From: Greg Kroah-Hartman Date: Fri, 16 Mar 2007 23:09:10 +0000 (-0700) Subject: patches added to the queue X-Git-Tag: v2.6.20.4~9 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=81ae0e0374b4b2d46acda2f86fac7166a45cf890;p=thirdparty%2Fkernel%2Fstable-queue.git patches added to the queue --- diff --git a/queue-2.6.20/ehci-add-delay-to-bus_resume-before-accessing-ports.patch b/queue-2.6.20/ehci-add-delay-to-bus_resume-before-accessing-ports.patch new file mode 100644 index 00000000000..df89bbedaba --- /dev/null +++ b/queue-2.6.20/ehci-add-delay-to-bus_resume-before-accessing-ports.patch @@ -0,0 +1,34 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 06:35:53 2007 +From: Alan Stern +Date: Fri, 16 Mar 2007 09:34:29 -0400 (EDT) +Subject: EHCI: add delay to bus_resume before accessing ports +To: stable@kernel.org +Message-ID: + +From: Alan Stern + +This patch (as870) adds a delay to ehci-hcd's bus_resume routine. +Apparently there are controllers and/or BIOSes out there which need +such a delay to get the ports back into their correct state. This +fixes Bugzilla #8190. + +Signed-off-by: Alan Stern +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/ehci-hub.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/usb/host/ehci-hub.c ++++ b/drivers/usb/host/ehci-hub.c +@@ -134,6 +134,10 @@ static int ehci_bus_resume (struct usb_h + /* restore CMD_RUN, framelist size, and irq threshold */ + writel (ehci->command, &ehci->regs->command); + ++ /* Some controller/firmware combinations need a delay during which ++ * they set up the port statuses. See Bugzilla #8190. */ ++ mdelay(8); ++ + /* manually resume the ports we suspended during bus_suspend() */ + i = HCS_N_PORTS (ehci->hcs_params); + while (i--) { diff --git a/queue-2.6.20/fix-mtime_sec_max-on-32-bit.patch b/queue-2.6.20/fix-mtime_sec_max-on-32-bit.patch new file mode 100644 index 00000000000..3e082f69fce --- /dev/null +++ b/queue-2.6.20/fix-mtime_sec_max-on-32-bit.patch @@ -0,0 +1,35 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 15:17:28 2007 +From: Thomas Gleixner +Date: Fri, 16 Mar 2007 14:15:57 -0800 +Subject: fix MTIME_SEC_MAX on 32-bit +To: torvalds@linux-foundation.org +Cc: akpm@linux-foundation.org, mingo@elte.hu, tglx@linutronix.de, stable@kernel.org +Message-ID: <200703162215.l2GMFwJt023098@shell0.pdx.osdl.net> + +From: Thomas Gleixner + +The maximum seconds value we can handle on 32bit is LONG_MAX. + +Cc: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/ktime.h | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/include/linux/ktime.h ++++ b/include/linux/ktime.h +@@ -57,7 +57,11 @@ typedef union { + } ktime_t; + + #define KTIME_MAX ((s64)~((u64)1 << 63)) +-#define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC) ++#if (BITS_PER_LONG == 64) ++# define KTIME_SEC_MAX (KTIME_MAX / NSEC_PER_SEC) ++#else ++# define KTIME_SEC_MAX LONG_MAX ++#endif + + /* + * ktime_t definitions when using the 64-bit scalar representation: diff --git a/queue-2.6.20/futex-pi-state-locking-fix.patch b/queue-2.6.20/futex-pi-state-locking-fix.patch new file mode 100644 index 00000000000..4cc5edaa40c --- /dev/null +++ b/queue-2.6.20/futex-pi-state-locking-fix.patch @@ -0,0 +1,41 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 14:40:22 2007 +From: Ingo Molnar +Date: Fri, 16 Mar 2007 13:38:31 -0800 +Subject: futex: PI state locking fix +To: torvalds@linux-foundation.org +Cc: akpm@linux-foundation.org, tglx@linutronix.de, mingo@elte.hu, cebbert@redhat.com, stable@kernel.org +Message-ID: <200703162138.l2GLcWjm022407@shell0.pdx.osdl.net> + +From: Ingo Molnar + +Testing of -rt by IBM uncovered a locking bug in wake_futex_pi(): the PI +state needs to be locked before we access it. + +Signed-off-by: Ingo Molnar +Acked-by: Thomas Gleixner +Cc: Chuck Ebbert +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/futex.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -565,6 +565,7 @@ static int wake_futex_pi(u32 __user *uad + if (!pi_state) + return -EINVAL; + ++ spin_lock(&pi_state->pi_mutex.wait_lock); + new_owner = rt_mutex_next_owner(&pi_state->pi_mutex); + + /* +@@ -604,6 +605,7 @@ static int wake_futex_pi(u32 __user *uad + pi_state->owner = new_owner; + spin_unlock_irq(&new_owner->pi_lock); + ++ spin_unlock(&pi_state->pi_mutex.wait_lock); + rt_mutex_unlock(&pi_state->pi_mutex); + + return 0; diff --git a/queue-2.6.20/hrtimer-prevent-overrun-dos-in-hrtimer_forward.patch b/queue-2.6.20/hrtimer-prevent-overrun-dos-in-hrtimer_forward.patch new file mode 100644 index 00000000000..00c7f1587d0 --- /dev/null +++ b/queue-2.6.20/hrtimer-prevent-overrun-dos-in-hrtimer_forward.patch @@ -0,0 +1,44 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 14:40:41 2007 +From: Thomas Gleixner +Date: Fri, 16 Mar 2007 13:38:20 -0800 +Subject: hrtimer: prevent overrun DoS in hrtimer_forward() +To: torvalds@linux-foundation.org +Cc: akpm@linux-foundation.org, mingo@elte.hu, tglx@linutronix.de, stable@kernel.org +Message-ID: <200703162138.l2GLcKVR022355@shell0.pdx.osdl.net> + + +From: Thomas Gleixner + +hrtimer_forward() does not check for the possible overflow of +timer->expires. This can happen on 64 bit machines with large interval +values and results currently in an endless loop in the softirq because the +expiry value becomes negative and therefor the timer is expired all the +time. + +Check for this condition and set the expiry value to the max. expiry time +in the future. The fix should be applied to stable kernel series as well. + +Signed-off-by: Thomas Gleixner +Acked-by: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/hrtimer.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/kernel/hrtimer.c ++++ b/kernel/hrtimer.c +@@ -332,6 +332,12 @@ hrtimer_forward(struct hrtimer *timer, k + orun++; + } + timer->expires = ktime_add(timer->expires, interval); ++ /* ++ * Make sure, that the result did not wrap with a very large ++ * interval. ++ */ ++ if (timer->expires.tv64 < 0) ++ timer->expires = ktime_set(KTIME_SEC_MAX, 0); + + return orun; + } diff --git a/queue-2.6.20/initialise-pi_lock-if-config_rt_mutexes-n.patch b/queue-2.6.20/initialise-pi_lock-if-config_rt_mutexes-n.patch new file mode 100644 index 00000000000..64c70738bee --- /dev/null +++ b/queue-2.6.20/initialise-pi_lock-if-config_rt_mutexes-n.patch @@ -0,0 +1,33 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 14:40:07 2007 +From: Zilvinas Valinskas +Date: Fri, 16 Mar 2007 13:38:34 -0800 +Subject: initialise pi_lock if CONFIG_RT_MUTEXES=N +To: torvalds@linux-foundation.org +Cc: akpm@linux-foundation.org, mingo@elte.hu, zilvinas@wilibox.com, stable@kernel.org +Message-ID: <200703162138.l2GLcYcI022419@shell0.pdx.osdl.net> + + +From: Zilvinas Valinskas + +Fixes a bogus lockdep warning which causes lockdep to disable itself. + +Acked-by: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/fork.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -933,8 +933,8 @@ asmlinkage long sys_set_tid_address(int + + static inline void rt_mutex_init_task(struct task_struct *p) + { +-#ifdef CONFIG_RT_MUTEXES + spin_lock_init(&p->pi_lock); ++#ifdef CONFIG_RT_MUTEXES + plist_head_init(&p->pi_waiters, &p->pi_lock); + p->pi_blocked_on = NULL; + #endif diff --git a/queue-2.6.20/initialise-sak-member-for-each-virtual-console-to-prevent-oops.patch b/queue-2.6.20/initialise-sak-member-for-each-virtual-console-to-prevent-oops.patch new file mode 100644 index 00000000000..67a85c6f17d --- /dev/null +++ b/queue-2.6.20/initialise-sak-member-for-each-virtual-console-to-prevent-oops.patch @@ -0,0 +1,77 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 14:39:59 2007 +From: Bernhard Walle +Date: Fri, 16 Mar 2007 13:38:30 -0800 +Subject: Initialise SAK member for each virtual console to prevent oops +To: torvalds@linux-foundation.org +Cc: stable@kernel.org, akpm@linux-foundation.org, bwalle@suse.de, ebiederm@xmission.com +Message-ID: <200703162138.l2GLcU8Y022399@shell0.pdx.osdl.net> + +From: Bernhard Walle + +Initialise the SAK member of the vc_cons variable on all virtual terminals, +not only the first one. This prevents an oops when trying Sysrq-C on e.g. +the second virtual terminal: + + kernel BUG at kernel/workqueue.c:212! + invalid opcode: 0000 [1] SMP + CPU 0 + Modules linked in: i915 drm deflate zlib_deflate twofish twofish_common serpent blowfish des ce + Pid: 0, comm: swapper Not tainted 2.6.21-rc3-default #15 + RIP: 0010:[] [] queue_work+0x32/0x51 + RSP: 0018:ffffffff805fada8 EFLAGS: 00010013 + RAX: ffffffff80683f38 RBX: ffffffff804ae700 RCX: 0000000000000000 + RDX: 0000000000000000 RSI: ffffffff80683f30 RDI: ffff81000134a840 + RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000002 + R10: ffffffff805990e0 R11: ffff810037f4c0f0 R12: 000000000000006b + R13: ffff81007aa23000 R14: 0000000000000001 R15: 0000000000000096 + FS: 0000000000000000(0000) GS:ffffffff804d8000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b + CR2: 00002b72026e9000 CR3: 0000000079175000 CR4: 00000000000006e0 + Process swapper (pid: 0, threadinfo ffffffff8059e000, task ffffffff80490840) + Stack: 0000000000000096 ffffffff803635db ffffffff805fadf8 0000000000000001 + ffff8100013c2e40 0000000000000025 ffff81007c931c00 ffff81007aa23000 + 0000000000000001 ffffffff8035e3ee 0000000000000092 ffff810037cc8000 + Call Trace: + [] __handle_sysrq+0x98/0x129 + [] kbd_event+0x32e/0x56a + [] input_event+0x422/0x44a + [] atkbd_interrupt+0x449/0x503 + [] serio_interrupt+0x37/0x6f + [] i8042_interrupt+0x1f4/0x20a + [] smp_send_timer_broadcast_ipi+0x2d/0x4e + [] handle_IRQ_event+0x25/0x53 + [] handle_edge_irq+0xe4/0x128 + [] call_softirq+0x1c/0x28 + [] do_IRQ+0x6c/0xd3 + [] mwait_idle+0x0/0x45 + [] ret_from_intr+0x0/0xa + [] datagram_poll+0x0/0xc8 + [] mwait_idle+0x42/0x45 + [] cpu_idle+0x8b/0xae + [] start_kernel+0x2b9/0x2c5 + [] _sinittext+0x15e/0x162 + + Code: 0f 0b eb fe 48 8b 07 48 63 d2 48 f7 d0 48 8b 3c d0 e8 13 ff + RIP [] queue_work+0x32/0x51 + RSP + Kernel panic - not syncing: Aiee, killing interrupt handler! + +Signed-off-by: Bernhard Walle +Acked-by: Eric Biederman +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/vt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/char/vt.c ++++ b/drivers/char/vt.c +@@ -727,6 +727,7 @@ int vc_allocate(unsigned int currcons) / + return -ENOMEM; + memset(vc, 0, sizeof(*vc)); + vc_cons[currcons].d = vc; ++ INIT_WORK(&vc_cons[currcons].SAK_work, vc_SAK); + visual_init(vc, currcons, 1); + if (!*vc->vc_uni_pagedir_loc) + con_set_default_unimap(vc); diff --git a/queue-2.6.20/mm-fix-madvise-infinine-loop.patch b/queue-2.6.20/mm-fix-madvise-infinine-loop.patch new file mode 100644 index 00000000000..f06c77e5e19 --- /dev/null +++ b/queue-2.6.20/mm-fix-madvise-infinine-loop.patch @@ -0,0 +1,48 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 14:39:36 2007 +From: Nick Piggin +Date: Fri, 16 Mar 2007 13:38:10 -0800 +Subject: mm: fix madvise infinine loop +Cc: npiggin@suse.de, hugh@veritas.com, akpm@linux-foundation.org, pbadari@us.ibm.com, stable@kernel.org +Message-ID: <200703162138.l2GLcAaG022320@shell0.pdx.osdl.net> + +From: Nick Piggin + +madvise(MADV_REMOVE) can go into an infinite loop or cause an oops if the +call covers a region from the start of a vma, and extending past that vma. + +Signed-off-by: Nick Piggin +Cc: Badari Pulavarty +Acked-by: Hugh Dickins +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + mm/madvise.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/mm/madvise.c ++++ b/mm/madvise.c +@@ -155,11 +155,14 @@ static long madvise_dontneed(struct vm_a + * Other filesystems return -ENOSYS. + */ + static long madvise_remove(struct vm_area_struct *vma, ++ struct vm_area_struct **prev, + unsigned long start, unsigned long end) + { + struct address_space *mapping; + loff_t offset, endoff; + ++ *prev = vma; ++ + if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB)) + return -EINVAL; + +@@ -199,7 +202,7 @@ madvise_vma(struct vm_area_struct *vma, + error = madvise_behavior(vma, prev, start, end, behavior); + break; + case MADV_REMOVE: +- error = madvise_remove(vma, start, end); ++ error = madvise_remove(vma, prev, start, end); + break; + + case MADV_WILLNEED: diff --git a/queue-2.6.20/nfs-nfs_getattr-can-t-call-nfs_sync_mapping_range-for-non-regular-files.patch b/queue-2.6.20/nfs-nfs_getattr-can-t-call-nfs_sync_mapping_range-for-non-regular-files.patch new file mode 100644 index 00000000000..5beb44256a6 --- /dev/null +++ b/queue-2.6.20/nfs-nfs_getattr-can-t-call-nfs_sync_mapping_range-for-non-regular-files.patch @@ -0,0 +1,37 @@ +From stable-bounces@linux.kernel.org Fri Mar 16 14:40:29 2007 +From: Trond Myklebust +Date: Fri, 16 Mar 2007 13:38:28 -0800 +Subject: nfs: nfs_getattr() can't call nfs_sync_mapping_range() for non-regular files +To: torvalds@linux-foundation.org +Cc: olof@lixom.net, akpm@linux-foundation.org, Trond.Myklebust@netapp.com, stable@kernel.org, trond.myklebust@fys.uio.no +Message-ID: <200703162138.l2GLcSBK022391@shell0.pdx.osdl.net> + + +From: Trond Myklebust + +Looks like we need a check in nfs_getattr() for a regular file. It makes +no sense to call nfs_sync_mapping_range() on anything else. I think that +should fix your problem: it will stop the NFS client from interfering +with dirty pages on that inode's mapping. + +Signed-off-by: Trond Myklebust +Acked-by: Olof Johansson +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/inode.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nfs/inode.c ++++ b/fs/nfs/inode.c +@@ -422,7 +422,8 @@ int nfs_getattr(struct vfsmount *mnt, st + int err; + + /* Flush out writes to the server in order to update c/mtime */ +- nfs_sync_mapping_range(inode->i_mapping, 0, 0, FLUSH_NOCOMMIT); ++ if (S_ISREG(inode->i_mode)) ++ nfs_sync_mapping_range(inode->i_mapping, 0, 0, FLUSH_NOCOMMIT); + + /* + * We may force a getattr if the user cares about atime. diff --git a/queue-2.6.20/series b/queue-2.6.20/series index 6839378bc41..600892a74c1 100644 --- a/queue-2.6.20/series +++ b/queue-2.6.20/series @@ -6,3 +6,11 @@ netlabel-cipso_std_bug netfilter-nfnetlink_log-fix-reference-counting.patch ia64-fix-null-pointer-in-ia64-irq_chip-mask-unmask-function.patch adjust-legacy-ide-resource-setting.patch +mm-fix-madvise-infinine-loop.patch +ehci-add-delay-to-bus_resume-before-accessing-ports.patch +initialise-sak-member-for-each-virtual-console-to-prevent-oops.patch +initialise-pi_lock-if-config_rt_mutexes-n.patch +futex-pi-state-locking-fix.patch +nfs-nfs_getattr-can-t-call-nfs_sync_mapping_range-for-non-regular-files.patch +hrtimer-prevent-overrun-dos-in-hrtimer_forward.patch +fix-mtime_sec_max-on-32-bit.patch