From: Greg Kroah-Hartman Date: Thu, 22 Dec 2011 19:07:08 +0000 (-0800) Subject: 3.0 patches X-Git-Tag: v3.0.15~9 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=26289f198c1e38324c70baceb0b088cf16bf8f32;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0 patches added patches: binary_sysctl-fix-memory-leak.patch block-initialize-request_queue-s-numa-node-during.patch input-synaptics-fix-touchpad-not-working-after-s2r-on-vostro-v13.patch mac80211-fix-another-race-in-aggregation-start.patch mxc-pwm-should-active-during-doze-wait-dbg-mode.patch percpu-fix-per_cpu_ptr_to_phys-handling-of-non-page-aligned-addresses.patch scsi-fcoe-fix-preempt-count-leak-in-fcoe_filter_frames.patch scsi-mpt2sas-_scsih_smart_predicted_fault-uses-gfp_kernel-in-interrupt-context.patch scsi-zfcp-return-early-from-slave_destroy-if-slave_alloc-returned-early.patch ssb-fix-init-regression-with-socs.patch --- diff --git a/queue-3.0/binary_sysctl-fix-memory-leak.patch b/queue-3.0/binary_sysctl-fix-memory-leak.patch new file mode 100644 index 00000000000..0357332960a --- /dev/null +++ b/queue-3.0/binary_sysctl-fix-memory-leak.patch @@ -0,0 +1,46 @@ +From 3d3c8f93a237b64580c5c5e138edeb1377e98230 Mon Sep 17 00:00:00 2001 +From: Michel Lespinasse +Date: Mon, 19 Dec 2011 17:12:06 -0800 +Subject: binary_sysctl(): fix memory leak + +From: Michel Lespinasse + +commit 3d3c8f93a237b64580c5c5e138edeb1377e98230 upstream. + +binary_sysctl() calls sysctl_getname() which allocates from names_cache +slab usin __getname() + +The matching function to free the name is __putname(), and not putname() +which should be used only to match getname() allocations. + +This is because when auditing is enabled, putname() calls audit_putname +*instead* (not in addition) to __putname(). Then, if a syscall is in +progress, audit_putname does not release the name - instead, it expects +the name to get released when the syscall completes, but that will happen +only if audit_getname() was called previously, i.e. if the name was +allocated with getname() rather than the naked __getname(). So, +__getname() followed by putname() ends up leaking memory. + +Signed-off-by: Michel Lespinasse +Acked-by: Al Viro +Cc: Christoph Hellwig +Cc: Eric Paris +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sysctl_binary.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/sysctl_binary.c ++++ b/kernel/sysctl_binary.c +@@ -1354,7 +1354,7 @@ static ssize_t binary_sysctl(const int * + + fput(file); + out_putname: +- putname(pathname); ++ __putname(pathname); + out: + return result; + } diff --git a/queue-3.0/block-initialize-request_queue-s-numa-node-during.patch b/queue-3.0/block-initialize-request_queue-s-numa-node-during.patch new file mode 100644 index 00000000000..0e0f101fa5a --- /dev/null +++ b/queue-3.0/block-initialize-request_queue-s-numa-node-during.patch @@ -0,0 +1,105 @@ +From 5151412dd4338b273afdb107c3772528e9e67d92 Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Wed, 23 Nov 2011 10:59:13 +0100 +Subject: block: initialize request_queue's numa node during + +From: Mike Snitzer + +commit 5151412dd4338b273afdb107c3772528e9e67d92 upstream. + +struct request_queue is allocated with __GFP_ZERO so its "node" field is +zero before initialization. This causes an oops if node 0 is offline in +the page allocator because its zonelists are not initialized. From Dave +Young's dmesg: + + SRAT: Node 1 PXM 2 0-d0000000 + SRAT: Node 1 PXM 2 100000000-330000000 + SRAT: Node 0 PXM 1 330000000-630000000 + Initmem setup node 1 0000000000000000-000000000affb000 + ... + Built 1 zonelists in Node order, mobility grouping on. + ... + BUG: unable to handle kernel paging request at 0000000000001c08 + IP: [] __alloc_pages_nodemask+0xb5/0x870 + +and __alloc_pages_nodemask+0xb5 translates to a NULL pointer on +zonelist->_zonerefs. + +The fix is to initialize q->node at the time of allocation so the correct +node is passed to the slab allocator later. + +Since blk_init_allocated_queue_node() is no longer needed, merge it with +blk_init_allocated_queue(). + +[rientjes@google.com: changelog, initializing q->node] +Reported-by: Dave Young +Signed-off-by: Mike Snitzer +Signed-off-by: David Rientjes +Tested-by: Dave Young +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/blk-core.c | 14 +++----------- + include/linux/blkdev.h | 3 --- + 2 files changed, 3 insertions(+), 14 deletions(-) + +--- a/block/blk-core.c ++++ b/block/blk-core.c +@@ -418,6 +418,7 @@ struct request_queue *blk_alloc_queue_no + q->backing_dev_info.state = 0; + q->backing_dev_info.capabilities = BDI_CAP_MAP_COPY; + q->backing_dev_info.name = "block"; ++ q->node = node_id; + + err = bdi_init(&q->backing_dev_info); + if (err) { +@@ -502,7 +503,7 @@ blk_init_queue_node(request_fn_proc *rfn + if (!uninit_q) + return NULL; + +- q = blk_init_allocated_queue_node(uninit_q, rfn, lock, node_id); ++ q = blk_init_allocated_queue(uninit_q, rfn, lock); + if (!q) + blk_cleanup_queue(uninit_q); + +@@ -514,18 +515,9 @@ struct request_queue * + blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn, + spinlock_t *lock) + { +- return blk_init_allocated_queue_node(q, rfn, lock, -1); +-} +-EXPORT_SYMBOL(blk_init_allocated_queue); +- +-struct request_queue * +-blk_init_allocated_queue_node(struct request_queue *q, request_fn_proc *rfn, +- spinlock_t *lock, int node_id) +-{ + if (!q) + return NULL; + +- q->node = node_id; + if (blk_init_free_list(q)) + return NULL; + +@@ -555,7 +547,7 @@ blk_init_allocated_queue_node(struct req + + return NULL; + } +-EXPORT_SYMBOL(blk_init_allocated_queue_node); ++EXPORT_SYMBOL(blk_init_allocated_queue); + + int blk_get_queue(struct request_queue *q) + { +--- a/include/linux/blkdev.h ++++ b/include/linux/blkdev.h +@@ -798,9 +798,6 @@ extern void blk_unprep_request(struct re + */ + extern struct request_queue *blk_init_queue_node(request_fn_proc *rfn, + spinlock_t *lock, int node_id); +-extern struct request_queue *blk_init_allocated_queue_node(struct request_queue *, +- request_fn_proc *, +- spinlock_t *, int node_id); + extern struct request_queue *blk_init_queue(request_fn_proc *, spinlock_t *); + extern struct request_queue *blk_init_allocated_queue(struct request_queue *, + request_fn_proc *, spinlock_t *); diff --git a/queue-3.0/input-synaptics-fix-touchpad-not-working-after-s2r-on-vostro-v13.patch b/queue-3.0/input-synaptics-fix-touchpad-not-working-after-s2r-on-vostro-v13.patch new file mode 100644 index 00000000000..807d26e9550 --- /dev/null +++ b/queue-3.0/input-synaptics-fix-touchpad-not-working-after-s2r-on-vostro-v13.patch @@ -0,0 +1,53 @@ +From 8521478f67e95ada4e87970c7b41e504c724b2cf Mon Sep 17 00:00:00 2001 +From: Dmitry Torokhov +Date: Mon, 12 Dec 2011 00:05:53 -0800 +Subject: Input: synaptics - fix touchpad not working after S2R on Vostro V13 + +From: Dmitry Torokhov + +commit 8521478f67e95ada4e87970c7b41e504c724b2cf upstream. + +Synaptics touchpads on several Dell laptops, particularly Vostro V13 +systems, may not respond properly to PS/2 commands and queries immediately +after resuming from suspend to RAM. This leads to unresponsive touchpad +after suspend/resume cycle. + +Adding a 1-second delay after resetting the device allows touchpad to +finish initializing (calibrating?) and start reacting properly. + +Reported-by: Daniel Manrique +Tested-by: Daniel Manrique +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/synaptics.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -24,6 +24,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -760,6 +761,16 @@ static int synaptics_reconnect(struct ps + + do { + psmouse_reset(psmouse); ++ if (retry) { ++ /* ++ * On some boxes, right after resuming, the touchpad ++ * needs some time to finish initializing (I assume ++ * it needs time to calibrate) and start responding ++ * to Synaptics-specific queries, so let's wait a ++ * bit. ++ */ ++ ssleep(1); ++ } + error = synaptics_detect(psmouse, 0); + } while (error && ++retry < 3); + diff --git a/queue-3.0/mac80211-fix-another-race-in-aggregation-start.patch b/queue-3.0/mac80211-fix-another-race-in-aggregation-start.patch new file mode 100644 index 00000000000..2d8367ff701 --- /dev/null +++ b/queue-3.0/mac80211-fix-another-race-in-aggregation-start.patch @@ -0,0 +1,166 @@ +From 15062e6a8524f5977f2cbdf6e3eb2f144262f74e Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Wed, 7 Dec 2011 09:02:21 +0100 +Subject: mac80211: fix another race in aggregation start + +From: Johannes Berg + +commit 15062e6a8524f5977f2cbdf6e3eb2f144262f74e upstream. + +Emmanuel noticed that when mac80211 stops the queues +for aggregation that can leave a packet pending. This +packet will be given to the driver after the AMPDU +callback, but as a non-aggregated packet which messes +up the sequence number etc. + +I also noticed by looking at the code that if packets +are being processed while we clear the WANT_START bit, +they might see it cleared already and queue up on +tid_tx->pending. If the driver then rejects the new +aggregation session we leak the packet. + +Fix both of these issues by changing this code to not +stop the queues at all. Instead, let packets queue up +on the tid_tx->pending queue instead of letting them +get to the driver, and add code to recover properly +in case the driver rejects the session. + +(The patch looks large because it has to move two +functions to before their new use.) + +Reported-by: Emmanuel Grumbach +Signed-off-by: Johannes Berg +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/agg-tx.c | 86 +++++++++++++++++++++++--------------------------- + 1 file changed, 41 insertions(+), 45 deletions(-) + +--- a/net/mac80211/agg-tx.c ++++ b/net/mac80211/agg-tx.c +@@ -304,6 +304,38 @@ ieee80211_wake_queue_agg(struct ieee8021 + __release(agg_queue); + } + ++/* ++ * splice packets from the STA's pending to the local pending, ++ * requires a call to ieee80211_agg_splice_finish later ++ */ ++static void __acquires(agg_queue) ++ieee80211_agg_splice_packets(struct ieee80211_local *local, ++ struct tid_ampdu_tx *tid_tx, u16 tid) ++{ ++ int queue = ieee80211_ac_from_tid(tid); ++ unsigned long flags; ++ ++ ieee80211_stop_queue_agg(local, tid); ++ ++ if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates" ++ " from the pending queue\n", tid)) ++ return; ++ ++ if (!skb_queue_empty(&tid_tx->pending)) { ++ spin_lock_irqsave(&local->queue_stop_reason_lock, flags); ++ /* copy over remaining packets */ ++ skb_queue_splice_tail_init(&tid_tx->pending, ++ &local->pending[queue]); ++ spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); ++ } ++} ++ ++static void __releases(agg_queue) ++ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid) ++{ ++ ieee80211_wake_queue_agg(local, tid); ++} ++ + void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) + { + struct tid_ampdu_tx *tid_tx; +@@ -315,19 +347,17 @@ void ieee80211_tx_ba_session_handle_star + tid_tx = rcu_dereference_protected_tid_tx(sta, tid); + + /* +- * While we're asking the driver about the aggregation, +- * stop the AC queue so that we don't have to worry +- * about frames that came in while we were doing that, +- * which would require us to put them to the AC pending +- * afterwards which just makes the code more complex. ++ * Start queuing up packets for this aggregation session. ++ * We're going to release them once the driver is OK with ++ * that. + */ +- ieee80211_stop_queue_agg(local, tid); +- + clear_bit(HT_AGG_STATE_WANT_START, &tid_tx->state); + + /* +- * make sure no packets are being processed to get +- * valid starting sequence number ++ * Make sure no packets are being processed. This ensures that ++ * we have a valid starting sequence number and that in-flight ++ * packets have been flushed out and no packets for this TID ++ * will go into the driver during the ampdu_action call. + */ + synchronize_net(); + +@@ -341,17 +371,15 @@ void ieee80211_tx_ba_session_handle_star + " tid %d\n", tid); + #endif + spin_lock_bh(&sta->lock); ++ ieee80211_agg_splice_packets(local, tid_tx, tid); + ieee80211_assign_tid_tx(sta, tid, NULL); ++ ieee80211_agg_splice_finish(local, tid); + spin_unlock_bh(&sta->lock); + +- ieee80211_wake_queue_agg(local, tid); + kfree_rcu(tid_tx, rcu_head); + return; + } + +- /* we can take packets again now */ +- ieee80211_wake_queue_agg(local, tid); +- + /* activate the timer for the recipient's addBA response */ + mod_timer(&tid_tx->addba_resp_timer, jiffies + ADDBA_RESP_INTERVAL); + #ifdef CONFIG_MAC80211_HT_DEBUG +@@ -471,38 +499,6 @@ int ieee80211_start_tx_ba_session(struct + } + EXPORT_SYMBOL(ieee80211_start_tx_ba_session); + +-/* +- * splice packets from the STA's pending to the local pending, +- * requires a call to ieee80211_agg_splice_finish later +- */ +-static void __acquires(agg_queue) +-ieee80211_agg_splice_packets(struct ieee80211_local *local, +- struct tid_ampdu_tx *tid_tx, u16 tid) +-{ +- int queue = ieee80211_ac_from_tid(tid); +- unsigned long flags; +- +- ieee80211_stop_queue_agg(local, tid); +- +- if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates" +- " from the pending queue\n", tid)) +- return; +- +- if (!skb_queue_empty(&tid_tx->pending)) { +- spin_lock_irqsave(&local->queue_stop_reason_lock, flags); +- /* copy over remaining packets */ +- skb_queue_splice_tail_init(&tid_tx->pending, +- &local->pending[queue]); +- spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); +- } +-} +- +-static void __releases(agg_queue) +-ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid) +-{ +- ieee80211_wake_queue_agg(local, tid); +-} +- + static void ieee80211_agg_tx_operational(struct ieee80211_local *local, + struct sta_info *sta, u16 tid) + { diff --git a/queue-3.0/mxc-pwm-should-active-during-doze-wait-dbg-mode.patch b/queue-3.0/mxc-pwm-should-active-during-doze-wait-dbg-mode.patch new file mode 100644 index 00000000000..19b47a7ce4c --- /dev/null +++ b/queue-3.0/mxc-pwm-should-active-during-doze-wait-dbg-mode.patch @@ -0,0 +1,40 @@ +From c0d96aed8c6dd925afe9ea35491a0cd458642a86 Mon Sep 17 00:00:00 2001 +From: Jason Chen +Date: Wed, 30 Nov 2011 11:34:27 +0800 +Subject: MXC PWM: should active during DOZE/WAIT/DBG mode + +From: Jason Chen + +commit c0d96aed8c6dd925afe9ea35491a0cd458642a86 upstream. + +Signed-off-by: Jason Chen +Signed-off-by: Sascha Hauer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/plat-mxc/pwm.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/arch/arm/plat-mxc/pwm.c ++++ b/arch/arm/plat-mxc/pwm.c +@@ -32,6 +32,9 @@ + #define MX3_PWMSAR 0x0C /* PWM Sample Register */ + #define MX3_PWMPR 0x10 /* PWM Period Register */ + #define MX3_PWMCR_PRESCALER(x) (((x - 1) & 0xFFF) << 4) ++#define MX3_PWMCR_DOZEEN (1 << 24) ++#define MX3_PWMCR_WAITEN (1 << 23) ++#define MX3_PWMCR_DBGEN (1 << 22) + #define MX3_PWMCR_CLKSRC_IPG_HIGH (2 << 16) + #define MX3_PWMCR_CLKSRC_IPG (1 << 16) + #define MX3_PWMCR_EN (1 << 0) +@@ -77,7 +80,9 @@ int pwm_config(struct pwm_device *pwm, i + writel(duty_cycles, pwm->mmio_base + MX3_PWMSAR); + writel(period_cycles, pwm->mmio_base + MX3_PWMPR); + +- cr = MX3_PWMCR_PRESCALER(prescale) | MX3_PWMCR_EN; ++ cr = MX3_PWMCR_PRESCALER(prescale) | ++ MX3_PWMCR_DOZEEN | MX3_PWMCR_WAITEN | ++ MX3_PWMCR_DBGEN | MX3_PWMCR_EN; + + if (cpu_is_mx25()) + cr |= MX3_PWMCR_CLKSRC_IPG; diff --git a/queue-3.0/percpu-fix-per_cpu_ptr_to_phys-handling-of-non-page-aligned-addresses.patch b/queue-3.0/percpu-fix-per_cpu_ptr_to_phys-handling-of-non-page-aligned-addresses.patch new file mode 100644 index 00000000000..0b7bd59c8bf --- /dev/null +++ b/queue-3.0/percpu-fix-per_cpu_ptr_to_phys-handling-of-non-page-aligned-addresses.patch @@ -0,0 +1,71 @@ +From 9f57bd4d6dc69a4e3bf43044fa00fcd24dd363e3 Mon Sep 17 00:00:00 2001 +From: Eugene Surovegin +Date: Thu, 15 Dec 2011 11:25:59 -0800 +Subject: percpu: fix per_cpu_ptr_to_phys() handling of non-page-aligned addresses + +From: Eugene Surovegin + +commit 9f57bd4d6dc69a4e3bf43044fa00fcd24dd363e3 upstream. + +per_cpu_ptr_to_phys() incorrectly rounds up its result for non-kmalloc +case to the page boundary, which is bogus for any non-page-aligned +address. + +This affects the only in-tree user of this function - sysfs handler +for per-cpu 'crash_notes' physical address. The trouble is that the +crash_notes per-cpu variable is not page-aligned: + +crash_notes = 0xc08e8ed4 +PER-CPU OFFSET VALUES: + CPU 0: 3711f000 + CPU 1: 37129000 + CPU 2: 37133000 + CPU 3: 3713d000 + +So, the per-cpu addresses are: + crash_notes on CPU 0: f7a07ed4 => phys 36b57ed4 + crash_notes on CPU 1: f7a11ed4 => phys 36b4ded4 + crash_notes on CPU 2: f7a1bed4 => phys 36b43ed4 + crash_notes on CPU 3: f7a25ed4 => phys 36b39ed4 + +However, /sys/devices/system/cpu/cpu*/crash_notes says: + /sys/devices/system/cpu/cpu0/crash_notes: 36b57000 + /sys/devices/system/cpu/cpu1/crash_notes: 36b4d000 + /sys/devices/system/cpu/cpu2/crash_notes: 36b43000 + /sys/devices/system/cpu/cpu3/crash_notes: 36b39000 + +As you can see, all values are rounded down to a page +boundary. Consequently, this is where kexec sets up the NOTE segments, +and thus where the secondary kernel is looking for them. However, when +the first kernel crashes, it saves the notes to the unaligned +addresses, where they are not found. + +Fix it by adding offset_in_page() to the translated page address. + +-tj: Combined Eugene's and Petr's commit messages. + +Signed-off-by: Eugene Surovegin +Signed-off-by: Tejun Heo +Reported-by: Petr Tesarik +Signed-off-by: Greg Kroah-Hartman + +--- + mm/percpu.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/mm/percpu.c ++++ b/mm/percpu.c +@@ -1011,9 +1011,11 @@ phys_addr_t per_cpu_ptr_to_phys(void *ad + if (!is_vmalloc_addr(addr)) + return __pa(addr); + else +- return page_to_phys(vmalloc_to_page(addr)); ++ return page_to_phys(vmalloc_to_page(addr)) + ++ offset_in_page(addr); + } else +- return page_to_phys(pcpu_addr_to_page(addr)); ++ return page_to_phys(pcpu_addr_to_page(addr)) + ++ offset_in_page(addr); + } + + /** diff --git a/queue-3.0/scsi-fcoe-fix-preempt-count-leak-in-fcoe_filter_frames.patch b/queue-3.0/scsi-fcoe-fix-preempt-count-leak-in-fcoe_filter_frames.patch new file mode 100644 index 00000000000..502f17d85f7 --- /dev/null +++ b/queue-3.0/scsi-fcoe-fix-preempt-count-leak-in-fcoe_filter_frames.patch @@ -0,0 +1,30 @@ +From 7e1e7ead88dff75b11b86ee0d5232c4591be1326 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Fri, 11 Nov 2011 20:52:01 +0100 +Subject: SCSI: fcoe: Fix preempt count leak in fcoe_filter_frames() + +From: Thomas Gleixner + +commit 7e1e7ead88dff75b11b86ee0d5232c4591be1326 upstream. + +The error exit path leaks preempt count. Add the missing put_cpu(). + +Signed-off-by: Thomas Gleixner +Reviewed-by: Yi Zou +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/fcoe/fcoe.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/fcoe/fcoe.c ++++ b/drivers/scsi/fcoe/fcoe.c +@@ -1561,6 +1561,7 @@ static inline int fcoe_filter_frames(str + stats->InvalidCRCCount++; + if (stats->InvalidCRCCount < 5) + printk(KERN_WARNING "fcoe: dropping frame with CRC error\n"); ++ put_cpu(); + return -EINVAL; + } + diff --git a/queue-3.0/scsi-mpt2sas-_scsih_smart_predicted_fault-uses-gfp_kernel-in-interrupt-context.patch b/queue-3.0/scsi-mpt2sas-_scsih_smart_predicted_fault-uses-gfp_kernel-in-interrupt-context.patch new file mode 100644 index 00000000000..6ffeb5f6ab2 --- /dev/null +++ b/queue-3.0/scsi-mpt2sas-_scsih_smart_predicted_fault-uses-gfp_kernel-in-interrupt-context.patch @@ -0,0 +1,31 @@ +From f6a290b419a2675c4b77a6b0731cd2a64332365e Mon Sep 17 00:00:00 2001 +From: Anton Blanchard +Date: Mon, 7 Nov 2011 22:05:21 +1100 +Subject: SCSI: mpt2sas: _scsih_smart_predicted_fault uses GFP_KERNEL in interrupt context + +From: Anton Blanchard + +commit f6a290b419a2675c4b77a6b0731cd2a64332365e upstream. + +_scsih_smart_predicted_fault is called in an interrupt and therefore +must allocate memory using GFP_ATOMIC. + +Signed-off-by: Anton Blanchard +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/mpt2sas/mpt2sas_scsih.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c ++++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c +@@ -4145,7 +4145,7 @@ _scsih_smart_predicted_fault(struct MPT2 + /* insert into event log */ + sz = offsetof(Mpi2EventNotificationReply_t, EventData) + + sizeof(Mpi2EventDataSasDeviceStatusChange_t); +- event_reply = kzalloc(sz, GFP_KERNEL); ++ event_reply = kzalloc(sz, GFP_ATOMIC); + if (!event_reply) { + printk(MPT2SAS_ERR_FMT "failure at %s:%d/%s()!\n", + ioc->name, __FILE__, __LINE__, __func__); diff --git a/queue-3.0/scsi-zfcp-return-early-from-slave_destroy-if-slave_alloc-returned-early.patch b/queue-3.0/scsi-zfcp-return-early-from-slave_destroy-if-slave_alloc-returned-early.patch new file mode 100644 index 00000000000..934492113b7 --- /dev/null +++ b/queue-3.0/scsi-zfcp-return-early-from-slave_destroy-if-slave_alloc-returned-early.patch @@ -0,0 +1,43 @@ +From 44f747fff6e9f027a4866c1a6864e26ae7c510c8 Mon Sep 17 00:00:00 2001 +From: Steffen Maier +Date: Fri, 18 Nov 2011 20:00:40 +0100 +Subject: SCSI: zfcp: return early from slave_destroy if slave_alloc returned early + +From: Steffen Maier + +commit 44f747fff6e9f027a4866c1a6864e26ae7c510c8 upstream. + +zfcp_scsi_slave_destroy erroneously always tried to finish its task +even if the corresponding previous zfcp_scsi_slave_alloc returned +early. This can lead to kernel page faults on accessing uninitialized +fields of struct zfcp_scsi_dev in zfcp_erp_lun_shutdown_wait. Take the +port field of the struct to determine if slave_alloc returned early. + +This zfcp bug is exposed by 4e6c82b (in turn fixing f7c9c6b to be +compatible with 21208ae) which can call slave_destroy for a +corresponding previous slave_alloc that did not finish. + +This patch is based on James Bottomley's fix suggestion in +http://www.spinics.net/lists/linux-scsi/msg55449.html. + +Signed-off-by: Steffen Maier +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/scsi/zfcp_scsi.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/s390/scsi/zfcp_scsi.c ++++ b/drivers/s390/scsi/zfcp_scsi.c +@@ -57,6 +57,10 @@ static void zfcp_scsi_slave_destroy(stru + { + struct zfcp_scsi_dev *zfcp_sdev = sdev_to_zfcp(sdev); + ++ /* if previous slave_alloc returned early, there is nothing to do */ ++ if (!zfcp_sdev->port) ++ return; ++ + zfcp_erp_lun_shutdown_wait(sdev, "scssd_1"); + put_device(&zfcp_sdev->port->dev); + } diff --git a/queue-3.0/series b/queue-3.0/series index 179d5b5eda9..6afa790749e 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -5,3 +5,13 @@ rtc-m41t80-workaround-broken-alarm-functionality.patch drm-i915-prevent-division-by-zero-when-asking-for-chipset-power.patch cfq-iosched-free-cic_index-if-blkio_alloc_blkg_stats-fails.patch cfq-iosched-fix-cfq_cic_link-race-confition.patch +scsi-zfcp-return-early-from-slave_destroy-if-slave_alloc-returned-early.patch +scsi-mpt2sas-_scsih_smart_predicted_fault-uses-gfp_kernel-in-interrupt-context.patch +scsi-fcoe-fix-preempt-count-leak-in-fcoe_filter_frames.patch +mac80211-fix-another-race-in-aggregation-start.patch +block-initialize-request_queue-s-numa-node-during.patch +ssb-fix-init-regression-with-socs.patch +mxc-pwm-should-active-during-doze-wait-dbg-mode.patch +input-synaptics-fix-touchpad-not-working-after-s2r-on-vostro-v13.patch +percpu-fix-per_cpu_ptr_to_phys-handling-of-non-page-aligned-addresses.patch +binary_sysctl-fix-memory-leak.patch diff --git a/queue-3.0/ssb-fix-init-regression-with-socs.patch b/queue-3.0/ssb-fix-init-regression-with-socs.patch new file mode 100644 index 00000000000..2b38384052e --- /dev/null +++ b/queue-3.0/ssb-fix-init-regression-with-socs.patch @@ -0,0 +1,58 @@ +From 329456d1ffb416c220813725b7363cda9975c9aa Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Mon, 5 Dec 2011 23:19:51 +0100 +Subject: ssb: fix init regression with SoCs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hauke Mehrtens + +commit 329456d1ffb416c220813725b7363cda9975c9aa upstream. + +This fixes a Data bus error on some SoCs. The first fix for this +problem did not solve it on all devices. + commit 6ae8ec27868bfdbb815287bee8146acbefaee867 + Author: Rafał Miłecki + Date: Tue Jul 5 17:25:32 2011 +0200 + ssb: fix init regression of hostmode PCI core + +In ssb_pcicore_fix_sprom_core_index() the sprom on the PCI core is +accessed, but the sprom only exists when the ssb bus is connected over +a PCI bus to the rest of the system and not when the SSB Bus is the +main system bus. SoCs sometimes have a PCI host controller and there +this code will not be executed, but there are some old SoCs with an PCI +controller in client mode around and ssb_pcicore_fix_sprom_core_index() +should not be called on these devices too. The PCI controller on these +devices are unused, but without this fix it results in an Data bus +error when it gets initialized. + +Cc: Michael Buesch +Cc: Rafał Miłecki +Signed-off-by: Hauke Mehrtens +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ssb/driver_pcicore.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/ssb/driver_pcicore.c ++++ b/drivers/ssb/driver_pcicore.c +@@ -516,10 +516,14 @@ static void ssb_pcicore_pcie_setup_worka + + static void ssb_pcicore_init_clientmode(struct ssb_pcicore *pc) + { +- ssb_pcicore_fix_sprom_core_index(pc); ++ struct ssb_device *pdev = pc->dev; ++ struct ssb_bus *bus = pdev->bus; ++ ++ if (bus->bustype == SSB_BUSTYPE_PCI) ++ ssb_pcicore_fix_sprom_core_index(pc); + + /* Disable PCI interrupts. */ +- ssb_write32(pc->dev, SSB_INTVEC, 0); ++ ssb_write32(pdev, SSB_INTVEC, 0); + + /* Additional PCIe always once-executed workarounds */ + if (pc->dev->id.coreid == SSB_DEV_PCIE) {