From ce8e85c9225b2b7b98146cca276e1cf44fd93f21 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 1 Apr 2013 12:54:58 -0700 Subject: [PATCH] 3.8-stable patches added patches: bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch tile-expect-new-initramfs-name-from-hypervisor-file-system.patch --- ...sco-sockets-in-the-bt_connect2-state.patch | 96 +++++++++++++++++++ queue-3.8/series | 2 + ...mfs-name-from-hypervisor-file-system.patch | 77 +++++++++++++++ 3 files changed, 175 insertions(+) create mode 100644 queue-3.8/bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch create mode 100644 queue-3.8/tile-expect-new-initramfs-name-from-hypervisor-file-system.patch diff --git a/queue-3.8/bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch b/queue-3.8/bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch new file mode 100644 index 00000000000..02a02c67741 --- /dev/null +++ b/queue-3.8/bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch @@ -0,0 +1,96 @@ +From eb20ff9c91ddcb2d55c1849a87d3db85af5e88a9 Mon Sep 17 00:00:00 2001 +From: Vinicius Costa Gomes +Date: Wed, 13 Mar 2013 19:46:20 -0300 +Subject: Bluetooth: Fix not closing SCO sockets in the BT_CONNECT2 state + +From: Vinicius Costa Gomes + +commit eb20ff9c91ddcb2d55c1849a87d3db85af5e88a9 upstream. + +With deferred setup for SCO, it is possible that userspace closes the +socket when it is in the BT_CONNECT2 state, after the Connect Request is +received but before the Accept Synchonous Connection is sent. + +If this happens the following crash was observed, when the connection is +terminated: + +[ +0.000003] hci_sync_conn_complete_evt: hci0 status 0x10 +[ +0.000005] sco_connect_cfm: hcon ffff88003d1bd800 bdaddr 40:98:4e:32:d7:39 status 16 +[ +0.000003] sco_conn_del: hcon ffff88003d1bd800 conn ffff88003cc8e300, err 110 +[ +0.000015] BUG: unable to handle kernel NULL pointer dereference at 0000000000000199 +[ +0.000906] IP: [] __lock_acquire+0xed/0xe82 +[ +0.000000] PGD 3d21f067 PUD 3d291067 PMD 0 +[ +0.000000] Oops: 0002 [#1] SMP +[ +0.000000] Modules linked in: rfcomm bnep btusb bluetooth +[ +0.000000] CPU 0 +[ +0.000000] Pid: 1481, comm: kworker/u:2H Not tainted 3.9.0-rc1-25019-gad82cdd #1 Bochs Bochs +[ +0.000000] RIP: 0010:[] [] __lock_acquire+0xed/0xe82 +[ +0.000000] RSP: 0018:ffff88003c3c19d8 EFLAGS: 00010002 +[ +0.000000] RAX: 0000000000000001 RBX: 0000000000000246 RCX: 0000000000000000 +[ +0.000000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88003d1be868 +[ +0.000000] RBP: ffff88003c3c1a98 R08: 0000000000000002 R09: 0000000000000000 +[ +0.000000] R10: ffff88003d1be868 R11: ffff88003e20b000 R12: 0000000000000002 +[ +0.000000] R13: ffff88003aaa8000 R14: 000000000000006e R15: ffff88003d1be850 +[ +0.000000] FS: 0000000000000000(0000) GS:ffff88003e200000(0000) knlGS:0000000000000000 +[ +0.000000] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +[ +0.000000] CR2: 0000000000000199 CR3: 000000003c1cb000 CR4: 00000000000006b0 +[ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ +0.000000] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 +[ +0.000000] Process kworker/u:2H (pid: 1481, threadinfo ffff88003c3c0000, task ffff88003aaa8000) +[ +0.000000] Stack: +[ +0.000000] ffffffff81b16342 0000000000000000 0000000000000000 ffff88003d1be868 +[ +0.000000] ffffffff00000000 00018c0c7863e367 000000003c3c1a28 ffffffff8101efbd +[ +0.000000] 0000000000000000 ffff88003e3d2400 ffff88003c3c1a38 ffffffff81007c7a +[ +0.000000] Call Trace: +[ +0.000000] [] ? kvm_clock_read+0x34/0x3b +[ +0.000000] [] ? paravirt_sched_clock+0x9/0xd +[ +0.000000] [] ? sched_clock+0x9/0xb +[ +0.000000] [] ? sched_clock_local+0x12/0x75 +[ +0.000000] [] lock_acquire+0x93/0xb1 +[ +0.000000] [] ? spin_lock+0x9/0xb [bluetooth] +[ +0.000000] [] ? lock_release_holdtime.part.22+0x4e/0x55 +[ +0.000000] [] _raw_spin_lock+0x40/0x74 +[ +0.000000] [] ? spin_lock+0x9/0xb [bluetooth] +[ +0.000000] [] ? _raw_spin_unlock+0x23/0x36 +[ +0.000000] [] spin_lock+0x9/0xb [bluetooth] +[ +0.000000] [] sco_conn_del+0x76/0xbb [bluetooth] +[ +0.000000] [] sco_connect_cfm+0x2da/0x2e9 [bluetooth] +[ +0.000000] [] hci_proto_connect_cfm+0x38/0x65 [bluetooth] +[ +0.000000] [] hci_sync_conn_complete_evt.isra.79+0x11a/0x13e [bluetooth] +[ +0.000000] [] hci_event_packet+0x153b/0x239d [bluetooth] +[ +0.000000] [] ? _raw_spin_unlock_irqrestore+0x48/0x5c +[ +0.000000] [] hci_rx_work+0xf3/0x2e3 [bluetooth] +[ +0.000000] [] process_one_work+0x1dc/0x30b +[ +0.000000] [] ? process_one_work+0x172/0x30b +[ +0.000000] [] ? spin_lock_irq+0x9/0xb +[ +0.000000] [] worker_thread+0x123/0x1d2 +[ +0.000000] [] ? manage_workers+0x240/0x240 +[ +0.000000] [] kthread+0x9d/0xa5 +[ +0.000000] [] ? __kthread_parkme+0x60/0x60 +[ +0.000000] [] ret_from_fork+0x7c/0xb0 +[ +0.000000] [] ? __kthread_parkme+0x60/0x60 +[ +0.000000] Code: d7 44 89 8d 50 ff ff ff 4c 89 95 58 ff ff ff e8 44 fc ff ff 44 8b 8d 50 ff ff ff 48 85 c0 4c 8b 95 58 ff ff ff 0f 84 7a 04 00 00 ff 80 98 01 00 00 83 3d 25 41 a7 00 00 45 8b b5 e8 05 00 00 +[ +0.000000] RIP [] __lock_acquire+0xed/0xe82 +[ +0.000000] RSP +[ +0.000000] CR2: 0000000000000199 +[ +0.000000] ---[ end trace e73cd3b52352dd34 ]--- + +Signed-off-by: Vinicius Costa Gomes +Tested-by: Frederic Dalleau +Signed-off-by: Gustavo Padovan +Signed-off-by: Greg Kroah-Hartman + +--- + net/bluetooth/sco.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/bluetooth/sco.c ++++ b/net/bluetooth/sco.c +@@ -361,6 +361,7 @@ static void __sco_sock_close(struct sock + sco_chan_del(sk, ECONNRESET); + break; + ++ case BT_CONNECT2: + case BT_CONNECT: + case BT_DISCONN: + sco_chan_del(sk, ECONNRESET); diff --git a/queue-3.8/series b/queue-3.8/series index 01bb4205604..d1b0250ff81 100644 --- a/queue-3.8/series +++ b/queue-3.8/series @@ -1 +1,3 @@ sunrpc-add-barriers-to-ensure-read-ordering-in-rpc_wake_up_task_queue_locked.patch +tile-expect-new-initramfs-name-from-hypervisor-file-system.patch +bluetooth-fix-not-closing-sco-sockets-in-the-bt_connect2-state.patch diff --git a/queue-3.8/tile-expect-new-initramfs-name-from-hypervisor-file-system.patch b/queue-3.8/tile-expect-new-initramfs-name-from-hypervisor-file-system.patch new file mode 100644 index 00000000000..640372c0250 --- /dev/null +++ b/queue-3.8/tile-expect-new-initramfs-name-from-hypervisor-file-system.patch @@ -0,0 +1,77 @@ +From ff7f3efb9abf986f4ecd8793a9593f7ca4d6431a Mon Sep 17 00:00:00 2001 +From: Chris Metcalf +Date: Fri, 29 Mar 2013 13:50:21 -0400 +Subject: tile: expect new initramfs name from hypervisor file system + +From: Chris Metcalf + +commit ff7f3efb9abf986f4ecd8793a9593f7ca4d6431a upstream. + +The current Tilera boot infrastructure now provides the initramfs +to Linux as a Tilera-hypervisor file named "initramfs", rather than +"initramfs.cpio.gz", as before. (This makes it reasonable to use +other compression techniques than gzip on the file without having to +worry about the name causing confusion.) Adapt to use the new name, +but also fall back to checking for the old name. + +Cc'ing to stable so that older kernels will remain compatible with +newer Tilera boot infrastructure. + +Signed-off-by: Chris Metcalf +Signed-off-by: Greg Kroah-Hartman + +--- + arch/tile/kernel/setup.c | 25 ++++++++++++------------- + 1 file changed, 12 insertions(+), 13 deletions(-) + +--- a/arch/tile/kernel/setup.c ++++ b/arch/tile/kernel/setup.c +@@ -1004,15 +1004,8 @@ void __cpuinit setup_cpu(int boot) + + #ifdef CONFIG_BLK_DEV_INITRD + +-/* +- * Note that the kernel can potentially support other compression +- * techniques than gz, though we don't do so by default. If we ever +- * decide to do so we can either look for other filename extensions, +- * or just allow a file with this name to be compressed with an +- * arbitrary compressor (somewhat counterintuitively). +- */ + static int __initdata set_initramfs_file; +-static char __initdata initramfs_file[128] = "initramfs.cpio.gz"; ++static char __initdata initramfs_file[128] = "initramfs"; + + static int __init setup_initramfs_file(char *str) + { +@@ -1026,9 +1019,9 @@ static int __init setup_initramfs_file(c + early_param("initramfs_file", setup_initramfs_file); + + /* +- * We look for an "initramfs.cpio.gz" file in the hvfs. +- * If there is one, we allocate some memory for it and it will be +- * unpacked to the initramfs. ++ * We look for a file called "initramfs" in the hvfs. If there is one, we ++ * allocate some memory for it and it will be unpacked to the initramfs. ++ * If it's compressed, the initd code will uncompress it first. + */ + static void __init load_hv_initrd(void) + { +@@ -1038,10 +1031,16 @@ static void __init load_hv_initrd(void) + + fd = hv_fs_findfile((HV_VirtAddr) initramfs_file); + if (fd == HV_ENOENT) { +- if (set_initramfs_file) ++ if (set_initramfs_file) { + pr_warning("No such hvfs initramfs file '%s'\n", + initramfs_file); +- return; ++ return; ++ } else { ++ /* Try old backwards-compatible name. */ ++ fd = hv_fs_findfile((HV_VirtAddr)"initramfs.cpio.gz"); ++ if (fd == HV_ENOENT) ++ return; ++ } + } + BUG_ON(fd < 0); + stat = hv_fs_fstat(fd); -- 2.47.3