From 296c422934dfae44798e6b7c07daca5b98a7c7c6 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 18 Mar 2013 10:21:14 -0700
Subject: [PATCH] 3.0-stable patches

added patches:
	alsa-seq-fix-missing-error-handling-in-snd_seq_timer_open.patch
	hwmon-lineage-pem-add-missing-terminating-entry-for-pem__attributes.patch
	w1-fix-oops-when-w1_search-is-called-from-netlink-connector.patch
---
 ...error-handling-in-snd_seq_timer_open.patch | 74 +++++++++++++++++++
 ...erminating-entry-for-pem__attributes.patch | 36 +++++++++
 queue-3.0/series                              |  3 +
 ...rch-is-called-from-netlink-connector.patch | 53 +++++++++++++
 4 files changed, 166 insertions(+)
 create mode 100644 queue-3.0/alsa-seq-fix-missing-error-handling-in-snd_seq_timer_open.patch
 create mode 100644 queue-3.0/hwmon-lineage-pem-add-missing-terminating-entry-for-pem__attributes.patch
 create mode 100644 queue-3.0/w1-fix-oops-when-w1_search-is-called-from-netlink-connector.patch

diff --git a/queue-3.0/alsa-seq-fix-missing-error-handling-in-snd_seq_timer_open.patch b/queue-3.0/alsa-seq-fix-missing-error-handling-in-snd_seq_timer_open.patch
new file mode 100644
index 00000000000..b33585d8969
--- /dev/null
+++ b/queue-3.0/alsa-seq-fix-missing-error-handling-in-snd_seq_timer_open.patch
@@ -0,0 +1,74 @@
+From 66efdc71d95887b652a742a5dae51fa834d71465 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 8 Mar 2013 18:11:17 +0100
+Subject: ALSA: seq: Fix missing error handling in snd_seq_timer_open()
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 66efdc71d95887b652a742a5dae51fa834d71465 upstream.
+
+snd_seq_timer_open() didn't catch the whole error path but let through
+if the timer id is a slave.  This may lead to Oops by accessing the
+uninitialized pointer.
+
+ BUG: unable to handle kernel NULL pointer dereference at 00000000000002ae
+ IP: [<ffffffff819b3477>] snd_seq_timer_open+0xe7/0x130
+ PGD 785cd067 PUD 76964067 PMD 0
+ Oops: 0002 [#4] SMP
+ CPU 0
+ Pid: 4288, comm: trinity-child7 Tainted: G      D W 3.9.0-rc1+ #100 Bochs Bochs
+ RIP: 0010:[<ffffffff819b3477>]  [<ffffffff819b3477>] snd_seq_timer_open+0xe7/0x130
+ RSP: 0018:ffff88006ece7d38  EFLAGS: 00010246
+ RAX: 0000000000000286 RBX: ffff88007851b400 RCX: 0000000000000000
+ RDX: 000000000000ffff RSI: ffff88006ece7d58 RDI: ffff88006ece7d38
+ RBP: ffff88006ece7d98 R08: 000000000000000a R09: 000000000000fffe
+ R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
+ R13: ffff8800792c5400 R14: 0000000000e8f000 R15: 0000000000000007
+ FS:  00007f7aaa650700(0000) GS:ffff88007f800000(0000) GS:0000000000000000
+ CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 00000000000002ae CR3: 000000006efec000 CR4: 00000000000006f0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+ Process trinity-child7 (pid: 4288, threadinfo ffff88006ece6000, task ffff880076a8a290)
+ Stack:
+  0000000000000286 ffffffff828f2be0 ffff88006ece7d58 ffffffff810f354d
+  65636e6575716573 2065756575712072 ffff8800792c0030 0000000000000000
+  ffff88006ece7d98 ffff8800792c5400 ffff88007851b400 ffff8800792c5520
+ Call Trace:
+  [<ffffffff810f354d>] ? trace_hardirqs_on+0xd/0x10
+  [<ffffffff819b17e9>] snd_seq_queue_timer_open+0x29/0x70
+  [<ffffffff819ae01a>] snd_seq_ioctl_set_queue_timer+0xda/0x120
+  [<ffffffff819acb9b>] snd_seq_do_ioctl+0x9b/0xd0
+  [<ffffffff819acbe0>] snd_seq_ioctl+0x10/0x20
+  [<ffffffff811b9542>] do_vfs_ioctl+0x522/0x570
+  [<ffffffff8130a4b3>] ? file_has_perm+0x83/0xa0
+  [<ffffffff810f354d>] ? trace_hardirqs_on+0xd/0x10
+  [<ffffffff811b95ed>] sys_ioctl+0x5d/0xa0
+  [<ffffffff813663fe>] ? trace_hardirqs_on_thunk+0x3a/0x3f
+  [<ffffffff81faed69>] system_call_fastpath+0x16/0x1b
+
+Reported-and-tested-by: Tommi Rantala <tt.rantala@gmail.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/core/seq/seq_timer.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/sound/core/seq/seq_timer.c
++++ b/sound/core/seq/seq_timer.c
+@@ -290,10 +290,10 @@ int snd_seq_timer_open(struct snd_seq_qu
+ 			tid.device = SNDRV_TIMER_GLOBAL_SYSTEM;
+ 			err = snd_timer_open(&t, str, &tid, q->queue);
+ 		}
+-		if (err < 0) {
+-			snd_printk(KERN_ERR "seq fatal error: cannot create timer (%i)\n", err);
+-			return err;
+-		}
++	}
++	if (err < 0) {
++		snd_printk(KERN_ERR "seq fatal error: cannot create timer (%i)\n", err);
++		return err;
+ 	}
+ 	t->callback = snd_seq_timer_interrupt;
+ 	t->callback_data = q;
diff --git a/queue-3.0/hwmon-lineage-pem-add-missing-terminating-entry-for-pem__attributes.patch b/queue-3.0/hwmon-lineage-pem-add-missing-terminating-entry-for-pem__attributes.patch
new file mode 100644
index 00000000000..15640ce25d0
--- /dev/null
+++ b/queue-3.0/hwmon-lineage-pem-add-missing-terminating-entry-for-pem__attributes.patch
@@ -0,0 +1,36 @@
+From df069079c153d22adf6c28dcc0b1cf62bba75167 Mon Sep 17 00:00:00 2001
+From: Axel Lin <axel.lin@ingics.com>
+Date: Thu, 14 Mar 2013 16:27:18 +0800
+Subject: hwmon: (lineage-pem) Add missing terminating entry for pem_[input|fan]_attributes
+
+From: Axel Lin <axel.lin@ingics.com>
+
+commit df069079c153d22adf6c28dcc0b1cf62bba75167 upstream.
+
+Signed-off-by: Axel Lin <axel.lin@ingics.com>
+Acked-by: Jean Delvare <khali@linux-fr.org>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hwmon/lineage-pem.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/hwmon/lineage-pem.c
++++ b/drivers/hwmon/lineage-pem.c
+@@ -421,6 +421,7 @@ static struct attribute *pem_input_attri
+ 	&sensor_dev_attr_in2_input.dev_attr.attr,
+ 	&sensor_dev_attr_curr1_input.dev_attr.attr,
+ 	&sensor_dev_attr_power1_input.dev_attr.attr,
++	NULL
+ };
+ 
+ static const struct attribute_group pem_input_group = {
+@@ -431,6 +432,7 @@ static struct attribute *pem_fan_attribu
+ 	&sensor_dev_attr_fan1_input.dev_attr.attr,
+ 	&sensor_dev_attr_fan2_input.dev_attr.attr,
+ 	&sensor_dev_attr_fan3_input.dev_attr.attr,
++	NULL
+ };
+ 
+ static const struct attribute_group pem_fan_group = {
diff --git a/queue-3.0/series b/queue-3.0/series
index 1a5ae38d35d..99fec7d6106 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -14,3 +14,6 @@ tty-serial-fix-typo-arch_s5p6450.patch
 tty-do-not-reset-master-s-packet-mode.patch
 md-protect-against-crash-upon-fsync-on-ro-array.patch
 revert-duplicated-perf-commit.patch
+alsa-seq-fix-missing-error-handling-in-snd_seq_timer_open.patch
+hwmon-lineage-pem-add-missing-terminating-entry-for-pem__attributes.patch
+w1-fix-oops-when-w1_search-is-called-from-netlink-connector.patch
diff --git a/queue-3.0/w1-fix-oops-when-w1_search-is-called-from-netlink-connector.patch b/queue-3.0/w1-fix-oops-when-w1_search-is-called-from-netlink-connector.patch
new file mode 100644
index 00000000000..6896736114c
--- /dev/null
+++ b/queue-3.0/w1-fix-oops-when-w1_search-is-called-from-netlink-connector.patch
@@ -0,0 +1,53 @@
+From 9d1817cab2f030f6af360e961cc69bb1da8ad765 Mon Sep 17 00:00:00 2001
+From: Marcin Jurkowski <marcin1j@gmail.com>
+Date: Sat, 2 Mar 2013 14:50:15 +0100
+Subject: w1: fix oops when w1_search is called from netlink connector
+
+From: Marcin Jurkowski <marcin1j@gmail.com>
+
+commit 9d1817cab2f030f6af360e961cc69bb1da8ad765 upstream.
+
+On Sat, Mar 02, 2013 at 10:45:10AM +0100, Sven Geggus wrote:
+> This is the bad commit I found doing git bisect:
+> 04f482faf50535229a5a5c8d629cf963899f857c is the first bad commit
+> commit 04f482faf50535229a5a5c8d629cf963899f857c
+> Author: Patrick McHardy <kaber@trash.net>
+> Date:   Mon Mar 28 08:39:36 2011 +0000
+
+Good job. I was too lazy to bisect for bad commit;)
+
+Reading the code I found problematic kthread_should_stop call from netlink
+connector which causes the oops. After applying a patch, I've been testing
+owfs+w1 setup for nearly two days and it seems to work very reliable (no
+hangs, no memleaks etc).
+More detailed description and possible fix is given below:
+
+Function w1_search can be called from either kthread or netlink callback.
+While the former works fine, the latter causes oops due to kthread_should_stop
+invocation.
+
+This patch adds a check if w1_search is serving netlink command, skipping
+kthread_should_stop invocation if so.
+
+Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
+Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
+Cc: Josh Boyer <jwboyer@gmail.com>
+Tested-by: Sven Geggus <lists@fuchsschwanzdomain.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/w1/w1.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/w1/w1.c
++++ b/drivers/w1/w1.c
+@@ -918,7 +918,8 @@ void w1_search(struct w1_master *dev, u8
+ 			tmp64 = (triplet_ret >> 2);
+ 			rn |= (tmp64 << i);
+ 
+-			if (kthread_should_stop()) {
++			/* ensure we're called from kthread and not by netlink callback */
++			if (!dev->priv && kthread_should_stop()) {
+ 				dev_dbg(&dev->dev, "Abort w1_search\n");
+ 				return;
+ 			}
-- 
2.47.3