From: Greg Kroah-Hartman Date: Fri, 19 Mar 2010 00:28:24 +0000 (-0700) Subject: .27 patches X-Git-Tag: v2.6.27.46~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9fdd6fb40ba03a3fe1fe45ce8244f8ea03e2c10;p=thirdparty%2Fkernel%2Fstable-queue.git .27 patches --- diff --git a/queue-2.6.27/aoe-end-barrier-bios-with-eopnotsupp.patch b/queue-2.6.27/aoe-end-barrier-bios-with-eopnotsupp.patch new file mode 100644 index 00000000000..2d05e4a580a --- /dev/null +++ b/queue-2.6.27/aoe-end-barrier-bios-with-eopnotsupp.patch @@ -0,0 +1,50 @@ +From 18d8217bc441630c3c5ec7416c5a65c69e8a0979 Mon Sep 17 00:00:00 2001 +From: Ed Cashin +Date: Thu, 10 Sep 2009 22:30:47 +0200 +Subject: aoe: end barrier bios with EOPNOTSUPP + +From: Ed Cashin + +commit 18d8217bc441630c3c5ec7416c5a65c69e8a0979 upstream. + +BugLink: http://bugzilla.kernel.org/show_bug.cgi?id=13942 + +Bruno Premont noticed that aoe throws a BUG during umount of an XFS in +2.6.31: + +[ 5259.349897] aoe: bi_io_vec is NULL +[ 5259.349940] ------------[ cut here ]------------ +[ 5259.349958] kernel BUG at /usr/src/linux-2.6/drivers/block/aoe/aoeblk.c:177! +[ 5259.349990] invalid opcode: 0000 [#1] + +The bio in question is a barrier. Jens Axboe suggested that such bios +need to be recognized and ended with -EOPNOTSUPP by any driver that +provides its own ->make_request_fn handler and does not handle +barriers. + +In testing the changes below eliminate the BUG. + +(Better would be real barrier support, something that Ed says he'll add +for later in the .32 cycle. For now, this at least gets rid of a bug +with crashing on an empty barrier. Jens) + +Signed-off-by: Ed L. Cashin +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/aoe/aoeblk.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/block/aoe/aoeblk.c ++++ b/drivers/block/aoe/aoeblk.c +@@ -176,6 +176,9 @@ aoeblk_make_request(struct request_queue + BUG(); + bio_endio(bio, -ENXIO); + return 0; ++ } else if (bio_rw_flagged(bio, BIO_RW_BARRIER)) { ++ bio_endio(bio, -EOPNOTSUPP); ++ return 0; + } else if (bio->bi_io_vec == NULL) { + printk(KERN_ERR "aoe: bi_io_vec is NULL\n"); + BUG(); diff --git a/queue-2.6.27/b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch b/queue-2.6.27/b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch new file mode 100644 index 00000000000..b9e924bce82 --- /dev/null +++ b/queue-2.6.27/b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch @@ -0,0 +1,45 @@ +From e0188829cb724e7d12a2d4e343b368ff1d6e1471 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Tue, 8 Dec 2009 21:00:22 -0800 +Subject: b44 WOL setup: one-bit-off stack corruption kernel panic fix + +From: Stanislav Brabec + +commit e0188829cb724e7d12a2d4e343b368ff1d6e1471 upstream. + +About 50% of shutdowns of b44 Ethernet adapter ends by kernel panic +with kernels compiled with stack-protector. + +Checking b44_magic_pattern() return values, one call of +b44_magic_pattern() returns 127. It means, that set_bit(128, pmask) +was called on line 1509. It means that bit 0 of 17th byte of pmask was +overwritten. But pmask has only 16 bytes. Stack corruption happens. + +It seems that set_bit() on line 1509 always writes one bit off. + +The fix does not only solve the stack corruption, but also makes Wake +On LAN working on my onboard B44 on Asus A7V-333X mainboard. + +It seems that this problem affects all kernel versions since commit +725ad800 ([PATCH] b44: add wol for old nic) on 2006-06-20. + +Signed-off-by: Stanislav Brabec +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/b44.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/net/b44.c ++++ b/drivers/net/b44.c +@@ -1502,8 +1502,7 @@ static int b44_magic_pattern(u8 *macaddr + for (k = 0; k< ethaddr_bytes; k++) { + ppattern[offset + magicsync + + (j * ETH_ALEN) + k] = macaddr[k]; +- len++; +- set_bit(len, (unsigned long *) pmask); ++ set_bit(len++, (unsigned long *) pmask); + } + } + return len - 1; diff --git a/queue-2.6.27/bonding-ignore-updelay-param-when-there-is-no-active-slave.patch b/queue-2.6.27/bonding-ignore-updelay-param-when-there-is-no-active-slave.patch new file mode 100644 index 00000000000..b71b167b09f --- /dev/null +++ b/queue-2.6.27/bonding-ignore-updelay-param-when-there-is-no-active-slave.patch @@ -0,0 +1,67 @@ +From 41f8910040639eb106b1a5b5301aab79ecde4940 Mon Sep 17 00:00:00 2001 +From: Jiri Pirko +Date: Fri, 24 Apr 2009 03:57:29 +0000 +Subject: bonding: ignore updelay param when there is no active slave + +From: Jiri Pirko + +commit 41f8910040639eb106b1a5b5301aab79ecde4940 upstream. + +Pointed out by Sean E. Millichamp. + +Quote from Documentation/networking/bonding.txt: +"Note that when a bonding interface has no active links, the +driver will immediately reuse the first link that goes up, even if the +updelay parameter has been specified (the updelay is ignored in this +case). If there are slave interfaces waiting for the updelay timeout +to expire, the interface that first went into that state will be +immediately reused. This reduces down time of the network if the +value of updelay has been overestimated, and since this occurs only in +cases with no connectivity, there is no additional penalty for +ignoring the updelay." + +This patch actually changes the behaviour in this way. + +Signed-off-by: Jiri Pirko +Signed-off-by: David S. Miller +Cc: Jean Delvare +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/bonding/bond_main.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -2228,6 +2228,9 @@ static int bond_miimon_inspect(struct bo + { + struct slave *slave; + int i, link_state, commit = 0; ++ bool ignore_updelay; ++ ++ ignore_updelay = !bond->curr_active_slave ? true : false; + + bond_for_each_slave(bond, slave, i) { + slave->new_link = BOND_LINK_NOCHANGE; +@@ -2292,6 +2295,7 @@ static int bond_miimon_inspect(struct bo + ": %s: link status up for " + "interface %s, enabling it in %d ms.\n", + bond->dev->name, slave->dev->name, ++ ignore_updelay ? 0 : + bond->params.updelay * + bond->params.miimon); + } +@@ -2310,9 +2314,13 @@ static int bond_miimon_inspect(struct bo + continue; + } + ++ if (ignore_updelay) ++ slave->delay = 0; ++ + if (slave->delay <= 0) { + slave->new_link = BOND_LINK_UP; + commit++; ++ ignore_updelay = false; + continue; + } + diff --git a/queue-2.6.27/coredump-suppress-uid-comparison-test-if-core-output-files-are-pipes.patch b/queue-2.6.27/coredump-suppress-uid-comparison-test-if-core-output-files-are-pipes.patch new file mode 100644 index 00000000000..344a3bdb7db --- /dev/null +++ b/queue-2.6.27/coredump-suppress-uid-comparison-test-if-core-output-files-are-pipes.patch @@ -0,0 +1,62 @@ +From 76595f79d76fbe6267a51b3a866a028d150f06d4 Mon Sep 17 00:00:00 2001 +From: Neil Horman +Date: Fri, 5 Mar 2010 13:44:16 -0800 +Subject: coredump: suppress uid comparison test if core output files are pipes + +From: Neil Horman + +commit 76595f79d76fbe6267a51b3a866a028d150f06d4 upstream. + +Modify uid check in do_coredump so as to not apply it in the case of +pipes. + +This just got noticed in testing. The end of do_coredump validates the +uid of the inode for the created file against the uid of the crashing +process to ensure that no one can pre-create a core file with different +ownership and grab the information contained in the core when they +shouldn' tbe able to. This causes failures when using pipes for a core +dumps if the crashing process is not root, which is the uid of the pipe +when it is created. + +The fix is simple. Since the check for matching uid's isn't relevant for +pipes (a process can't create a pipe that the uermodehelper code will open +anyway), we can just just skip it in the event ispipe is non-zero + +Reverts a pipe-affecting change which was accidentally made in + +: commit c46f739dd39db3b07ab5deb4e3ec81e1c04a91af +: Author: Ingo Molnar +: AuthorDate: Wed Nov 28 13:59:18 2007 +0100 +: Commit: Linus Torvalds +: CommitDate: Wed Nov 28 10:58:01 2007 -0800 +: +: vfs: coredumping fix + +Signed-off-by: Neil Horman +Cc: Andi Kleen +Cc: Oleg Nesterov +Cc: Alan Cox +Cc: Al Viro +Cc: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: maximilian attems +Signed-off-by: Greg Kroah-Hartman + +--- + fs/exec.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1826,8 +1826,9 @@ int do_coredump(long signr, int exit_cod + /* + * Dont allow local users get cute and trick others to coredump + * into their pre-created files: ++ * Note, this is not relevant for pipes + */ +- if (inode->i_uid != current->fsuid) ++ if (!ispipe && (inode->i_uid != current->fsuid())) + goto close_fail; + if (!file->f_op) + goto close_fail; diff --git a/queue-2.6.27/series b/queue-2.6.27/series index de19043bfc6..2c8ab912c4e 100644 --- a/queue-2.6.27/series +++ b/queue-2.6.27/series @@ -32,3 +32,8 @@ parisc-isa-eeprom-fix-loff_t-usage.patch kvm-x86-check-for-cr3-validity-in-ioctl_set_sregs.patch fix-lookup_follow-on-automount-symlinks.patch x86-ia32_aout-do-not-kill-argument-mapping.patch +coredump-suppress-uid-comparison-test-if-core-output-files-are-pipes.patch +bonding-ignore-updelay-param-when-there-is-no-active-slave.patch +v4l-dvb-13961-em28xx-dvb-fix-memleak-in-dvb_fini.patch +aoe-end-barrier-bios-with-eopnotsupp.patch +b44-wol-setup-one-bit-off-stack-corruption-kernel-panic-fix.patch diff --git a/queue-2.6.27/v4l-dvb-13961-em28xx-dvb-fix-memleak-in-dvb_fini.patch b/queue-2.6.27/v4l-dvb-13961-em28xx-dvb-fix-memleak-in-dvb_fini.patch new file mode 100644 index 00000000000..c480ee2a42f --- /dev/null +++ b/queue-2.6.27/v4l-dvb-13961-em28xx-dvb-fix-memleak-in-dvb_fini.patch @@ -0,0 +1,33 @@ +From 19f48cb105b7fa18d0dcab435919a3a29b7a7c4c Mon Sep 17 00:00:00 2001 +From: Francesco Lavra +Date: Thu, 31 Dec 2009 08:47:11 -0300 +Subject: V4L/DVB (13961): em28xx-dvb: fix memleak in dvb_fini() + +From: Francesco Lavra + +commit 19f48cb105b7fa18d0dcab435919a3a29b7a7c4c upstream. + +this patch fixes a memory leak which occurs when an em28xx card with DVB +extension is unplugged or its DVB extension driver is unloaded. In +dvb_fini(), dev->dvb must be freed before being set to NULL, as is done +in dvb_init() in case of error. +Note that this bug is also present in the latest stable kernel release. + +Signed-off-by: Francesco Lavra +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/video/em28xx/em28xx-dvb.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/media/video/em28xx/em28xx-dvb.c ++++ b/drivers/media/video/em28xx/em28xx-dvb.c +@@ -501,6 +501,7 @@ static int dvb_fini(struct em28xx *dev) + + if (dev->dvb) { + unregister_dvb(dev->dvb); ++ kfree(dev->dvb); + dev->dvb = NULL; + } +