From: Greg Kroah-Hartman Date: Fri, 31 Aug 2012 21:38:40 +0000 (-0700) Subject: 3.4-stable patches X-Git-Tag: v3.5.4~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef16466c7e550e1399b8a81fea5b1b5b011e193d;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: usb-cdc-acm-fix-null-pointer-dereference.patch usb-jl2005bcd-remove-__devinit-from-the-struct-usb_device_id-table.patch usb-p54usb-remove-__devinit-from-the-struct-usb_device_id-table.patch usb-rtl8187-remove-__devinit-from-the-struct-usb_device_id-table.patch usb-smsusb-remove-__devinit-from-the-struct-usb_device_id-table.patch usb-spca506-remove-__devinit-from-the-struct.patch x32-use-compat-shims-for-g-s-etsockopt.patch --- diff --git a/queue-3.4/series b/queue-3.4/series index 50205657f82..80f1a8b3fbb 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -51,3 +51,10 @@ uvcvideo-reset-the-bytesused-field-when-recycling-an-erroneous-buffer.patch rapidio-tsi721-fix-inbound-doorbell-interrupt-handling.patch rapidio-tsi721-fix-unused-variable-compiler-warning.patch regulator-twl-regulator-fix-up-vintana1-vintana2.patch +x32-use-compat-shims-for-g-s-etsockopt.patch +usb-spca506-remove-__devinit-from-the-struct.patch +usb-jl2005bcd-remove-__devinit-from-the-struct-usb_device_id-table.patch +usb-p54usb-remove-__devinit-from-the-struct-usb_device_id-table.patch +usb-rtl8187-remove-__devinit-from-the-struct-usb_device_id-table.patch +usb-smsusb-remove-__devinit-from-the-struct-usb_device_id-table.patch +usb-cdc-acm-fix-null-pointer-dereference.patch diff --git a/queue-3.4/usb-cdc-acm-fix-null-pointer-dereference.patch b/queue-3.4/usb-cdc-acm-fix-null-pointer-dereference.patch new file mode 100644 index 00000000000..7178c190645 --- /dev/null +++ b/queue-3.4/usb-cdc-acm-fix-null-pointer-dereference.patch @@ -0,0 +1,34 @@ +From 99f347caa4568cb803862730b3b1f1942639523f Mon Sep 17 00:00:00 2001 +From: Sven Schnelle +Date: Fri, 17 Aug 2012 21:43:43 +0200 +Subject: USB: CDC ACM: Fix NULL pointer dereference + +From: Sven Schnelle + +commit 99f347caa4568cb803862730b3b1f1942639523f upstream. + +If a device specifies zero endpoints in its interface descriptor, +the kernel oopses in acm_probe(). Even though that's clearly an +invalid descriptor, we should test wether we have all endpoints. +This is especially bad as this oops can be triggered by just +plugging a USB device in. + +Signed-off-by: Sven Schnelle +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/class/cdc-acm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/class/cdc-acm.c ++++ b/drivers/usb/class/cdc-acm.c +@@ -1104,7 +1104,8 @@ skip_normal_probe: + } + + +- if (data_interface->cur_altsetting->desc.bNumEndpoints < 2) ++ if (data_interface->cur_altsetting->desc.bNumEndpoints < 2 || ++ control_interface->cur_altsetting->desc.bNumEndpoints == 0) + return -EINVAL; + + epctrl = &control_interface->cur_altsetting->endpoint[0].desc; diff --git a/queue-3.4/usb-jl2005bcd-remove-__devinit-from-the-struct-usb_device_id-table.patch b/queue-3.4/usb-jl2005bcd-remove-__devinit-from-the-struct-usb_device_id-table.patch new file mode 100644 index 00000000000..8ccd1cae032 --- /dev/null +++ b/queue-3.4/usb-jl2005bcd-remove-__devinit-from-the-struct-usb_device_id-table.patch @@ -0,0 +1,36 @@ +From ec063351684298e295dc9444d143ddfd6ab02df8 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Fri, 17 Aug 2012 17:48:27 -0700 +Subject: USB: jl2005bcd: remove __devinit* from the struct usb_device_id table + +From: Greg Kroah-Hartman + +commit ec063351684298e295dc9444d143ddfd6ab02df8 upstream. + +This structure needs to always stick around, even if CONFIG_HOTPLUG +is disabled, otherwise we can oops when trying to probe a device that +was added after the structure is thrown away. + +Thanks to Fengguang Wu and Bjørn Mork for tracking this issue down. + +Reported-by: Fengguang Wu +Reported-by: Bjørn Mork +CC: Hans de Goede +CC: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/video/gspca/jl2005bcd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/video/gspca/jl2005bcd.c ++++ b/drivers/media/video/gspca/jl2005bcd.c +@@ -510,7 +510,7 @@ static const struct sd_desc sd_desc = { + }; + + /* -- module initialisation -- */ +-static const __devinitdata struct usb_device_id device_table[] = { ++static const struct usb_device_id device_table[] = { + {USB_DEVICE(0x0979, 0x0227)}, + {} + }; diff --git a/queue-3.4/usb-p54usb-remove-__devinit-from-the-struct-usb_device_id-table.patch b/queue-3.4/usb-p54usb-remove-__devinit-from-the-struct-usb_device_id-table.patch new file mode 100644 index 00000000000..b98e9ba720e --- /dev/null +++ b/queue-3.4/usb-p54usb-remove-__devinit-from-the-struct-usb_device_id-table.patch @@ -0,0 +1,36 @@ +From b9c4167cbbafddac3462134013bc15e63e4c53ef Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Fri, 17 Aug 2012 17:48:28 -0700 +Subject: USB: p54usb: remove __devinit* from the struct usb_device_id table + +From: Greg Kroah-Hartman + +commit b9c4167cbbafddac3462134013bc15e63e4c53ef upstream. + +This structure needs to always stick around, even if CONFIG_HOTPLUG +is disabled, otherwise we can oops when trying to probe a device that +was added after the structure is thrown away. + +Thanks to Fengguang Wu and Bjørn Mork for tracking this issue down. + +Reported-by: Fengguang Wu +Reported-by: Bjørn Mork +CC: Christian Lamparter +CC: "John W. Linville" +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/p54/p54usb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/p54/p54usb.c ++++ b/drivers/net/wireless/p54/p54usb.c +@@ -42,7 +42,7 @@ MODULE_FIRMWARE("isl3887usb"); + * whenever you add a new device. + */ + +-static struct usb_device_id p54u_table[] __devinitdata = { ++static struct usb_device_id p54u_table[] = { + /* Version 1 devices (pci chip + net2280) */ + {USB_DEVICE(0x0411, 0x0050)}, /* Buffalo WLI2-USB2-G54 */ + {USB_DEVICE(0x045e, 0x00c2)}, /* Microsoft MN-710 */ diff --git a/queue-3.4/usb-rtl8187-remove-__devinit-from-the-struct-usb_device_id-table.patch b/queue-3.4/usb-rtl8187-remove-__devinit-from-the-struct-usb_device_id-table.patch new file mode 100644 index 00000000000..2d3d24a98c7 --- /dev/null +++ b/queue-3.4/usb-rtl8187-remove-__devinit-from-the-struct-usb_device_id-table.patch @@ -0,0 +1,38 @@ +From a3433179d0822ccfa8e80aa4d1d52843bd2dcc63 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Fri, 17 Aug 2012 17:48:29 -0700 +Subject: USB: rtl8187: remove __devinit* from the struct usb_device_id table + +From: Greg Kroah-Hartman + +commit a3433179d0822ccfa8e80aa4d1d52843bd2dcc63 upstream. + +This structure needs to always stick around, even if CONFIG_HOTPLUG +is disabled, otherwise we can oops when trying to probe a device that +was added after the structure is thrown away. + +Thanks to Fengguang Wu and Bjørn Mork for tracking this issue down. + +Reported-by: Fengguang Wu +Reported-by: Bjørn Mork +CC: Herton Ronaldo Krzesinski +CC: Hin-Tak Leung +CC: Larry Finger +CC: "John W. Linville" +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/rtl818x/rtl8187/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/rtl818x/rtl8187/dev.c ++++ b/drivers/net/wireless/rtl818x/rtl8187/dev.c +@@ -44,7 +44,7 @@ MODULE_AUTHOR("Larry Finger +Date: Fri, 17 Aug 2012 17:48:26 -0700 +Subject: USB: smsusb: remove __devinit* from the struct usb_device_id table + +From: Greg Kroah-Hartman + +commit d04dbd1c0ec17a13326c8f2279399c225836a79f upstream. + +This structure needs to always stick around, even if CONFIG_HOTPLUG +is disabled, otherwise we can oops when trying to probe a device that +was added after the structure is thrown away. + +Thanks to Fengguang Wu and Bjørn Mork for tracking this issue down. + +Reported-by: Fengguang Wu +Reported-by: Bjørn Mork +CC: Mauro Carvalho Chehab +CC: Michael Krufky +CC: Paul Gortmaker +CC: Doron Cohen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/dvb/siano/smsusb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/dvb/siano/smsusb.c ++++ b/drivers/media/dvb/siano/smsusb.c +@@ -481,7 +481,7 @@ static int smsusb_resume(struct usb_inte + return 0; + } + +-static const struct usb_device_id smsusb_id_table[] __devinitconst = { ++static const struct usb_device_id smsusb_id_table[] = { + { USB_DEVICE(0x187f, 0x0010), + .driver_info = SMS1XXX_BOARD_SIANO_STELLAR }, + { USB_DEVICE(0x187f, 0x0100), diff --git a/queue-3.4/usb-spca506-remove-__devinit-from-the-struct.patch b/queue-3.4/usb-spca506-remove-__devinit-from-the-struct.patch new file mode 100644 index 00000000000..cf60a9e70d8 --- /dev/null +++ b/queue-3.4/usb-spca506-remove-__devinit-from-the-struct.patch @@ -0,0 +1,36 @@ +From e694d518886c7afedcdd1732477832b2e32744e4 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Fri, 17 Aug 2012 17:48:27 -0700 +Subject: USB: spca506: remove __devinit* from the struct usb_device_id table + +From: Greg Kroah-Hartman + +commit e694d518886c7afedcdd1732477832b2e32744e4 upstream. + +This structure needs to always stick around, even if CONFIG_HOTPLUG +is disabled, otherwise we can oops when trying to probe a device that +was added after the structure is thrown away. + +Thanks to Fengguang Wu and Bjørn Mork for tracking this issue down. + +Reported-by: Fengguang Wu +Reported-by: Bjørn Mork +CC: Hans de Goede +CC: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/video/gspca/spca506.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/video/gspca/spca506.c ++++ b/drivers/media/video/gspca/spca506.c +@@ -685,7 +685,7 @@ static const struct sd_desc sd_desc = { + }; + + /* -- module initialisation -- */ +-static const struct usb_device_id device_table[] __devinitconst = { ++static const struct usb_device_id device_table[] = { + {USB_DEVICE(0x06e1, 0xa190)}, + /*fixme: may be IntelPCCameraPro BRIDGE_SPCA505 + {USB_DEVICE(0x0733, 0x0430)}, */ diff --git a/queue-3.4/x32-use-compat-shims-for-g-s-etsockopt.patch b/queue-3.4/x32-use-compat-shims-for-g-s-etsockopt.patch new file mode 100644 index 00000000000..c5d02542991 --- /dev/null +++ b/queue-3.4/x32-use-compat-shims-for-g-s-etsockopt.patch @@ -0,0 +1,93 @@ +From 515c7af85ed92696c311c53d53cb4898ff32d784 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sat, 18 Aug 2012 16:11:37 -0400 +Subject: x32: Use compat shims for {g,s}etsockopt + +From: Mike Frysinger + +commit 515c7af85ed92696c311c53d53cb4898ff32d784 upstream. + +Some of the arguments to {g,s}etsockopt are passed in userland pointers. +If we try to use the 64bit entry point, we end up sometimes failing. + +For example, dhcpcd doesn't run in x32: + # dhcpcd eth0 + dhcpcd[1979]: version 5.5.6 starting + dhcpcd[1979]: eth0: broadcasting for a lease + dhcpcd[1979]: eth0: open_socket: Invalid argument + dhcpcd[1979]: eth0: send_raw_packet: Bad file descriptor + +The code in particular is getting back EINVAL when doing: + struct sock_fprog pf; + setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &pf, sizeof(pf)); + +Diving into the kernel code, we can see: +include/linux/filter.h: + struct sock_fprog { + unsigned short len; + struct sock_filter __user *filter; + }; + +net/core/sock.c: + case SO_ATTACH_FILTER: + ret = -EINVAL; + if (optlen == sizeof(struct sock_fprog)) { + struct sock_fprog fprog; + + ret = -EFAULT; + if (copy_from_user(&fprog, optval, sizeof(fprog))) + break; + + ret = sk_attach_filter(&fprog, sk); + } + break; + +arch/x86/syscalls/syscall_64.tbl: + 54 common setsockopt sys_setsockopt + 55 common getsockopt sys_getsockopt + +So for x64, sizeof(sock_fprog) is 16 bytes. For x86/x32, it's 8 bytes. +This comes down to the pointer being 32bit for x32, which means we need +to do structure size translation. But since x32 comes in directly to +sys_setsockopt, it doesn't get translated like x86. + +After changing the syscall table and rebuilding glibc with the new kernel +headers, dhcp runs fine in an x32 userland. + +Oddly, it seems like Linus noted the same thing during the initial port, +but I guess that was missed/lost along the way: + https://lkml.org/lkml/2011/8/26/452 + +[ hpa: tagging for -stable since this is an ABI fix. ] + +Bugzilla: https://bugs.gentoo.org/423649 +Reported-by: Mads +Signed-off-by: Mike Frysinger +Link: http://lkml.kernel.org/r/1345320697-15713-1-git-send-email-vapier@gentoo.org +Cc: H. J. Lu +Signed-off-by: H. Peter Anvin +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/syscalls/syscall_64.tbl | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/x86/syscalls/syscall_64.tbl ++++ b/arch/x86/syscalls/syscall_64.tbl +@@ -60,8 +60,8 @@ + 51 common getsockname sys_getsockname + 52 common getpeername sys_getpeername + 53 common socketpair sys_socketpair +-54 common setsockopt sys_setsockopt +-55 common getsockopt sys_getsockopt ++54 64 setsockopt sys_setsockopt ++55 64 getsockopt sys_getsockopt + 56 common clone stub_clone + 57 common fork stub_fork + 58 common vfork stub_vfork +@@ -351,3 +351,5 @@ + 538 x32 sendmmsg compat_sys_sendmmsg + 539 x32 process_vm_readv compat_sys_process_vm_readv + 540 x32 process_vm_writev compat_sys_process_vm_writev ++541 x32 setsockopt compat_sys_setsockopt ++542 x32 getsockopt compat_sys_getsockopt