From: Greg Kroah-Hartman Date: Thu, 19 Apr 2012 20:05:10 +0000 (-0700) Subject: 3.2-stable patches X-Git-Tag: v3.2.16~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3f0c49a54b244ce275e37e9c4c2d0f81add671b;p=thirdparty%2Fkernel%2Fstable-queue.git 3.2-stable patches added patches: bluetooth-add-atheros-maryann-pidvid-support.patch bluetooth-adding-usb-device-13d3-3375-as-an-atheros-ar3012.patch bluetooth-add-support-for-bcm20702a0.patch drm-radeon-disable-msi-on-rv515.patch drm-radeon-fix-load-detect-on-rn50-with-hardcoded-edids.patch drm-radeon-kms-fix-the-regression-of-dvi-connector-check.patch futex-do-not-leak-robust-list-to-unprivileged-process.patch --- diff --git a/queue-3.2/bluetooth-add-atheros-maryann-pidvid-support.patch b/queue-3.2/bluetooth-add-atheros-maryann-pidvid-support.patch new file mode 100644 index 00000000000..0cb6e5f2aaa --- /dev/null +++ b/queue-3.2/bluetooth-add-atheros-maryann-pidvid-support.patch @@ -0,0 +1,115 @@ +From 07c0ea874d43c299d185948452945a361052b6e3 Mon Sep 17 00:00:00 2001 +From: "Cho, Yu-Chen" +Date: Wed, 14 Mar 2012 22:01:21 +0200 +Subject: Bluetooth: Add Atheros maryann PIDVID support + +From: "Cho, Yu-Chen" + +commit 07c0ea874d43c299d185948452945a361052b6e3 upstream. + +Add Atheros maryann 0cf3:311d PIDVID support +This module is AR3012 Series. + +Include /sys/kernel/debug/usb/devices output here for reference + +before: +T: Bus=04 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=12 MxCh= 0 +D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=0cf3 ProdID=311d Rev= 0.01 +S: Manufacturer=Atheros Communications +S: Product=Bluetooth USB Host Controller +S: SerialNumber=Alaska Day 2006 +C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA +I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms +E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms +E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms +I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms +I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms +I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms +I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms +I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms + +after: +T: Bus=04 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=12 MxCh= 0 +D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=0cf3 ProdID=311d Rev= 0.02 +S: Manufacturer=Atheros Communications +S: Product=Bluetooth USB Host Controller +S: SerialNumber=Alaska Day 2006 +C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA +I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms +E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms +E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms +I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms +I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms +I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms +I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms +I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms +E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms + +Signed-off-by: Cho, Yu-Chen +cked-by: Marcel Holtmann +Signed-off-by: Johan Hedberg +Cc: Jonathan Nieder +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/ath3k.c | 2 ++ + drivers/bluetooth/btusb.c | 1 + + 2 files changed, 3 insertions(+) + +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -71,6 +71,7 @@ static struct usb_device_id ath3k_table[ + + /* Atheros AR3012 with sflash firmware*/ + { USB_DEVICE(0x0CF3, 0x3004) }, ++ { USB_DEVICE(0x0CF3, 0x311D) }, + { USB_DEVICE(0x13d3, 0x3375) }, + + /* Atheros AR5BBU12 with sflash firmware */ +@@ -88,6 +89,7 @@ static struct usb_device_id ath3k_blist_ + + /* Atheros AR3012 with sflash firmware*/ + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311D), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + + { } /* Terminating entry */ +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -126,6 +126,7 @@ static struct usb_device_id blacklist_ta + + /* Atheros 3012 with sflash firmware */ + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + + /* Atheros AR5BBU12 with sflash firmware */ diff --git a/queue-3.2/bluetooth-add-support-for-bcm20702a0.patch b/queue-3.2/bluetooth-add-support-for-bcm20702a0.patch new file mode 100644 index 00000000000..3e104dbc0a9 --- /dev/null +++ b/queue-3.2/bluetooth-add-support-for-bcm20702a0.patch @@ -0,0 +1,43 @@ +From c0190925dacd976a67044f4382d4effbed568dce Mon Sep 17 00:00:00 2001 +From: Jesse Sung +Date: Thu, 22 Dec 2011 10:48:47 +0800 +Subject: Bluetooth: Add support for BCM20702A0 [0a5c:21e3] + +From: Jesse Sung + +commit c0190925dacd976a67044f4382d4effbed568dce upstream. + +Add another vendor specific ID for BCM20702A0. + +output of usb-devices: +T: Bus=06 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 4 Spd=12 MxCh= 0 +D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=0a5c ProdID=21e3 Rev=01.12 +S: Manufacturer=Broadcom Corp +S: Product=BCM20702A0 +S: SerialNumber=9439E5CBF66C +C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=0mA +I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) +I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) +I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) +I: If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none) + +Signed-off-by: Wen-chien Jesse Sung +Acked-by: Marcel Holtmann +Signed-off-by: Gustavo F. Padovan +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/btusb.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -101,6 +101,7 @@ static struct usb_device_id btusb_table[ + { USB_DEVICE(0x0c10, 0x0000) }, + + /* Broadcom BCM20702A0 */ ++ { USB_DEVICE(0x0a5c, 0x21e3) }, + { USB_DEVICE(0x413c, 0x8197) }, + + { } /* Terminating entry */ diff --git a/queue-3.2/bluetooth-adding-usb-device-13d3-3375-as-an-atheros-ar3012.patch b/queue-3.2/bluetooth-adding-usb-device-13d3-3375-as-an-atheros-ar3012.patch new file mode 100644 index 00000000000..13ed29493ba --- /dev/null +++ b/queue-3.2/bluetooth-adding-usb-device-13d3-3375-as-an-atheros-ar3012.patch @@ -0,0 +1,62 @@ +From 9498ba7a1d38d42eef4ef6d906ab1743c9f0fd6f Mon Sep 17 00:00:00 2001 +From: Eran +Date: Mon, 5 Dec 2011 22:15:29 +0000 +Subject: Bluetooth: Adding USB device 13d3:3375 as an Atheros AR3012. + +From: Eran + +commit 9498ba7a1d38d42eef4ef6d906ab1743c9f0fd6f upstream. + +The bluetooth module in the Asus UX31/UX21 is based on Atheros AR3012 +and requires a firmware to be uploaded before it's usable. + +output of usb-devices for this module: +T: Bus=01 Lev=02 Prnt=02 Port=07 Cnt=03 Dev#= 6 Spd=12 MxCh= 0 +D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=13d3 ProdID=3375 Rev=00.02 +S: Manufacturer=Atheros Communications +S: Product=Bluetooth USB Host Controller +S: SerialNumber=Alaska Day 2006 +C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA +I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb + +Signed-off-by: Eran +Tested-by: Michal Labedzki +Signed-off-by: Gustavo F. Padovan +Cc: Jonathan Nieder +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/ath3k.c | 2 ++ + drivers/bluetooth/btusb.c | 1 + + 2 files changed, 3 insertions(+) + +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -71,6 +71,7 @@ static struct usb_device_id ath3k_table[ + + /* Atheros AR3012 with sflash firmware*/ + { USB_DEVICE(0x0CF3, 0x3004) }, ++ { USB_DEVICE(0x13d3, 0x3375) }, + + /* Atheros AR5BBU12 with sflash firmware */ + { USB_DEVICE(0x0489, 0xE02C) }, +@@ -87,6 +88,7 @@ static struct usb_device_id ath3k_blist_ + + /* Atheros AR3012 with sflash firmware*/ + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + + { } /* Terminating entry */ + }; +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -126,6 +126,7 @@ static struct usb_device_id blacklist_ta + + /* Atheros 3012 with sflash firmware */ + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + + /* Atheros AR5BBU12 with sflash firmware */ + { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, diff --git a/queue-3.2/drm-radeon-disable-msi-on-rv515.patch b/queue-3.2/drm-radeon-disable-msi-on-rv515.patch new file mode 100644 index 00000000000..5f21ab821f2 --- /dev/null +++ b/queue-3.2/drm-radeon-disable-msi-on-rv515.patch @@ -0,0 +1,35 @@ +From 16a5e32b83fd946312b9b13590c75d20c95c5202 Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Fri, 13 Apr 2012 11:14:50 +0100 +Subject: drm/radeon: disable MSI on RV515 + +From: Dave Airlie + +commit 16a5e32b83fd946312b9b13590c75d20c95c5202 upstream. + +My rv515 card is very flaky with msi enabled. Every so often it loses a rearm +and never comes back, manually banging the rearm brings it back. + +Reviewed-by: Alex Deucher +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/radeon/radeon_irq_kms.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/gpu/drm/radeon/radeon_irq_kms.c ++++ b/drivers/gpu/drm/radeon/radeon_irq_kms.c +@@ -143,6 +143,12 @@ static bool radeon_msi_ok(struct radeon_ + (rdev->pdev->subsystem_device == 0x01fd)) + return true; + ++ /* RV515 seems to have MSI issues where it loses ++ * MSI rearms occasionally. This leads to lockups and freezes. ++ * disable it by default. ++ */ ++ if (rdev->family == CHIP_RV515) ++ return false; + if (rdev->flags & RADEON_IS_IGP) { + /* APUs work fine with MSIs */ + if (rdev->family >= CHIP_PALM) diff --git a/queue-3.2/drm-radeon-fix-load-detect-on-rn50-with-hardcoded-edids.patch b/queue-3.2/drm-radeon-fix-load-detect-on-rn50-with-hardcoded-edids.patch new file mode 100644 index 00000000000..f742abaa474 --- /dev/null +++ b/queue-3.2/drm-radeon-fix-load-detect-on-rn50-with-hardcoded-edids.patch @@ -0,0 +1,43 @@ +From a09d431f344d854e4fe9cfac44f78cb8202f3eb7 Mon Sep 17 00:00:00 2001 +From: Dave Airlie +Date: Thu, 19 Apr 2012 15:42:58 +0100 +Subject: drm/radeon: fix load detect on rn50 with hardcoded EDIDs. + +From: Dave Airlie + +commit a09d431f344d854e4fe9cfac44f78cb8202f3eb7 upstream. + +When the force changes went in back in 3.3.0, we ended up returning +disconnected in the !force case, and the connected in when forced, +as it hit the hardcoded check. + +Fix it so all exits go via the hardcoded check and stop spurious +modesets on platforms with hardcoded EDIDs. + +Reported-by: Evan McNabb (Red Hat) +Reviewed-by: Alex Deucher +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/radeon/radeon_connectors.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/radeon/radeon_connectors.c ++++ b/drivers/gpu/drm/radeon/radeon_connectors.c +@@ -976,6 +976,7 @@ radeon_dvi_detect(struct drm_connector * + * cases the DVI port is actually a virtual KVM port connected to the service + * processor. + */ ++out: + if ((!rdev->is_atom_bios) && + (ret == connector_status_disconnected) && + rdev->mode_info.bios_hardcoded_edid_size) { +@@ -983,7 +984,6 @@ radeon_dvi_detect(struct drm_connector * + ret = connector_status_connected; + } + +-out: + /* updated in get modes as well since we need to know if it's analog or digital */ + radeon_connector_update_scratch_regs(connector, ret); + return ret; diff --git a/queue-3.2/drm-radeon-kms-fix-the-regression-of-dvi-connector-check.patch b/queue-3.2/drm-radeon-kms-fix-the-regression-of-dvi-connector-check.patch new file mode 100644 index 00000000000..86b5dd79992 --- /dev/null +++ b/queue-3.2/drm-radeon-kms-fix-the-regression-of-dvi-connector-check.patch @@ -0,0 +1,36 @@ +From e36325071832f1ba96ac54fb8ba1459f08b05dd8 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 18 Apr 2012 15:21:07 +0200 +Subject: drm/radeon/kms: fix the regression of DVI connector check + +From: Takashi Iwai + +commit e36325071832f1ba96ac54fb8ba1459f08b05dd8 upstream. + +The check of the encoder type in the commit [e00e8b5e: drm/radeon/kms: +fix analog load detection on DVI-I connectors] is obviously wrong, and +it's the culprit of the regression on my workstation with DVI-analog +connection resulting in the blank output. + +Fixed the typo now. + +Signed-off-by: Takashi Iwai +Reviewed-by: Alex Deucher +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/radeon/radeon_connectors.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/radeon/radeon_connectors.c ++++ b/drivers/gpu/drm/radeon/radeon_connectors.c +@@ -946,7 +946,7 @@ radeon_dvi_detect(struct drm_connector * + + encoder = obj_to_encoder(obj); + +- if (encoder->encoder_type != DRM_MODE_ENCODER_DAC || ++ if (encoder->encoder_type != DRM_MODE_ENCODER_DAC && + encoder->encoder_type != DRM_MODE_ENCODER_TVDAC) + continue; + diff --git a/queue-3.2/futex-do-not-leak-robust-list-to-unprivileged-process.patch b/queue-3.2/futex-do-not-leak-robust-list-to-unprivileged-process.patch new file mode 100644 index 00000000000..7e1bfe300d2 --- /dev/null +++ b/queue-3.2/futex-do-not-leak-robust-list-to-unprivileged-process.patch @@ -0,0 +1,166 @@ +From bdbb776f882f5ad431aa1e694c69c1c3d6a4a5b8 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Mon, 19 Mar 2012 16:12:53 -0700 +Subject: futex: Do not leak robust list to unprivileged process + +From: Kees Cook + +commit bdbb776f882f5ad431aa1e694c69c1c3d6a4a5b8 upstream. + +It was possible to extract the robust list head address from a setuid +process if it had used set_robust_list(), allowing an ASLR info leak. This +changes the permission checks to be the same as those used for similar +info that comes out of /proc. + +Running a setuid program that uses robust futexes would have had: + cred->euid != pcred->euid + cred->euid == pcred->uid +so the old permissions check would allow it. I'm not aware of any setuid +programs that use robust futexes, so this is just a preventative measure. + +(This patch is based on changes from grsecurity.) + +Signed-off-by: Kees Cook +Cc: Darren Hart +Cc: Peter Zijlstra +Cc: Jiri Kosina +Cc: Eric W. Biederman +Cc: David Howells +Cc: Serge E. Hallyn +Cc: kernel-hardening@lists.openwall.com +Cc: spender@grsecurity.net +Link: http://lkml.kernel.org/r/20120319231253.GA20893@www.outflux.net +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/futex.c | 36 +++++++++++++----------------------- + kernel/futex_compat.c | 36 +++++++++++++----------------------- + 2 files changed, 26 insertions(+), 46 deletions(-) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -59,6 +59,7 @@ + #include + #include + #include ++#include + + #include + +@@ -2443,40 +2444,29 @@ SYSCALL_DEFINE3(get_robust_list, int, pi + { + struct robust_list_head __user *head; + unsigned long ret; +- const struct cred *cred = current_cred(), *pcred; ++ struct task_struct *p; + + if (!futex_cmpxchg_enabled) + return -ENOSYS; + ++ rcu_read_lock(); ++ ++ ret = -ESRCH; + if (!pid) +- head = current->robust_list; ++ p = current; + else { +- struct task_struct *p; +- +- ret = -ESRCH; +- rcu_read_lock(); + p = find_task_by_vpid(pid); + if (!p) + goto err_unlock; +- ret = -EPERM; +- pcred = __task_cred(p); +- /* If victim is in different user_ns, then uids are not +- comparable, so we must have CAP_SYS_PTRACE */ +- if (cred->user->user_ns != pcred->user->user_ns) { +- if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) +- goto err_unlock; +- goto ok; +- } +- /* If victim is in same user_ns, then uids are comparable */ +- if (cred->euid != pcred->euid && +- cred->euid != pcred->uid && +- !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) +- goto err_unlock; +-ok: +- head = p->robust_list; +- rcu_read_unlock(); + } + ++ ret = -EPERM; ++ if (!ptrace_may_access(p, PTRACE_MODE_READ)) ++ goto err_unlock; ++ ++ head = p->robust_list; ++ rcu_read_unlock(); ++ + if (put_user(sizeof(*head), len_ptr)) + return -EFAULT; + return put_user(head, head_ptr); +--- a/kernel/futex_compat.c ++++ b/kernel/futex_compat.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + + #include + +@@ -136,40 +137,29 @@ compat_sys_get_robust_list(int pid, comp + { + struct compat_robust_list_head __user *head; + unsigned long ret; +- const struct cred *cred = current_cred(), *pcred; ++ struct task_struct *p; + + if (!futex_cmpxchg_enabled) + return -ENOSYS; + ++ rcu_read_lock(); ++ ++ ret = -ESRCH; + if (!pid) +- head = current->compat_robust_list; ++ p = current; + else { +- struct task_struct *p; +- +- ret = -ESRCH; +- rcu_read_lock(); + p = find_task_by_vpid(pid); + if (!p) + goto err_unlock; +- ret = -EPERM; +- pcred = __task_cred(p); +- /* If victim is in different user_ns, then uids are not +- comparable, so we must have CAP_SYS_PTRACE */ +- if (cred->user->user_ns != pcred->user->user_ns) { +- if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) +- goto err_unlock; +- goto ok; +- } +- /* If victim is in same user_ns, then uids are comparable */ +- if (cred->euid != pcred->euid && +- cred->euid != pcred->uid && +- !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) +- goto err_unlock; +-ok: +- head = p->compat_robust_list; +- rcu_read_unlock(); + } + ++ ret = -EPERM; ++ if (!ptrace_may_access(p, PTRACE_MODE_READ)) ++ goto err_unlock; ++ ++ head = p->compat_robust_list; ++ rcu_read_unlock(); ++ + if (put_user(sizeof(*head), len_ptr)) + return -EFAULT; + return put_user(ptr_to_compat(head), head_ptr); diff --git a/queue-3.2/series b/queue-3.2/series index 932c0f719e5..b14d812d684 100644 --- a/queue-3.2/series +++ b/queue-3.2/series @@ -59,3 +59,10 @@ pch_gbe-memory-corruption-calling-pch_gbe_validate_option.patch pch_dma-support-new-device-lapis-semiconductor-ml7831-ioh.patch spi-topcliff-pch-fix-wuninitialized-warning.patch spi-topcliff-pch-support-new-device-lapis-semiconductor.patch +bluetooth-adding-usb-device-13d3-3375-as-an-atheros-ar3012.patch +bluetooth-add-atheros-maryann-pidvid-support.patch +bluetooth-add-support-for-bcm20702a0.patch +futex-do-not-leak-robust-list-to-unprivileged-process.patch +drm-radeon-kms-fix-the-regression-of-dvi-connector-check.patch +drm-radeon-disable-msi-on-rv515.patch +drm-radeon-fix-load-detect-on-rn50-with-hardcoded-edids.patch