From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Tue, 10 Jan 2012 18:27:06 +0000 (-0800)
Subject: 3.1-stable patches
X-Git-Tag: v3.2.1~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=da4e459abee7fbda942fbba0cb1459984c419074;p=thirdparty%2Fkernel%2Fstable-queue.git

3.1-stable patches

added patches:
	scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
	usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
---

diff --git a/queue-3.1/scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch b/queue-3.1/scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
new file mode 100644
index 00000000000..89c179b99b8
--- /dev/null
+++ b/queue-3.1/scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
@@ -0,0 +1,31 @@
+From 9ae89b0296e275d5a556068b40b7c2557a556a85 Mon Sep 17 00:00:00 2001
+From: "kashyap.desai@lsi.com" <kashyap.desai@lsi.com>
+Date: Thu, 4 Aug 2011 16:47:50 +0530
+Subject: SCSI: mpt2sas: Added missing mpt2sas_base_detach call from scsih_remove context
+
+From: "kashyap.desai@lsi.com" <kashyap.desai@lsi.com>
+
+commit 9ae89b0296e275d5a556068b40b7c2557a556a85 upstream.
+
+mpt2sas_base_detach() call was removed from _scsih_remove() while
+doing some code shuffling.  Mainly when we work on adding code for
+scsih_shutdown().  I have added back mpt2sas_base_detach() which will
+get callled from _scsih_remove().
+
+Signed-off-by: Kashyap Desai <kashyap.desai@lsi.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+
+---
+ drivers/scsi/mpt2sas/mpt2sas_scsih.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c
++++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c
+@@ -7354,6 +7354,7 @@ _scsih_remove(struct pci_dev *pdev)
+ 	}
+ 
+ 	sas_remove_host(shost);
++	mpt2sas_base_detach(ioc);
+ 	list_del(&ioc->list);
+ 	scsi_remove_host(shost);
+ 	scsi_host_put(shost);
diff --git a/queue-3.1/series b/queue-3.1/series
index dc002c8f383..ac28edb8021 100644
--- a/queue-3.1/series
+++ b/queue-3.1/series
@@ -36,3 +36,5 @@ igmp-avoid-zero-delay-when-receiving-odd-mixture-of-igmp-queries.patch
 asix-fix-infinite-loop-in-rx_fixup.patch
 bonding-fix-error-handling-if-slave-is-busy-v2.patch
 pm-sleep-fix-race-between-cpu-hotplug-and-freezer.patch
+scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
+usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
diff --git a/queue-3.1/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch b/queue-3.1/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
new file mode 100644
index 00000000000..01c7191c1f7
--- /dev/null
+++ b/queue-3.1/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
@@ -0,0 +1,53 @@
+From thilo@ginkel.com  Tue Jan 10 10:21:14 2012
+From: Thilo-Alexander Ginkel <thilo@ginkel.com>
+Date: Sat, 17 Dec 2011 10:55:10 +0100
+Subject: usb: cdc-acm: Fix acm_tty_hangup() vs. acm_tty_close() race
+To: oliver@neukum.name, gregkh@suse.de
+Cc: jhovold@gmail.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, Thilo-Alexander Ginkel <thilo@ginkel.com>
+Message-ID: <1324115710-14756-1-git-send-email-thilo@ginkel.com>
+
+From: Thilo-Alexander Ginkel <thilo@ginkel.com>
+
+[Not upstream s it was fixed differently there for 3.3 with a much more
+"intrusive" rework of the driver - gregkh]
+
+There is a race condition involving acm_tty_hangup() and acm_tty_close()
+where hangup() would attempt to access tty->driver_data without proper
+locking and NULL checking after close() has potentially already set it
+to NULL.  One possibility to (sporadically) trigger this behavior is to
+perform a suspend/resume cycle with a running WWAN data connection.
+
+This patch addresses the issue by introducing a NULL check for
+tty->driver_data in acm_tty_hangup() protected by open_mutex and exiting
+gracefully when hangup() is invoked on a device that has already been
+closed.
+
+Signed-off-by: Thilo-Alexander Ginkel <thilo@ginkel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ drivers/usb/class/cdc-acm.c |   12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/drivers/usb/class/cdc-acm.c
++++ b/drivers/usb/class/cdc-acm.c
+@@ -554,10 +554,18 @@ static void acm_port_down(struct acm *ac
+ 
+ static void acm_tty_hangup(struct tty_struct *tty)
+ {
+-	struct acm *acm = tty->driver_data;
+-	tty_port_hangup(&acm->port);
++	struct acm *acm;
++
+ 	mutex_lock(&open_mutex);
++	acm = tty->driver_data;
++
++	if (!acm)
++		goto out;
++
++	tty_port_hangup(&acm->port);
+ 	acm_port_down(acm);
++
++out:
+ 	mutex_unlock(&open_mutex);
+ }
+