From: Greg Kroah-Hartman Date: Thu, 5 Jun 2014 03:48:47 +0000 (-0700) Subject: 3.4-stable patches X-Git-Tag: v3.14.6~12 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f9bdb982c3f4036271214bf21d05ea529af70c76;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: backlight-atmel-pwm-bl-fix-gpio-polarity-in-remove.patch can-sja1000-fix-pre-post-_irq-handling-and-irq-handler-return-value.patch crypto-s390-fix-aes-cbc-iv-corruption.patch crypto-s390-fix-aes-xts-parameter-corruption.patch mac80211-drop-spoofed-packets-in-ad-hoc-mode.patch mtd-m25p80-fix-allocation-size.patch net-add-net_ratelimited_function-and-net_-level-_ratelimited-macros.patch vgacon.c-add-cond-reschedule-points-in-vgacon_do_font_op.patch --- diff --git a/queue-3.4/backlight-atmel-pwm-bl-fix-gpio-polarity-in-remove.patch b/queue-3.4/backlight-atmel-pwm-bl-fix-gpio-polarity-in-remove.patch new file mode 100644 index 00000000000..54ed704adf0 --- /dev/null +++ b/queue-3.4/backlight-atmel-pwm-bl-fix-gpio-polarity-in-remove.patch @@ -0,0 +1,37 @@ +From fa01206912e5bc7c48e0a89d0da820062b018854 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Tue, 12 Nov 2013 15:09:39 -0800 +Subject: backlight: atmel-pwm-bl: fix gpio polarity in remove + +From: Johan Hovold + +commit ad5066d4c2b1d696749f8d7816357c23b648c4d3 upstream. + +Make sure to honour gpio polarity also at remove so that the backlight is +actually disabled on boards with active-low enable pin. + +Signed-off-by: Johan Hovold +Acked-by: Jingoo Han +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +[bwh: Backported to 3.2: adjust context] +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/video/backlight/atmel-pwm-bl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/video/backlight/atmel-pwm-bl.c ++++ b/drivers/video/backlight/atmel-pwm-bl.c +@@ -211,7 +211,8 @@ static int __exit atmel_pwm_bl_remove(st + struct atmel_pwm_bl *pwmbl = platform_get_drvdata(pdev); + + if (pwmbl->gpio_on != -1) { +- gpio_set_value(pwmbl->gpio_on, 0); ++ gpio_set_value(pwmbl->gpio_on, ++ 0 ^ pwmbl->pdata->on_active_low); + gpio_free(pwmbl->gpio_on); + } + pwm_channel_disable(&pwmbl->pwmc); diff --git a/queue-3.4/can-sja1000-fix-pre-post-_irq-handling-and-irq-handler-return-value.patch b/queue-3.4/can-sja1000-fix-pre-post-_irq-handling-and-irq-handler-return-value.patch new file mode 100644 index 00000000000..c0d57619b42 --- /dev/null +++ b/queue-3.4/can-sja1000-fix-pre-post-_irq-handling-and-irq-handler-return-value.patch @@ -0,0 +1,76 @@ +From 6f484718617526801dcb4294c0e9a2367dfc6d7c Mon Sep 17 00:00:00 2001 +From: Oliver Hartkopp +Date: Thu, 21 Nov 2013 18:03:07 +0100 +Subject: can: sja1000: fix {pre,post}_irq() handling and IRQ handler return value + +From: Oliver Hartkopp + +commit 2fea6cd303c0d0cd9067da31d873b6a6d5bd75e7 upstream. + +This patch fixes the issue that the sja1000_interrupt() function may have +returned IRQ_NONE without processing the optional pre_irq() and post_irq() +function before. Further the irq processing counter 'n' is moved to the end of +the while statement to return correct IRQ_[NONE|HANDLED] values at error +conditions. + +Reported-by: Wolfgang Grandegger +Acked-by: Wolfgang Grandegger +Signed-off-by: Oliver Hartkopp +Signed-off-by: Marc Kleine-Budde +[bwh: Backported to 3.2: s/SJA1000_IER/REG_IER/; s/SJA1000_IR/REG_IR/] +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/can/sja1000/sja1000.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +--- a/drivers/net/can/sja1000/sja1000.c ++++ b/drivers/net/can/sja1000/sja1000.c +@@ -487,19 +487,19 @@ irqreturn_t sja1000_interrupt(int irq, v + uint8_t isrc, status; + int n = 0; + +- /* Shared interrupts and IRQ off? */ +- if (priv->read_reg(priv, REG_IER) == IRQ_OFF) +- return IRQ_NONE; +- + if (priv->pre_irq) + priv->pre_irq(priv); + ++ /* Shared interrupts and IRQ off? */ ++ if (priv->read_reg(priv, REG_IER) == IRQ_OFF) ++ goto out; ++ + while ((isrc = priv->read_reg(priv, REG_IR)) && (n < SJA1000_MAX_IRQ)) { +- n++; ++ + status = priv->read_reg(priv, SJA1000_REG_SR); + /* check for absent controller due to hw unplug */ + if (status == 0xFF && sja1000_is_absent(priv)) +- return IRQ_NONE; ++ goto out; + + if (isrc & IRQ_WUI) + netdev_warn(dev, "wakeup interrupt\n"); +@@ -518,7 +518,7 @@ irqreturn_t sja1000_interrupt(int irq, v + status = priv->read_reg(priv, SJA1000_REG_SR); + /* check for absent controller */ + if (status == 0xFF && sja1000_is_absent(priv)) +- return IRQ_NONE; ++ goto out; + } + } + if (isrc & (IRQ_DOI | IRQ_EI | IRQ_BEI | IRQ_EPI | IRQ_ALI)) { +@@ -526,8 +526,9 @@ irqreturn_t sja1000_interrupt(int irq, v + if (sja1000_err(dev, isrc, status)) + break; + } ++ n++; + } +- ++out: + if (priv->post_irq) + priv->post_irq(priv); + diff --git a/queue-3.4/crypto-s390-fix-aes-cbc-iv-corruption.patch b/queue-3.4/crypto-s390-fix-aes-cbc-iv-corruption.patch new file mode 100644 index 00000000000..dc45a4817f3 --- /dev/null +++ b/queue-3.4/crypto-s390-fix-aes-cbc-iv-corruption.patch @@ -0,0 +1,97 @@ +From 898c8e6f438614624032f9ae887cab87f7558e45 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Tue, 5 Nov 2013 19:36:27 +0800 +Subject: crypto: s390 - Fix aes-cbc IV corruption + +From: Herbert Xu + +commit f262f0f5cad0c9eca61d1d383e3b67b57dcbe5ea upstream. + +The cbc-aes-s390 algorithm incorrectly places the IV in the tfm +data structure. As the tfm is shared between multiple threads, +this introduces a possibility of data corruption. + +This patch fixes this by moving the parameter block containing +the IV and key onto the stack (the block is 48 bytes long). + +The same bug exists elsewhere in the s390 crypto system and they +will be fixed in subsequent patches. + +Signed-off-by: Herbert Xu +[bwh: Backported to 3.2: adjust context] +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/crypto/aes_s390.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -35,7 +35,6 @@ static u8 *ctrblk; + static char keylen_flag; + + struct s390_aes_ctx { +- u8 iv[AES_BLOCK_SIZE]; + u8 key[AES_MAX_KEY_SIZE]; + long enc; + long dec; +@@ -442,29 +441,35 @@ static int cbc_aes_set_key(struct crypto + return aes_set_key(tfm, in_key, key_len); + } + +-static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param, ++static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, + struct blkcipher_walk *walk) + { ++ struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); + int ret = blkcipher_walk_virt(desc, walk); + unsigned int nbytes = walk->nbytes; ++ struct { ++ u8 iv[AES_BLOCK_SIZE]; ++ u8 key[AES_MAX_KEY_SIZE]; ++ } param; + + if (!nbytes) + goto out; + +- memcpy(param, walk->iv, AES_BLOCK_SIZE); ++ memcpy(param.iv, walk->iv, AES_BLOCK_SIZE); ++ memcpy(param.key, sctx->key, sctx->key_len); + do { + /* only use complete blocks */ + unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); + u8 *out = walk->dst.virt.addr; + u8 *in = walk->src.virt.addr; + +- ret = crypt_s390_kmc(func, param, out, in, n); ++ ret = crypt_s390_kmc(func, ¶m, out, in, n); + BUG_ON((ret < 0) || (ret != n)); + + nbytes &= AES_BLOCK_SIZE - 1; + ret = blkcipher_walk_done(desc, walk, nbytes); + } while ((nbytes = walk->nbytes)); +- memcpy(walk->iv, param, AES_BLOCK_SIZE); ++ memcpy(walk->iv, param.iv, AES_BLOCK_SIZE); + + out: + return ret; +@@ -481,7 +486,7 @@ static int cbc_aes_encrypt(struct blkcip + return fallback_blk_enc(desc, dst, src, nbytes); + + blkcipher_walk_init(&walk, dst, src, nbytes); +- return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk); ++ return cbc_aes_crypt(desc, sctx->enc, &walk); + } + + static int cbc_aes_decrypt(struct blkcipher_desc *desc, +@@ -495,7 +500,7 @@ static int cbc_aes_decrypt(struct blkcip + return fallback_blk_dec(desc, dst, src, nbytes); + + blkcipher_walk_init(&walk, dst, src, nbytes); +- return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk); ++ return cbc_aes_crypt(desc, sctx->dec, &walk); + } + + static struct crypto_alg cbc_aes_alg = { diff --git a/queue-3.4/crypto-s390-fix-aes-xts-parameter-corruption.patch b/queue-3.4/crypto-s390-fix-aes-xts-parameter-corruption.patch new file mode 100644 index 00000000000..e698a764b9d --- /dev/null +++ b/queue-3.4/crypto-s390-fix-aes-xts-parameter-corruption.patch @@ -0,0 +1,100 @@ +From 8ccf25d7c6295ab6112711419d3c056a2331e430 Mon Sep 17 00:00:00 2001 +From: Gerald Schaefer +Date: Tue, 19 Nov 2013 17:12:47 +0100 +Subject: crypto: s390 - Fix aes-xts parameter corruption + +From: Gerald Schaefer + +commit 9dda2769af4f3f3093434648c409bb351120d9e8 upstream. + +Some s390 crypto algorithms incorrectly use the crypto_tfm structure to +store private data. As the tfm can be shared among multiple threads, this +can result in data corruption. + +This patch fixes aes-xts by moving the xts and pcc parameter blocks from +the tfm onto the stack (48 + 96 bytes). + +Signed-off-by: Gerald Schaefer +Signed-off-by: Herbert Xu +[bwh: Backported to 3.2: adjust context] +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/crypto/aes_s390.c | 31 +++++++++++++++++-------------- + 1 file changed, 17 insertions(+), 14 deletions(-) + +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -55,8 +55,7 @@ struct pcc_param { + + struct s390_xts_ctx { + u8 key[32]; +- u8 xts_param[16]; +- struct pcc_param pcc; ++ u8 pcc_key[32]; + long enc; + long dec; + int key_len; +@@ -592,7 +591,7 @@ static int xts_aes_set_key(struct crypto + xts_ctx->enc = KM_XTS_128_ENCRYPT; + xts_ctx->dec = KM_XTS_128_DECRYPT; + memcpy(xts_ctx->key + 16, in_key, 16); +- memcpy(xts_ctx->pcc.key + 16, in_key + 16, 16); ++ memcpy(xts_ctx->pcc_key + 16, in_key + 16, 16); + break; + case 48: + xts_ctx->enc = 0; +@@ -603,7 +602,7 @@ static int xts_aes_set_key(struct crypto + xts_ctx->enc = KM_XTS_256_ENCRYPT; + xts_ctx->dec = KM_XTS_256_DECRYPT; + memcpy(xts_ctx->key, in_key, 32); +- memcpy(xts_ctx->pcc.key, in_key + 32, 32); ++ memcpy(xts_ctx->pcc_key, in_key + 32, 32); + break; + default: + *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; +@@ -622,28 +621,32 @@ static int xts_aes_crypt(struct blkciphe + unsigned int nbytes = walk->nbytes; + unsigned int n; + u8 *in, *out; +- void *param; ++ struct pcc_param pcc_param; ++ struct { ++ u8 key[32]; ++ u8 init[16]; ++ } xts_param; + + if (!nbytes) + goto out; + +- memset(xts_ctx->pcc.block, 0, sizeof(xts_ctx->pcc.block)); +- memset(xts_ctx->pcc.bit, 0, sizeof(xts_ctx->pcc.bit)); +- memset(xts_ctx->pcc.xts, 0, sizeof(xts_ctx->pcc.xts)); +- memcpy(xts_ctx->pcc.tweak, walk->iv, sizeof(xts_ctx->pcc.tweak)); +- param = xts_ctx->pcc.key + offset; +- ret = crypt_s390_pcc(func, param); ++ memset(pcc_param.block, 0, sizeof(pcc_param.block)); ++ memset(pcc_param.bit, 0, sizeof(pcc_param.bit)); ++ memset(pcc_param.xts, 0, sizeof(pcc_param.xts)); ++ memcpy(pcc_param.tweak, walk->iv, sizeof(pcc_param.tweak)); ++ memcpy(pcc_param.key, xts_ctx->pcc_key, 32); ++ ret = crypt_s390_pcc(func, &pcc_param.key[offset]); + BUG_ON(ret < 0); + +- memcpy(xts_ctx->xts_param, xts_ctx->pcc.xts, 16); +- param = xts_ctx->key + offset; ++ memcpy(xts_param.key, xts_ctx->key, 32); ++ memcpy(xts_param.init, pcc_param.xts, 16); + do { + /* only use complete blocks */ + n = nbytes & ~(AES_BLOCK_SIZE - 1); + out = walk->dst.virt.addr; + in = walk->src.virt.addr; + +- ret = crypt_s390_km(func, param, out, in, n); ++ ret = crypt_s390_km(func, &xts_param.key[offset], out, in, n); + BUG_ON(ret < 0 || ret != n); + + nbytes &= AES_BLOCK_SIZE - 1; diff --git a/queue-3.4/mac80211-drop-spoofed-packets-in-ad-hoc-mode.patch b/queue-3.4/mac80211-drop-spoofed-packets-in-ad-hoc-mode.patch new file mode 100644 index 00000000000..46f712e3e98 --- /dev/null +++ b/queue-3.4/mac80211-drop-spoofed-packets-in-ad-hoc-mode.patch @@ -0,0 +1,43 @@ +From f9ec1e9afbfea2bac94d54dd92d969755798160d Mon Sep 17 00:00:00 2001 +From: Felix Fietkau +Date: Tue, 17 Sep 2013 11:15:43 +0200 +Subject: mac80211: drop spoofed packets in ad-hoc mode + +From: Felix Fietkau + +commit 6329b8d917adc077caa60c2447385554130853a3 upstream. + +If an Ad-Hoc node receives packets with the Cell ID or its own MAC +address as source address, it hits a WARN_ON in sta_info_insert_check() +With many packets, this can massively spam the logs. One way that this +can easily happen is through having Cisco APs in the area with rouge AP +detection and countermeasures enabled. +Such Cisco APs will regularly send fake beacons, disassoc and deauth +packets that trigger these warnings. + +To fix this issue, drop such spoofed packets early in the rx path. + +Reported-by: Thomas Huehn +Signed-off-by: Felix Fietkau +Signed-off-by: Johannes Berg +[bwh: Backported to 3.2: use compare_ether_addr() instead of ether_addr_equal()] +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/rx.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -2828,6 +2828,9 @@ static int prepare_for_handlers(struct i + case NL80211_IFTYPE_ADHOC: + if (!bssid) + return 0; ++ if (compare_ether_addr(sdata->vif.addr, hdr->addr2) == 0 || ++ compare_ether_addr(sdata->u.ibss.bssid, hdr->addr2) == 0) ++ return 0; + if (ieee80211_is_beacon(hdr->frame_control)) { + return 1; + } diff --git a/queue-3.4/mtd-m25p80-fix-allocation-size.patch b/queue-3.4/mtd-m25p80-fix-allocation-size.patch new file mode 100644 index 00000000000..69129df6f87 --- /dev/null +++ b/queue-3.4/mtd-m25p80-fix-allocation-size.patch @@ -0,0 +1,84 @@ +From 2a4c85e77b4bd77a83382f74c99da1c388a0fab2 Mon Sep 17 00:00:00 2001 +From: Brian Norris +Date: Wed, 24 Jul 2013 18:32:07 -0700 +Subject: mtd: m25p80: fix allocation size + +From: Brian Norris + +commit 778d226a1462572b51d6777cdb1d611543410cb4 upstream. + +This patch fixes two memory errors: + +1. During a probe failure (in mtd_device_parse_register?) the command + buffer would not be freed. + +2. The command buffer's size is determined based on the 'fast_read' + boolean, but the assignment of fast_read is made after this + allocation. Thus, the buffer may be allocated "too small". + +To fix the first, just switch to the devres version of kzalloc. + +To fix the second, increase MAX_CMD_SIZE unconditionally. It's not worth +saving a byte to fiddle around with the conditions here. + +This problem was reported by Yuhang Wang a while back. + +Signed-off-by: Brian Norris +Reported-by: Yuhang Wang +Reviewed-by: Sourav Poddar +[bwh: Backported to 3.2: adjust context] +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/devices/m25p80.c | 19 +++++++------------ + 1 file changed, 7 insertions(+), 12 deletions(-) + +--- a/drivers/mtd/devices/m25p80.c ++++ b/drivers/mtd/devices/m25p80.c +@@ -71,7 +71,7 @@ + + /* Define max times to check status register before we give up. */ + #define MAX_READY_WAIT_JIFFIES (40 * HZ) /* M25P16 specs 40s max chip erase */ +-#define MAX_CMD_SIZE 5 ++#define MAX_CMD_SIZE 6 + + #ifdef CONFIG_M25PXX_USE_FAST_READ + #define OPCODE_READ OPCODE_FAST_READ +@@ -843,14 +843,13 @@ static int __devinit m25p_probe(struct s + } + } + +- flash = kzalloc(sizeof *flash, GFP_KERNEL); ++ flash = devm_kzalloc(&spi->dev, sizeof(*flash), GFP_KERNEL); + if (!flash) + return -ENOMEM; +- flash->command = kmalloc(MAX_CMD_SIZE + FAST_READ_DUMMY_BYTE, GFP_KERNEL); +- if (!flash->command) { +- kfree(flash); ++ ++ flash->command = devm_kzalloc(&spi->dev, MAX_CMD_SIZE, GFP_KERNEL); ++ if (!flash->command) + return -ENOMEM; +- } + + flash->spi = spi; + mutex_init(&flash->lock); +@@ -947,14 +946,10 @@ static int __devinit m25p_probe(struct s + static int __devexit m25p_remove(struct spi_device *spi) + { + struct m25p *flash = dev_get_drvdata(&spi->dev); +- int status; + + /* Clean up MTD stuff. */ +- status = mtd_device_unregister(&flash->mtd); +- if (status == 0) { +- kfree(flash->command); +- kfree(flash); +- } ++ mtd_device_unregister(&flash->mtd); ++ + return 0; + } + diff --git a/queue-3.4/net-add-net_ratelimited_function-and-net_-level-_ratelimited-macros.patch b/queue-3.4/net-add-net_ratelimited_function-and-net_-level-_ratelimited-macros.patch new file mode 100644 index 00000000000..e3736d2ada5 --- /dev/null +++ b/queue-3.4/net-add-net_ratelimited_function-and-net_-level-_ratelimited-macros.patch @@ -0,0 +1,66 @@ +From 3eddd6c470e225ba02d670a2c76d13cd05aabc0c Mon Sep 17 00:00:00 2001 +From: Joe Perches +Date: Sun, 13 May 2012 21:56:25 +0000 +Subject: net: Add net_ratelimited_function and net__ratelimited macros + +From: Joe Perches + +commit 3a3bfb61e64476ff1e4ac3122cb6dec9c79b795c upstream. + +__ratelimit() can be considered an inverted bool test because +it returns true when not ratelimited. Several tests in the +kernel tree use this __ratelimit() function incorrectly. + +No net_ratelimit uses are incorrect currently though. + +Most uses of net_ratelimit are to log something via printk or +pr_. + +In order to minimize the uses of net_ratelimit, and to start +standardizing the code style used for __ratelimit() and net_ratelimit(), +add a net_ratelimited_function() macro and net__ratelimited() +logging macros similar to pr__ratelimited that use the global +net_ratelimit instead of a static per call site "struct ratelimit_state". + +Signed-off-by: Joe Perches +Signed-off-by: David S. Miller +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/net.h | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +--- a/include/linux/net.h ++++ b/include/linux/net.h +@@ -282,6 +282,29 @@ do { \ + #define net_dbg_ratelimited(fmt, ...) \ + net_ratelimited_function(pr_debug, fmt, ##__VA_ARGS__) + ++#define net_ratelimited_function(function, ...) \ ++do { \ ++ if (net_ratelimit()) \ ++ function(__VA_ARGS__); \ ++} while (0) ++ ++#define net_emerg_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_emerg, fmt, ##__VA_ARGS__) ++#define net_alert_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_alert, fmt, ##__VA_ARGS__) ++#define net_crit_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_crit, fmt, ##__VA_ARGS__) ++#define net_err_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_err, fmt, ##__VA_ARGS__) ++#define net_notice_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_notice, fmt, ##__VA_ARGS__) ++#define net_warn_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_warn, fmt, ##__VA_ARGS__) ++#define net_info_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_info, fmt, ##__VA_ARGS__) ++#define net_dbg_ratelimited(fmt, ...) \ ++ net_ratelimited_function(pr_debug, fmt, ##__VA_ARGS__) ++ + #define net_random() random32() + #define net_srandom(seed) srandom32((__force u32)seed) + diff --git a/queue-3.4/series b/queue-3.4/series index 018eefa7cd5..fe1f2caaecc 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -201,3 +201,11 @@ random-fix-accounting-race-condition-with-lockless-irq-entropy_count-update.patc cfg80211-check-wdev-netdev-in-connection-work.patch i2c-piix4-add-amd-cz-smbus-device-id.patch b43-ensue-that-bcma-is-y-when-b43-is-y.patch +vgacon.c-add-cond-reschedule-points-in-vgacon_do_font_op.patch +mac80211-drop-spoofed-packets-in-ad-hoc-mode.patch +crypto-s390-fix-aes-cbc-iv-corruption.patch +mtd-m25p80-fix-allocation-size.patch +backlight-atmel-pwm-bl-fix-gpio-polarity-in-remove.patch +can-sja1000-fix-pre-post-_irq-handling-and-irq-handler-return-value.patch +crypto-s390-fix-aes-xts-parameter-corruption.patch +net-add-net_ratelimited_function-and-net_-level-_ratelimited-macros.patch diff --git a/queue-3.4/vgacon.c-add-cond-reschedule-points-in-vgacon_do_font_op.patch b/queue-3.4/vgacon.c-add-cond-reschedule-points-in-vgacon_do_font_op.patch new file mode 100644 index 00000000000..2d08835fe09 --- /dev/null +++ b/queue-3.4/vgacon.c-add-cond-reschedule-points-in-vgacon_do_font_op.patch @@ -0,0 +1,80 @@ +From 809feb1735e5f4210ba455108ca91cb55b7b8610 Mon Sep 17 00:00:00 2001 +From: Marcelo Tosatti +Date: Thu, 20 Jun 2013 18:05:56 -0300 +Subject: vgacon.c: add cond reschedule points in vgacon_do_font_op + +From: Marcelo Tosatti + +commit 7e6d72c15ff4cc0c27573901bb05f9eddbd71ed4 upstream. + +Booting a 64-vcpu KVM guest, with CONFIG_PREEMPT_VOLUNTARY, +can result in a soft lockup: + +BUG: soft lockup - CPU#41 stuck for 67s! [setfont:1505] + RIP: 0010:[] +[] vgacon_do_font_op.clone.0+0x1ba/0x550 + +This is due to the 8192 (cmapsz) IO operations taking longer than expected +due to lock contention in QEMU. + +Add conditional resched points in between writes allowing other tasks to +execute. + +Signed-off-by: Marcelo Tosatti +Signed-off-by: Dave Airlie +[bwh: Backported to 3.2: add #include , already present + upstream] +Signed-off-by: Ben Hutchings +Cc: Qiang Huang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/video/console/vgacon.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +--- a/drivers/video/console/vgacon.c ++++ b/drivers/video/console/vgacon.c +@@ -42,6 +42,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1124,11 +1125,15 @@ static int vgacon_do_font_op(struct vgas + + if (arg) { + if (set) +- for (i = 0; i < cmapsz; i++) ++ for (i = 0; i < cmapsz; i++) { + vga_writeb(arg[i], charmap + i); ++ cond_resched(); ++ } + else +- for (i = 0; i < cmapsz; i++) ++ for (i = 0; i < cmapsz; i++) { + arg[i] = vga_readb(charmap + i); ++ cond_resched(); ++ } + + /* + * In 512-character mode, the character map is not contiguous if +@@ -1139,11 +1144,15 @@ static int vgacon_do_font_op(struct vgas + charmap += 2 * cmapsz; + arg += cmapsz; + if (set) +- for (i = 0; i < cmapsz; i++) ++ for (i = 0; i < cmapsz; i++) { + vga_writeb(arg[i], charmap + i); ++ cond_resched(); ++ } + else +- for (i = 0; i < cmapsz; i++) ++ for (i = 0; i < cmapsz; i++) { + arg[i] = vga_readb(charmap + i); ++ cond_resched(); ++ } + } + } +