF_DISABLED | IRQF_SHARED, ++ IRQF_SAMPLE_RANDOM | IRQF_DISABLED, + lp->rx_irq_name, lp); + if (err) + return err; + + err = request_irq(lp->cfg.tx_irq, ldc_tx, +- IRQF_SAMPLE_RANDOM | IRQF_DISABLED | IRQF_SHARED, ++ IRQF_SAMPLE_RANDOM | IRQF_DISABLED, + lp->tx_irq_name, lp); + if (err) { + free_irq(lp->cfg.rx_irq, lp); diff --git a/queue-2.6.32/sparc64-fix-overly-strict-range-type-matching-for-pci-devices.patch b/queue-2.6.32/sparc64-fix-overly-strict-range-type-matching-for-pci-devices.patch new file mode 100644 index 00000000000..69a53c24a18 --- /dev/null +++ b/queue-2.6.32/sparc64-fix-overly-strict-range-type-matching-for-pci-devices.patch @@ -0,0 +1,53 @@ +From 998911d9bec223b91d6167065ab517a732cf684a Mon Sep 17 00:00:00 2001 +From: David S. Miller +Date: Wed, 9 Dec 2009 01:39:09 -0800 +Subject: sparc64: Fix overly strict range type matching for PCI devices. + +From: David S. Miller + +[ Upstream commit 4230fa3b89ea1c413766bd411a8315a3d05aa6c7 ] + +When we are trying to see if a range property entry applies +to a given address, we are overly strict about the type. + +We should only allow I/O ranges for I/O addresses, and only allow +CONFIG space ranges for CONFIG space address. + +However for MEM ranges, they come in 32-bit and 64-bit flavors. +And a lack of an exact match is OK if the range is 32-bit and +the address is 64-bit. We can assign a 64-bit address properly +into a 32-bit parent range just fine. + +So allow it. + +Reported-by: Patrick Finnegan +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/of_device_64.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/arch/sparc/kernel/of_device_64.c ++++ b/arch/sparc/kernel/of_device_64.c +@@ -104,9 +104,19 @@ static int of_bus_pci_map(u32 *addr, con + int i; + + /* Check address type match */ +- if ((addr[0] ^ range[0]) & 0x03000000) +- return -EINVAL; ++ if (!((addr[0] ^ range[0]) & 0x03000000)) ++ goto type_match; ++ ++ /* Special exception, we can map a 64-bit address into ++ * a 32-bit range. ++ */ ++ if ((addr[0] & 0x03000000) == 0x03000000 && ++ (range[0] & 0x03000000) == 0x02000000) ++ goto type_match; ++ ++ return -EINVAL; + ++type_match: + if (of_out_of_range(addr + 1, range + 1, range + na + pna, + na - 1, ns)) + return -EINVAL; diff --git a/queue-2.6.32/sparc64-fix-stack-debugging-irq-stack-regression.patch b/queue-2.6.32/sparc64-fix-stack-debugging-irq-stack-regression.patch new file mode 100644 index 00000000000..cf50bc65356 --- /dev/null +++ b/queue-2.6.32/sparc64-fix-stack-debugging-irq-stack-regression.patch @@ -0,0 +1,45 @@ +From d95ce6f14c9ddc65038a608ce5682786646f5b09 Mon Sep 17 00:00:00 2001 +From: David S. Miller +Date: Wed, 9 Dec 2009 01:43:45 -0800 +Subject: sparc64: Fix stack debugging IRQ stack regression. + +From: David S. Miller + +[ Upstream commit 166e553a575f09485f6d0df8a1ef3c5991f7d953 ] + +Commit 4f70f7a91bffdcc39f088748dc678953eb9a3fbd +(sparc64: Implement IRQ stacks.) has two bugs. + +First, the softirq range check forgets to subtract STACK_BIAS +before comparing with %sp. Next, on failure the wrong label +is jumped to, resulting in a bogus stack being loaded. + +Reported-by: Igor Kovalenko +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/lib/mcount.S | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/arch/sparc/lib/mcount.S ++++ b/arch/sparc/lib/mcount.S +@@ -64,8 +64,9 @@ mcount: + 2: sethi %hi(softirq_stack), %g3 + or %g3, %lo(softirq_stack), %g3 + ldx [%g3 + %g1], %g7 ++ sub %g7, STACK_BIAS, %g7 + cmp %sp, %g7 +- bleu,pt %xcc, 2f ++ bleu,pt %xcc, 3f + sethi %hi(THREAD_SIZE), %g3 + add %g7, %g3, %g7 + cmp %sp, %g7 +@@ -75,7 +76,7 @@ mcount: + * again, we are already trying to output the stack overflow + * message. + */ +- sethi %hi(ovstack), %g7 ! cant move to panic stack fast enough ++3: sethi %hi(ovstack), %g7 ! cant move to panic stack fast enough + or %g7, %lo(ovstack), %g7 + add %g7, OVSTACKSIZE, %g3 + sub %g3, STACK_BIAS + 192, %g3 diff --git a/queue-2.6.32/tcp-stalling-connections-fix-timeout-calculation-routine.patch b/queue-2.6.32/tcp-stalling-connections-fix-timeout-calculation-routine.patch new file mode 100644 index 00000000000..b9cab9d63bc --- /dev/null +++ b/queue-2.6.32/tcp-stalling-connections-fix-timeout-calculation-routine.patch @@ -0,0 +1,75 @@ +From 1c1bcfc8a01e3ca1f58599a615d5a633b9dd94b0 Mon Sep 17 00:00:00 2001 +From: Damian Lukowski +Date: Mon, 7 Dec 2009 06:06:15 +0000 +Subject: tcp: Stalling connections: Fix timeout calculation routine + +From: Damian Lukowski + +[ Upstream commit 07f29bc5bbae4e53e982ab956fed7207990a7786 ] + +This patch fixes a problem in the TCP connection timeout calculation. +Currently, timeout decisions are made on the basis of the current +tcp_time_stamp and retrans_stamp, which is usually set at the first +retransmission. +However, if the retransmission fails in tcp_retransmit_skb(), +retrans_stamp is not updated and remains zero. This leads to wrong +decisions in retransmits_timed_out() if tcp_time_stamp is larger than +the specified timeout, which is very likely. +In this case, the TCP connection dies after the first attempted +(and unsuccessful) retransmission. + +With this patch, tcp_skb_cb->when is used instead, when retrans_stamp +is not available. + +This bug has been introduced together with retransmits_timed_out() in +2.6.32, as the number of retransmissions has been used for timeout +decisions before. The corresponding commit was +6fa12c85031485dff38ce550c24f10da23b0adaa (Revert Backoff [v3]: +Calculate TCP's connection close threshold as a time value.). + +Thanks to Ilpo Järvinen for code suggestions and Frederic Leroy for +testing. + +Reported-by: Frederic Leroy +Signed-off-by: Damian Lukowski +Acked-by: Ilpo Järvinen +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + include/net/tcp.h | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/include/net/tcp.h ++++ b/include/net/tcp.h +@@ -1263,14 +1263,20 @@ static inline struct sk_buff *tcp_write_ + * TCP connection after "boundary" unsucessful, exponentially backed-off + * retransmissions with an initial RTO of TCP_RTO_MIN. + */ +-static inline bool retransmits_timed_out(const struct sock *sk, ++static inline bool retransmits_timed_out(struct sock *sk, + unsigned int boundary) + { + unsigned int timeout, linear_backoff_thresh; ++ unsigned int start_ts; + + if (!inet_csk(sk)->icsk_retransmits) + return false; + ++ if (unlikely(!tcp_sk(sk)->retrans_stamp)) ++ start_ts = TCP_SKB_CB(tcp_write_queue_head(sk))->when; ++ else ++ start_ts = tcp_sk(sk)->retrans_stamp; ++ + linear_backoff_thresh = ilog2(TCP_RTO_MAX/TCP_RTO_MIN); + + if (boundary <= linear_backoff_thresh) +@@ -1279,7 +1285,7 @@ static inline bool retransmits_timed_out + timeout = ((2 << linear_backoff_thresh) - 1) * TCP_RTO_MIN + + (boundary - linear_backoff_thresh) * TCP_RTO_MAX; + +- return (tcp_time_stamp - tcp_sk(sk)->retrans_stamp) >= timeout; ++ return (tcp_time_stamp - start_ts) >= timeout; + } + + static inline struct sk_buff *tcp_send_head(struct sock *sk)