From: Greg Kroah-Hartman Date: Mon, 14 Oct 2013 21:01:06 +0000 (-0700) Subject: 3.4-stable patches X-Git-Tag: v3.10.17~25 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=97355af283c3b9cca8e45130fe25e524c2d94174;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: alsa-hda-add-fixup-for-asus-n56vz.patch alsa-snd-usb-usx2y-remove-bogus-frame-checks.patch ext4-fix-memory-leak-in-xattr.patch kvm-ppc-book3s-hv-fix-typo-in-saving-dscr.patch parisc-fix-interruption-handler-to-respect-pagefault_disable.patch random-run-random_int_secret_init-run-after-all-late_initcalls.patch vfs-allow-o_path-file-descriptors-for-fstatfs.patch --- diff --git a/queue-3.4/alsa-hda-add-fixup-for-asus-n56vz.patch b/queue-3.4/alsa-hda-add-fixup-for-asus-n56vz.patch new file mode 100644 index 00000000000..9022e671cec --- /dev/null +++ b/queue-3.4/alsa-hda-add-fixup-for-asus-n56vz.patch @@ -0,0 +1,30 @@ +From c6cc3d58b4042f5cadae653ff8d3df26af1a0169 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 8 Oct 2013 19:57:50 +0200 +Subject: ALSA: hda - Add fixup for ASUS N56VZ + +From: Takashi Iwai + +commit c6cc3d58b4042f5cadae653ff8d3df26af1a0169 upstream. + +ASUS N56VZ needs a fixup for the bass speaker pin, which was already +provided via model=asus-mode4. + +Bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=841645 +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6832,6 +6832,7 @@ static const struct snd_pci_quirk alc662 + SND_PCI_QUIRK(0x1025, 0x031c, "Gateway NV79", ALC662_FIXUP_SKU_IGNORE), + SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE), + SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800), ++ SND_PCI_QUIRK(0x1043, 0x1477, "ASUS N56VZ", ALC662_FIXUP_ASUS_MODE4), + SND_PCI_QUIRK(0x1043, 0x8469, "ASUS mobo", ALC662_FIXUP_NO_JACK_DETECT), + SND_PCI_QUIRK(0x105b, 0x0cd6, "Foxconn", ALC662_FIXUP_ASUS_MODE2), + SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD), diff --git a/queue-3.4/alsa-snd-usb-usx2y-remove-bogus-frame-checks.patch b/queue-3.4/alsa-snd-usb-usx2y-remove-bogus-frame-checks.patch new file mode 100644 index 00000000000..20ce7a22b91 --- /dev/null +++ b/queue-3.4/alsa-snd-usb-usx2y-remove-bogus-frame-checks.patch @@ -0,0 +1,84 @@ +From a9d14bc0b188a822e42787d01e56c06fe9750162 Mon Sep 17 00:00:00 2001 +From: Daniel Mack +Date: Wed, 2 Oct 2013 17:49:50 +0200 +Subject: ALSA: snd-usb-usx2y: remove bogus frame checks + +From: Daniel Mack + +commit a9d14bc0b188a822e42787d01e56c06fe9750162 upstream. + +The frame check in i_usX2Y_urb_complete() and +i_usX2Y_usbpcm_urb_complete() is bogus and produces false positives as +described in this LAU thread: + + http://linuxaudio.org/mailarchive/lau/2013/5/20/200177 + +This patch removes the check code entirely. + +Cc: fzu@wemgehoertderstaat.de +Reported-by: Dr Nicholas J Bailey +Suggested-by: Takashi Iwai +Signed-off-by: Daniel Mack +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/usx2y/usbusx2yaudio.c | 22 +++------------------- + sound/usb/usx2y/usx2yhwdeppcm.c | 7 +------ + 2 files changed, 4 insertions(+), 25 deletions(-) + +--- a/sound/usb/usx2y/usbusx2yaudio.c ++++ b/sound/usb/usx2y/usbusx2yaudio.c +@@ -295,19 +295,6 @@ static void usX2Y_error_urb_status(struc + usX2Y_clients_stop(usX2Y); + } + +-static void usX2Y_error_sequence(struct usX2Ydev *usX2Y, +- struct snd_usX2Y_substream *subs, struct urb *urb) +-{ +- snd_printk(KERN_ERR +-"Sequence Error!(hcd_frame=%i ep=%i%s;wait=%i,frame=%i).\n" +-"Most probably some urb of usb-frame %i is still missing.\n" +-"Cause could be too long delays in usb-hcd interrupt handling.\n", +- usb_get_current_frame_number(usX2Y->dev), +- subs->endpoint, usb_pipein(urb->pipe) ? "in" : "out", +- usX2Y->wait_iso_frame, urb->start_frame, usX2Y->wait_iso_frame); +- usX2Y_clients_stop(usX2Y); +-} +- + static void i_usX2Y_urb_complete(struct urb *urb) + { + struct snd_usX2Y_substream *subs = urb->context; +@@ -324,12 +311,9 @@ static void i_usX2Y_urb_complete(struct + usX2Y_error_urb_status(usX2Y, subs, urb); + return; + } +- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF))) +- subs->completed_urb = urb; +- else { +- usX2Y_error_sequence(usX2Y, subs, urb); +- return; +- } ++ ++ subs->completed_urb = urb; ++ + { + struct snd_usX2Y_substream *capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE], + *playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK]; +--- a/sound/usb/usx2y/usx2yhwdeppcm.c ++++ b/sound/usb/usx2y/usx2yhwdeppcm.c +@@ -244,13 +244,8 @@ static void i_usX2Y_usbpcm_urb_complete( + usX2Y_error_urb_status(usX2Y, subs, urb); + return; + } +- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF))) +- subs->completed_urb = urb; +- else { +- usX2Y_error_sequence(usX2Y, subs, urb); +- return; +- } + ++ subs->completed_urb = urb; + capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE]; + capsubs2 = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE + 2]; + playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK]; diff --git a/queue-3.4/ext4-fix-memory-leak-in-xattr.patch b/queue-3.4/ext4-fix-memory-leak-in-xattr.patch new file mode 100644 index 00000000000..2945dc77fee --- /dev/null +++ b/queue-3.4/ext4-fix-memory-leak-in-xattr.patch @@ -0,0 +1,41 @@ +From 6e4ea8e33b2057b85d75175dd89b93f5e26de3bc Mon Sep 17 00:00:00 2001 +From: Dave Jones +Date: Thu, 10 Oct 2013 20:05:35 -0400 +Subject: ext4: fix memory leak in xattr + +From: Dave Jones + +commit 6e4ea8e33b2057b85d75175dd89b93f5e26de3bc upstream. + +If we take the 2nd retry path in ext4_expand_extra_isize_ea, we +potentionally return from the function without having freed these +allocations. If we don't do the return, we over-write the previous +allocation pointers, so we leak either way. + +Spotted with Coverity. + +[ Fixed by tytso to set is and bs to NULL after freeing these + pointers, in case in the retry loop we later end up triggering an + error causing a jump to cleanup, at which point we could have a double + free bug. -- Ted ] + +Signed-off-by: Dave Jones +Signed-off-by: "Theodore Ts'o" +Reviewed-by: Eric Sandeen +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/xattr.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -1268,6 +1268,8 @@ retry: + s_min_extra_isize) { + tried_min_extra_isize++; + new_extra_isize = s_min_extra_isize; ++ kfree(is); is = NULL; ++ kfree(bs); bs = NULL; + goto retry; + } + error = -1; diff --git a/queue-3.4/kvm-ppc-book3s-hv-fix-typo-in-saving-dscr.patch b/queue-3.4/kvm-ppc-book3s-hv-fix-typo-in-saving-dscr.patch new file mode 100644 index 00000000000..535622a8944 --- /dev/null +++ b/queue-3.4/kvm-ppc-book3s-hv-fix-typo-in-saving-dscr.patch @@ -0,0 +1,35 @@ +From cfc860253abd73e1681696c08ea268d33285a2c4 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Sat, 21 Sep 2013 09:53:28 +1000 +Subject: KVM: PPC: Book3S HV: Fix typo in saving DSCR + +From: Paul Mackerras + +commit cfc860253abd73e1681696c08ea268d33285a2c4 upstream. + +This fixes a typo in the code that saves the guest DSCR (Data Stream +Control Register) into the kvm_vcpu_arch struct on guest exit. The +effect of the typo was that the DSCR value was saved in the wrong place, +so changes to the DSCR by the guest didn't persist across guest exit +and entry, and some host kernel memory got corrupted. + +Signed-off-by: Paul Mackerras +Acked-by: Alexander Graf +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S ++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S +@@ -935,7 +935,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206) + BEGIN_FTR_SECTION + mfspr r8, SPRN_DSCR + ld r7, HSTATE_DSCR(r13) +- std r8, VCPU_DSCR(r7) ++ std r8, VCPU_DSCR(r9) + mtspr SPRN_DSCR, r7 + END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206) + diff --git a/queue-3.4/parisc-fix-interruption-handler-to-respect-pagefault_disable.patch b/queue-3.4/parisc-fix-interruption-handler-to-respect-pagefault_disable.patch new file mode 100644 index 00000000000..2248418179e --- /dev/null +++ b/queue-3.4/parisc-fix-interruption-handler-to-respect-pagefault_disable.patch @@ -0,0 +1,55 @@ +From 59b33f148cc08fb33cbe823fca1e34f7f023765e Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Tue, 1 Oct 2013 21:54:46 +0200 +Subject: parisc: fix interruption handler to respect pagefault_disable() + +From: Helge Deller + +commit 59b33f148cc08fb33cbe823fca1e34f7f023765e upstream. + +Running an "echo t > /proc/sysrq-trigger" crashes the parisc kernel. The +problem is, that in print_worker_info() we try to read the workqueue info via +the probe_kernel_read() functions which use pagefault_disable() to avoid +crashes like this: + probe_kernel_read(&pwq, &worker->current_pwq, sizeof(pwq)); + probe_kernel_read(&wq, &pwq->wq, sizeof(wq)); + probe_kernel_read(name, wq->name, sizeof(name) - 1); + +The problem here is, that the first probe_kernel_read(&pwq) might return zero +in pwq and as such the following probe_kernel_reads() try to access contents of +the page zero which is read protected and generate a kernel segfault. + +With this patch we fix the interruption handler to call parisc_terminate() +directly only if pagefault_disable() was not called (in which case +preempt_count()==0). Otherwise we hand over to the pagefault handler which +will try to look up the faulting address in the fixup tables. + +Signed-off-by: Helge Deller +Signed-off-by: John David Anglin +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/traps.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/parisc/kernel/traps.c ++++ b/arch/parisc/kernel/traps.c +@@ -810,14 +810,14 @@ void notrace handle_interruption(int cod + else { + + /* +- * The kernel should never fault on its own address space. ++ * The kernel should never fault on its own address space, ++ * unless pagefault_disable() was called before. + */ + +- if (fault_space == 0) ++ if (fault_space == 0 && !in_atomic()) + { + pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC); + parisc_terminate("Kernel Fault", regs, code, fault_address); +- + } + } + diff --git a/queue-3.4/random-run-random_int_secret_init-run-after-all-late_initcalls.patch b/queue-3.4/random-run-random_int_secret_init-run-after-all-late_initcalls.patch new file mode 100644 index 00000000000..28d04f56d6f --- /dev/null +++ b/queue-3.4/random-run-random_int_secret_init-run-after-all-late_initcalls.patch @@ -0,0 +1,67 @@ +From 47d06e532e95b71c0db3839ebdef3fe8812fca2c Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Tue, 10 Sep 2013 10:52:35 -0400 +Subject: random: run random_int_secret_init() run after all late_initcalls + +From: Theodore Ts'o + +commit 47d06e532e95b71c0db3839ebdef3fe8812fca2c upstream. + +The some platforms (e.g., ARM) initializes their clocks as +late_initcalls for some unknown reason. So make sure +random_int_secret_init() is run after all of the late_initcalls are +run. + +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 3 +-- + include/linux/random.h | 1 + + init/main.c | 2 ++ + 3 files changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -1435,12 +1435,11 @@ ctl_table random_table[] = { + + static u32 random_int_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned; + +-static int __init random_int_secret_init(void) ++int random_int_secret_init(void) + { + get_random_bytes(random_int_secret, sizeof(random_int_secret)); + return 0; + } +-late_initcall(random_int_secret_init); + + /* + * Get a random word for internal kernel use only. Similar to urandom but +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -56,6 +56,7 @@ extern void add_interrupt_randomness(int + extern void get_random_bytes(void *buf, int nbytes); + extern void get_random_bytes_arch(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); ++extern int random_int_secret_init(void); + + #ifndef MODULE + extern const struct file_operations random_fops, urandom_fops; +--- a/init/main.c ++++ b/init/main.c +@@ -68,6 +68,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -779,6 +780,7 @@ static void __init do_basic_setup(void) + do_ctors(); + usermodehelper_enable(); + do_initcalls(); ++ random_int_secret_init(); + } + + static void __init do_pre_smp_initcalls(void) diff --git a/queue-3.4/series b/queue-3.4/series new file mode 100644 index 00000000000..9bd025d6fc9 --- /dev/null +++ b/queue-3.4/series @@ -0,0 +1,7 @@ +alsa-snd-usb-usx2y-remove-bogus-frame-checks.patch +alsa-hda-add-fixup-for-asus-n56vz.patch +random-run-random_int_secret_init-run-after-all-late_initcalls.patch +vfs-allow-o_path-file-descriptors-for-fstatfs.patch +ext4-fix-memory-leak-in-xattr.patch +kvm-ppc-book3s-hv-fix-typo-in-saving-dscr.patch +parisc-fix-interruption-handler-to-respect-pagefault_disable.patch diff --git a/queue-3.4/vfs-allow-o_path-file-descriptors-for-fstatfs.patch b/queue-3.4/vfs-allow-o_path-file-descriptors-for-fstatfs.patch new file mode 100644 index 00000000000..23c49b2aade --- /dev/null +++ b/queue-3.4/vfs-allow-o_path-file-descriptors-for-fstatfs.patch @@ -0,0 +1,37 @@ +From 9d05746e7b16d8565dddbe3200faa1e669d23bbf Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Mon, 30 Sep 2013 08:35:10 -0700 +Subject: vfs: allow O_PATH file descriptors for fstatfs() + +From: Linus Torvalds + +commit 9d05746e7b16d8565dddbe3200faa1e669d23bbf upstream. + +Olga reported that file descriptors opened with O_PATH do not work with +fstatfs(), found during further development of ksh93's thread support. + +There is no reason to not allow O_PATH file descriptors here (fstatfs is +very much a path operation), so use "fdget_raw()". See commit +55815f70147d ("vfs: make O_PATH file descriptors usable for 'fstat()'") +for a very similar issue reported for fstat() by the same team. + +Reported-and-tested-by: ольга крыжановская +Acked-by: Al Viro +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/statfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/statfs.c ++++ b/fs/statfs.c +@@ -87,7 +87,7 @@ int user_statfs(const char __user *pathn + + int fd_statfs(int fd, struct kstatfs *st) + { +- struct file *file = fget(fd); ++ struct file *file = fget_raw(fd); + int error = -EBADF; + if (file) { + error = vfs_statfs(&file->f_path, st);