From eb2d111243a3211d7e548b19d9400ad2b68c877d Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 15 Feb 2011 11:05:41 -0800 Subject: [PATCH] .37 patches --- ...ce-before-it-is-properly-initialised.patch | 82 ++++++++++++++++ ...-delays-in-clearing-bits-in-a-bitmap.patch | 48 ++++++++++ ...g-devices-to-arrays-with-no-metadata.patch | 46 +++++++++ ...rives-when-converting-raid6-to-raid5.patch | 36 +++++++ ...h-the-bio-after-calling-make_request.patch | 56 +++++++++++ ...heap-allocation-for-ethtool_get_regs.patch | 31 ++++++ ...er-one-superblock-became-unavailable.patch | 52 ++++++++++ ...52xx-inherit-from-ata_bmdma_port_ops.patch | 33 +++++++ ...nterrupts-while-running-in_interrupt.patch | 52 ++++++++++ ...permissions-for-dcb-netlink-messages.patch | 35 +++++++ ...ls-on-mountpoint-labeled-filesystems.patch | 57 +++++++++++ queue-2.6.37/series | 14 +++ ...aused-by-tpm-autodetect-itpm-devices.patch | 48 ++++++++++ .../tpm-long-default-timeout-fix.patch | 46 +++++++++ ...m_tis-use-timeouts-returned-from-tpm.patch | 95 +++++++++++++++++++ 15 files changed, 731 insertions(+) create mode 100644 queue-2.6.37/md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch create mode 100644 queue-2.6.37/md-fix-regression-resulting-in-delays-in-clearing-bits-in-a-bitmap.patch create mode 100644 queue-2.6.37/md-fix-regression-with-re-adding-devices-to-arrays-with-no-metadata.patch create mode 100644 queue-2.6.37/md-fix-removal-of-extra-drives-when-converting-raid6-to-raid5.patch create mode 100644 queue-2.6.37/md_make_request-don-t-touch-the-bio-after-calling-make_request.patch create mode 100644 queue-2.6.37/net-clear-heap-allocation-for-ethtool_get_regs.patch create mode 100644 queue-2.6.37/nilfs2-fix-crash-after-one-superblock-became-unavailable.patch create mode 100644 queue-2.6.37/pata_mpc52xx-inherit-from-ata_bmdma_port_ops.patch create mode 100644 queue-2.6.37/pm-runtime-don-t-enable-interrupts-while-running-in_interrupt.patch create mode 100644 queue-2.6.37/selinux-define-permissions-for-dcb-netlink-messages.patch create mode 100644 queue-2.6.37/selinux-do-not-compute-transition-labels-on-mountpoint-labeled-filesystems.patch create mode 100644 queue-2.6.37/tpm-fix-panic-caused-by-tpm-autodetect-itpm-devices.patch create mode 100644 queue-2.6.37/tpm-long-default-timeout-fix.patch create mode 100644 queue-2.6.37/tpm_tis-use-timeouts-returned-from-tpm.patch diff --git a/queue-2.6.37/md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch b/queue-2.6.37/md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch new file mode 100644 index 00000000000..27e42e282a6 --- /dev/null +++ b/queue-2.6.37/md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch @@ -0,0 +1,82 @@ +From 0ca69886a8273ac1350143d562280bfcbe4760dc Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Fri, 14 Jan 2011 09:14:33 +1100 +Subject: md: Ensure no IO request to get md device before it is properly initialised. + +From: NeilBrown + +commit 0ca69886a8273ac1350143d562280bfcbe4760dc upstream. + +When an md device is in the process of coming on line it is possible +for an IO request (typically a partition table probe) to get through +before the array is fully initialised, which can cause unexpected +behaviour (e.g. a crash). + +So explicitly record when the array is ready for IO and don't allow IO +through until then. + +There is no possibility for a similar problem when the array is going +off-line as there must only be one 'open' at that time, and it is busy +off-lining the array and so cannot send IO requests. So no memory +barrier is needed in md_stop() + +This has been a bug since commit 409c57f3801 in 2.6.30 which +introduced md_make_request. Before then, each personality would +register its own make_request_fn when it was ready. +This is suitable for any stable kernel from 2.6.30.y onwards. + +Signed-off-by: NeilBrown +Reported-by: "Hawrylewicz Czarnowski, Przemyslaw" +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 8 ++++++-- + drivers/md/md.h | 3 ++- + 2 files changed, 8 insertions(+), 3 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -288,10 +288,12 @@ static int md_make_request(struct reques + int rv; + int cpu; + +- if (mddev == NULL || mddev->pers == NULL) { ++ if (mddev == NULL || mddev->pers == NULL ++ || !mddev->ready) { + bio_io_error(bio); + return 0; + } ++ smp_rmb(); /* Ensure implications of 'active' are visible */ + rcu_read_lock(); + if (mddev->suspended) { + DEFINE_WAIT(__wait); +@@ -4564,7 +4566,8 @@ int md_run(mddev_t *mddev) + mddev->safemode_timer.data = (unsigned long) mddev; + mddev->safemode_delay = (200 * HZ)/1000 +1; /* 200 msec delay */ + mddev->in_sync = 1; +- ++ smp_wmb(); ++ mddev->ready = 1; + list_for_each_entry(rdev, &mddev->disks, same_set) + if (rdev->raid_disk >= 0) { + char nm[20]; +@@ -4725,6 +4728,7 @@ EXPORT_SYMBOL_GPL(md_stop_writes); + + void md_stop(mddev_t *mddev) + { ++ mddev->ready = 0; + mddev->pers->stop(mddev); + if (mddev->pers->sync_request && mddev->to_remove == NULL) + mddev->to_remove = &md_redundancy_group; +--- a/drivers/md/md.h ++++ b/drivers/md/md.h +@@ -148,7 +148,8 @@ struct mddev_s + * are happening, so run/ + * takeover/stop are not safe + */ +- ++ int ready; /* See when safe to pass ++ * IO requests down */ + struct gendisk *gendisk; + + struct kobject kobj; diff --git a/queue-2.6.37/md-fix-regression-resulting-in-delays-in-clearing-bits-in-a-bitmap.patch b/queue-2.6.37/md-fix-regression-resulting-in-delays-in-clearing-bits-in-a-bitmap.patch new file mode 100644 index 00000000000..0338ef3e7f9 --- /dev/null +++ b/queue-2.6.37/md-fix-regression-resulting-in-delays-in-clearing-bits-in-a-bitmap.patch @@ -0,0 +1,48 @@ +From 6c9879101442b08581e8a0e3ae6b7f643a78fd63 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Fri, 14 Jan 2011 09:13:53 +1100 +Subject: md: fix regression resulting in delays in clearing bits in a bitmap + +From: NeilBrown + +commit 6c9879101442b08581e8a0e3ae6b7f643a78fd63 upstream. + +commit 589a594be1fb (2.6.37-rc4) fixed a problem were md_thread would +sometimes call the ->run function at a bad time. + +If an error is detected during array start up after the md_thread has +been started, the md_thread is killed. This resulted in the ->run +function being called once. However the array may not be in a state +that it is safe to call ->run. + +However the fix imposed meant that ->run was not called on a timeout. +This means that when an array goes idle, bitmap bits do not get +cleared promptly. While the array is busy the bits will still be +cleared when appropriate so this is not very serious. There is no +risk to data. + +Change the test so that we only avoid calling ->run when the thread +is being stopped. This more explicitly addresses the problem situation. + +This is suitable for 2.6.37-stable and any -stable kernel to which +589a594be1fb was applied. + +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -6042,7 +6042,8 @@ static int md_thread(void * arg) + || kthread_should_stop(), + thread->timeout); + +- if (test_and_clear_bit(THREAD_WAKEUP, &thread->flags)) ++ clear_bit(THREAD_WAKEUP, &thread->flags); ++ if (!kthread_should_stop()) + thread->run(thread->mddev); + } + diff --git a/queue-2.6.37/md-fix-regression-with-re-adding-devices-to-arrays-with-no-metadata.patch b/queue-2.6.37/md-fix-regression-with-re-adding-devices-to-arrays-with-no-metadata.patch new file mode 100644 index 00000000000..29b5329b3ba --- /dev/null +++ b/queue-2.6.37/md-fix-regression-with-re-adding-devices-to-arrays-with-no-metadata.patch @@ -0,0 +1,46 @@ +From bf572541ab44240163eaa2d486b06f306a31d45a Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Wed, 12 Jan 2011 09:03:35 +1100 +Subject: md: fix regression with re-adding devices to arrays with no metadata + +From: NeilBrown + +commit bf572541ab44240163eaa2d486b06f306a31d45a upstream. + +Commit 1a855a0606 (2.6.37-rc4) fixed a problem where devices were +re-added when they shouldn't be but caused a regression in a less +common case that means sometimes devices cannot be re-added when they +should be. + +In particular, when re-adding a device to an array without metadata +we should always access the device, but after the above commit we +didn't. + +This patch sets the In_sync flag in that case so that the re-add +succeeds. + +This patch is suitable for any -stable kernel to which 1a855a0606 was +applied. + +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -5159,9 +5159,10 @@ static int add_new_disk(mddev_t * mddev, + /* set saved_raid_disk if appropriate */ + if (!mddev->persistent) { + if (info->state & (1<raid_disk < mddev->raid_disks) ++ info->raid_disk < mddev->raid_disks) { + rdev->raid_disk = info->raid_disk; +- else ++ set_bit(In_sync, &rdev->flags); ++ } else + rdev->raid_disk = -1; + } else + super_types[mddev->major_version]. diff --git a/queue-2.6.37/md-fix-removal-of-extra-drives-when-converting-raid6-to-raid5.patch b/queue-2.6.37/md-fix-removal-of-extra-drives-when-converting-raid6-to-raid5.patch new file mode 100644 index 00000000000..3168aab4dbc --- /dev/null +++ b/queue-2.6.37/md-fix-removal-of-extra-drives-when-converting-raid6-to-raid5.patch @@ -0,0 +1,36 @@ +From bf2cb0dab8c97f00a71875d9b13dbac17a2f47ca Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Fri, 14 Jan 2011 09:14:34 +1100 +Subject: md: Fix removal of extra drives when converting RAID6 to RAID5 + +From: NeilBrown + +commit bf2cb0dab8c97f00a71875d9b13dbac17a2f47ca upstream. + +When a RAID6 is converted to a RAID5, the extra drive should +be discarded. However it isn't due to a typo in a comparison. + +This bug was introduced in commit e93f68a1fc6 in 2.6.35-rc4 +and is suitable for any -stable since than. + +As the extra drive is not removed, the 'degraded' counter is wrong and +so the RAID5 will not respond correctly to a subsequent failure. + +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -3117,7 +3117,7 @@ level_store(mddev_t *mddev, const char * + char nm[20]; + if (rdev->raid_disk < 0) + continue; +- if (rdev->new_raid_disk > mddev->raid_disks) ++ if (rdev->new_raid_disk >= mddev->raid_disks) + rdev->new_raid_disk = -1; + if (rdev->new_raid_disk == rdev->raid_disk) + continue; diff --git a/queue-2.6.37/md_make_request-don-t-touch-the-bio-after-calling-make_request.patch b/queue-2.6.37/md_make_request-don-t-touch-the-bio-after-calling-make_request.patch new file mode 100644 index 00000000000..55a952a741d --- /dev/null +++ b/queue-2.6.37/md_make_request-don-t-touch-the-bio-after-calling-make_request.patch @@ -0,0 +1,56 @@ +From e91ece5590b3c728624ab57043fc7a05069c604a Mon Sep 17 00:00:00 2001 +From: Chris Mason +Date: Mon, 7 Feb 2011 19:21:48 -0500 +Subject: md_make_request: don't touch the bio after calling make_request + +From: Chris Mason + +commit e91ece5590b3c728624ab57043fc7a05069c604a upstream. + +md_make_request was calling bio_sectors() for part_stat_add +after it was calling the make_request function. This is +bad because the make_request function can free the bio and +because the bi_size field can change around. + +The fix here was suggested by Jens Axboe. It saves the +sector count before the make_request call. I hit this +with CONFIG_DEBUG_PAGEALLOC turned on while trying to break +his pretty fusionio card. + +Signed-off-by: Chris Mason +Signed-off-by: NeilBrown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -287,6 +287,7 @@ static int md_make_request(struct reques + mddev_t *mddev = q->queuedata; + int rv; + int cpu; ++ unsigned int sectors; + + if (mddev == NULL || mddev->pers == NULL + || !mddev->ready) { +@@ -311,12 +312,16 @@ static int md_make_request(struct reques + atomic_inc(&mddev->active_io); + rcu_read_unlock(); + ++ /* ++ * save the sectors now since our bio can ++ * go away inside make_request ++ */ ++ sectors = bio_sectors(bio); + rv = mddev->pers->make_request(mddev, bio); + + cpu = part_stat_lock(); + part_stat_inc(cpu, &mddev->gendisk->part0, ios[rw]); +- part_stat_add(cpu, &mddev->gendisk->part0, sectors[rw], +- bio_sectors(bio)); ++ part_stat_add(cpu, &mddev->gendisk->part0, sectors[rw], sectors); + part_stat_unlock(); + + if (atomic_dec_and_test(&mddev->active_io) && mddev->suspended) diff --git a/queue-2.6.37/net-clear-heap-allocation-for-ethtool_get_regs.patch b/queue-2.6.37/net-clear-heap-allocation-for-ethtool_get_regs.patch new file mode 100644 index 00000000000..14f638ce4eb --- /dev/null +++ b/queue-2.6.37/net-clear-heap-allocation-for-ethtool_get_regs.patch @@ -0,0 +1,31 @@ +From b7c7d01aaed1f71d9afe815a569f0a81465a1744 Mon Sep 17 00:00:00 2001 +From: Eugene Teo +Date: Mon, 24 Jan 2011 21:05:17 -0800 +Subject: net: clear heap allocation for ethtool_get_regs() + +From: Eugene Teo + +commit b7c7d01aaed1f71d9afe815a569f0a81465a1744 upstream. + +There is a conflict between commit b00916b1 and a77f5db3. This patch resolves +the conflict by clearing the heap allocation in ethtool_get_regs(). + +Signed-off-by: Eugene Teo +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/core/ethtool.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/core/ethtool.c ++++ b/net/core/ethtool.c +@@ -817,7 +817,7 @@ static int ethtool_get_regs(struct net_d + if (regs.len > reglen) + regs.len = reglen; + +- regbuf = vmalloc(reglen); ++ regbuf = vzalloc(reglen); + if (!regbuf) + return -ENOMEM; + diff --git a/queue-2.6.37/nilfs2-fix-crash-after-one-superblock-became-unavailable.patch b/queue-2.6.37/nilfs2-fix-crash-after-one-superblock-became-unavailable.patch new file mode 100644 index 00000000000..1ab3a14b648 --- /dev/null +++ b/queue-2.6.37/nilfs2-fix-crash-after-one-superblock-became-unavailable.patch @@ -0,0 +1,52 @@ +From 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Fri, 21 Jan 2011 16:40:31 +0900 +Subject: nilfs2: fix crash after one superblock became unavailable + +From: Ryusuke Konishi + +commit 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 upstream. + +Fixes the following kernel oops in nilfs_setup_super() which could +arise if one of two super-blocks is unavailable. + +> BUG: unable to handle kernel NULL pointer dereference at (null) +> Pid: 3529, comm: mount.nilfs2 Not tainted 2.6.37 #1 / +> EIP: 0060:[] EFLAGS: 00010202 CPU: 3 +> EIP is at memcpy+0xc/0x1b +> Call Trace: +> [] ? nilfs_setup_super+0x6c/0xa5 [nilfs2] +> [] ? nilfs_get_root_dentry+0x81/0xcb [nilfs2] +> [] ? nilfs_mount+0x4f9/0x62c [nilfs2] +> [] ? kstrdup+0x36/0x3f +> [] ? nilfs_mount+0x0/0x62c [nilfs2] +> [] ? vfs_kern_mount+0x4d/0x12c +> [] ? get_fs_type+0x76/0x8f +> [] ? do_kern_mount+0x33/0xbf +> [] ? do_mount+0x2ed/0x714 +> [] ? copy_mount_options+0x28/0xfc +> [] ? sys_mount+0x72/0xaf +> [] ? syscall_call+0x7/0xb + +Reported-by: Wakko Warner +Signed-off-by: Ryusuke Konishi +Tested-by: Wakko Warner +LKML-Reference: <20110121024918.GA29598@animx.eu.org> +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nilfs2/super.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nilfs2/super.c ++++ b/fs/nilfs2/super.c +@@ -688,7 +688,8 @@ skip_mount_setup: + sbp[0]->s_state = + cpu_to_le16(le16_to_cpu(sbp[0]->s_state) & ~NILFS_VALID_FS); + /* synchronize sbp[1] with sbp[0] */ +- memcpy(sbp[1], sbp[0], nilfs->ns_sbsize); ++ if (sbp[1]) ++ memcpy(sbp[1], sbp[0], nilfs->ns_sbsize); + return nilfs_commit_super(sbi, NILFS_SB_COMMIT_ALL); + } + diff --git a/queue-2.6.37/pata_mpc52xx-inherit-from-ata_bmdma_port_ops.patch b/queue-2.6.37/pata_mpc52xx-inherit-from-ata_bmdma_port_ops.patch new file mode 100644 index 00000000000..e7824fbd999 --- /dev/null +++ b/queue-2.6.37/pata_mpc52xx-inherit-from-ata_bmdma_port_ops.patch @@ -0,0 +1,33 @@ +From 77c5fd19075d299fe820bb59bb21b0b113676e20 Mon Sep 17 00:00:00 2001 +From: Tejun Heo +Date: Sun, 9 Jan 2011 17:48:20 -0500 +Subject: pata_mpc52xx: inherit from ata_bmdma_port_ops + +From: Tejun Heo + +commit 77c5fd19075d299fe820bb59bb21b0b113676e20 upstream. + +pata_mpc52xx supports BMDMA but inherits ata_sff_port_ops which +triggers BUG_ON() when a DMA command is issued. Fix it. + +Signed-off-by: Tejun Heo +Reported-by: Roman Fietze +Cc: Sergei Shtylyov +Signed-off-by: Jeff Garzik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/pata_mpc52xx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/ata/pata_mpc52xx.c ++++ b/drivers/ata/pata_mpc52xx.c +@@ -610,7 +610,7 @@ static struct scsi_host_template mpc52xx + }; + + static struct ata_port_operations mpc52xx_ata_port_ops = { +- .inherits = &ata_sff_port_ops, ++ .inherits = &ata_bmdma_port_ops, + .sff_dev_select = mpc52xx_ata_dev_select, + .set_piomode = mpc52xx_ata_set_piomode, + .set_dmamode = mpc52xx_ata_set_dmamode, diff --git a/queue-2.6.37/pm-runtime-don-t-enable-interrupts-while-running-in_interrupt.patch b/queue-2.6.37/pm-runtime-don-t-enable-interrupts-while-running-in_interrupt.patch new file mode 100644 index 00000000000..c6b47c98c5b --- /dev/null +++ b/queue-2.6.37/pm-runtime-don-t-enable-interrupts-while-running-in_interrupt.patch @@ -0,0 +1,52 @@ +From c3810c88788d505d4ffd786addd111b745e42161 Mon Sep 17 00:00:00 2001 +From: Alan Stern +Date: Tue, 25 Jan 2011 20:50:07 +0100 +Subject: PM / Runtime: Don't enable interrupts while running in_interrupt + +From: Alan Stern + +commit c3810c88788d505d4ffd786addd111b745e42161 upstream. + +This patch (as1445) fixes a bug in the runtime PM core left over from +the addition of the no_callbacks flag. If this flag is set then it is +possible for rpm_suspend() to be called in_interrupt, so when +releasing spinlocks it's important not to re-enable interrupts. + +To avoid an unnecessary save-and-restore of the interrupt flag, the +patch also inlines a pm_request_idle() call. + +This fixes Bugzilla #27482. + +(The offending code was added in 2.6.37, so it's not necessary to apply +this to any earlier stable kernels.) + +Signed-off-by: Alan Stern +Reported-by: tim blechmann +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/power/runtime.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/base/power/runtime.c ++++ b/drivers/base/power/runtime.c +@@ -404,12 +404,15 @@ static int rpm_suspend(struct device *de + goto out; + } + ++ /* Maybe the parent is now able to suspend. */ + if (parent && !parent->power.ignore_children) { +- spin_unlock_irq(&dev->power.lock); ++ spin_unlock(&dev->power.lock); + +- pm_request_idle(parent); ++ spin_lock(&parent->power.lock); ++ rpm_idle(parent, RPM_ASYNC); ++ spin_unlock(&parent->power.lock); + +- spin_lock_irq(&dev->power.lock); ++ spin_lock(&dev->power.lock); + } + + out: diff --git a/queue-2.6.37/selinux-define-permissions-for-dcb-netlink-messages.patch b/queue-2.6.37/selinux-define-permissions-for-dcb-netlink-messages.patch new file mode 100644 index 00000000000..7382dbd60cd --- /dev/null +++ b/queue-2.6.37/selinux-define-permissions-for-dcb-netlink-messages.patch @@ -0,0 +1,35 @@ +From 350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8 Mon Sep 17 00:00:00 2001 +From: Eric Paris +Date: Thu, 16 Dec 2010 11:46:51 -0500 +Subject: SELinux: define permissions for DCB netlink messages + +From: Eric Paris + +commit 350e4f31e0eaf56dfc3b328d24a11bdf42a41fb8 upstream. + +Commit 2f90b865 added two new netlink message types to the netlink route +socket. SELinux has hooks to define if netlink messages are allowed to +be sent or received, but it did not know about these two new message +types. By default we allow such actions so noone likely noticed. This +patch adds the proper definitions and thus proper permissions +enforcement. + +Signed-off-by: Eric Paris +Cc: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/nlmsgtab.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/security/selinux/nlmsgtab.c ++++ b/security/selinux/nlmsgtab.c +@@ -65,6 +65,8 @@ static struct nlmsg_perm nlmsg_route_per + { RTM_NEWADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, + { RTM_DELADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, + { RTM_GETADDRLABEL, NETLINK_ROUTE_SOCKET__NLMSG_READ }, ++ { RTM_GETDCB, NETLINK_ROUTE_SOCKET__NLMSG_READ }, ++ { RTM_SETDCB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, + }; + + static struct nlmsg_perm nlmsg_firewall_perms[] = diff --git a/queue-2.6.37/selinux-do-not-compute-transition-labels-on-mountpoint-labeled-filesystems.patch b/queue-2.6.37/selinux-do-not-compute-transition-labels-on-mountpoint-labeled-filesystems.patch new file mode 100644 index 00000000000..8625a4226bd --- /dev/null +++ b/queue-2.6.37/selinux-do-not-compute-transition-labels-on-mountpoint-labeled-filesystems.patch @@ -0,0 +1,57 @@ +From 415103f9932d45f7927f4b17e3a9a13834cdb9a1 Mon Sep 17 00:00:00 2001 +From: Eric Paris +Date: Thu, 2 Dec 2010 16:13:40 -0500 +Subject: SELinux: do not compute transition labels on mountpoint labeled filesystems + +From: Eric Paris + +commit 415103f9932d45f7927f4b17e3a9a13834cdb9a1 upstream. + +selinux_inode_init_security computes transitions sids even for filesystems +that use mount point labeling. It shouldn't do that. It should just use +the mount point label always and no matter what. + +This causes 2 problems. 1) it makes file creation slower than it needs to be +since we calculate the transition sid and 2) it allows files to be created +with a different label than the mount point! + +# id -Z +staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 +# sesearch --type --class file --source sysadm_t --target tmp_t +Found 1 semantic te rules: + type_transition sysadm_t tmp_t : file user_tmp_t; + +# mount -o loop,context="system_u:object_r:tmp_t:s0" /tmp/fs /mnt/tmp + +# ls -lZ /mnt/tmp +drwx------. root root system_u:object_r:tmp_t:s0 lost+found +# touch /mnt/tmp/file1 +# ls -lZ /mnt/tmp +-rw-r--r--. root root staff_u:object_r:user_tmp_t:s0 file1 +drwx------. root root system_u:object_r:tmp_t:s0 lost+found + +Whoops, we have a mount point labeled filesystem tmp_t with a user_tmp_t +labeled file! + +Signed-off-by: Eric Paris +Reviewed-by: Reviewed-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/hooks.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -2525,7 +2525,10 @@ static int selinux_inode_init_security(s + sid = tsec->sid; + newsid = tsec->create_sid; + +- if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { ++ if ((sbsec->flags & SE_SBINITIALIZED) && ++ (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) ++ newsid = sbsec->mntpoint_sid; ++ else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { + rc = security_transition_sid(sid, dsec->sid, + inode_mode_to_security_class(inode->i_mode), + &newsid); diff --git a/queue-2.6.37/series b/queue-2.6.37/series index 111c3471d68..fefd7885ba6 100644 --- a/queue-2.6.37/series +++ b/queue-2.6.37/series @@ -212,3 +212,17 @@ backlight-fix-88pm860x_bl-macro-collision.patch fs-direct-io.c-don-t-try-to-allocate-more-than-bio_max_pages-in-a-bio.patch kernel-smp.c-fix-smp_call_function_many-smp-race.patch hostap_cs-fix-sleeping-function-called-from-invalid-context.patch +md-fix-regression-with-re-adding-devices-to-arrays-with-no-metadata.patch +md-fix-regression-resulting-in-delays-in-clearing-bits-in-a-bitmap.patch +md-ensure-no-io-request-to-get-md-device-before-it-is-properly-initialised.patch +md-fix-removal-of-extra-drives-when-converting-raid6-to-raid5.patch +pata_mpc52xx-inherit-from-ata_bmdma_port_ops.patch +md_make_request-don-t-touch-the-bio-after-calling-make_request.patch +pm-runtime-don-t-enable-interrupts-while-running-in_interrupt.patch +net-clear-heap-allocation-for-ethtool_get_regs.patch +nilfs2-fix-crash-after-one-superblock-became-unavailable.patch +tpm-fix-panic-caused-by-tpm-autodetect-itpm-devices.patch +tpm-long-default-timeout-fix.patch +tpm_tis-use-timeouts-returned-from-tpm.patch +selinux-define-permissions-for-dcb-netlink-messages.patch +selinux-do-not-compute-transition-labels-on-mountpoint-labeled-filesystems.patch diff --git a/queue-2.6.37/tpm-fix-panic-caused-by-tpm-autodetect-itpm-devices.patch b/queue-2.6.37/tpm-fix-panic-caused-by-tpm-autodetect-itpm-devices.patch new file mode 100644 index 00000000000..699b53db0cd --- /dev/null +++ b/queue-2.6.37/tpm-fix-panic-caused-by-tpm-autodetect-itpm-devices.patch @@ -0,0 +1,48 @@ +From e5cce6c13c25d9ac56955a3ae2fd562719848172 Mon Sep 17 00:00:00 2001 +From: Olof Johansson +Date: Thu, 6 Jan 2011 21:24:01 -0600 +Subject: tpm: fix panic caused by "tpm: Autodetect itpm devices" + +From: Olof Johansson + +commit e5cce6c13c25d9ac56955a3ae2fd562719848172 upstream. + +commit 3f0d3d016d89a5efb8b926d4707eb21fa13f3d27 adds a check for +PNP device id to the common tpm_tis_init() function, which in some +cases (force=1) will be called without the device being a member of +a pnp_dev. Oopsing and panics ensue. + +Move the test up to before the call to tpm_tis_init(), since it +just modifies a global variable anyway. + +Signed-off-by: Olof Johansson +Acked-by: Rajiv Andrade +Signed-off-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tpm/tpm_tis.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/char/tpm/tpm_tis.c ++++ b/drivers/char/tpm/tpm_tis.c +@@ -493,9 +493,6 @@ static int tpm_tis_init(struct device *d + "1.2 TPM (device-id 0x%X, rev-id %d)\n", + vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0))); + +- if (is_itpm(to_pnp_dev(dev))) +- itpm = 1; +- + if (itpm) + dev_info(dev, "Intel iTPM workaround enabled\n"); + +@@ -637,6 +634,9 @@ static int __devinit tpm_tis_pnp_init(st + else + interrupts = 0; + ++ if (is_itpm(pnp_dev)) ++ itpm = 1; ++ + return tpm_tis_init(&pnp_dev->dev, start, len, irq); + } + diff --git a/queue-2.6.37/tpm-long-default-timeout-fix.patch b/queue-2.6.37/tpm-long-default-timeout-fix.patch new file mode 100644 index 00000000000..3b15e1edae3 --- /dev/null +++ b/queue-2.6.37/tpm-long-default-timeout-fix.patch @@ -0,0 +1,46 @@ +From c4ff4b829ef9e6353c0b133b7adb564a68054979 Mon Sep 17 00:00:00 2001 +From: Rajiv Andrade +Date: Fri, 12 Nov 2010 22:30:02 +0100 +Subject: TPM: Long default timeout fix + +From: Rajiv Andrade + +commit c4ff4b829ef9e6353c0b133b7adb564a68054979 upstream. + +If duration variable value is 0 at this point, it's because +chip->vendor.duration wasn't filled by tpm_get_timeouts() yet. +This patch sets then the lowest timeout just to give enough +time for tpm_get_timeouts() to further succeed. + +This fix avoids long boot times in case another entity attempts +to send commands to the TPM when the TPM isn't accessible. + +Signed-off-by: Rajiv Andrade +Signed-off-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tpm/tpm.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/char/tpm/tpm.c ++++ b/drivers/char/tpm/tpm.c +@@ -364,12 +364,14 @@ unsigned long tpm_calc_ordinal_duration( + tpm_protected_ordinal_duration[ordinal & + TPM_PROTECTED_ORDINAL_MASK]; + +- if (duration_idx != TPM_UNDEFINED) ++ if (duration_idx != TPM_UNDEFINED) { + duration = chip->vendor.duration[duration_idx]; +- if (duration <= 0) ++ /* if duration is 0, it's because chip->vendor.duration wasn't */ ++ /* filled yet, so we set the lowest timeout just to give enough */ ++ /* time for tpm_get_timeouts() to succeed */ ++ return (duration <= 0 ? HZ : duration); ++ } else + return 2 * 60 * HZ; +- else +- return duration; + } + EXPORT_SYMBOL_GPL(tpm_calc_ordinal_duration); + diff --git a/queue-2.6.37/tpm_tis-use-timeouts-returned-from-tpm.patch b/queue-2.6.37/tpm_tis-use-timeouts-returned-from-tpm.patch new file mode 100644 index 00000000000..71d1fbfd847 --- /dev/null +++ b/queue-2.6.37/tpm_tis-use-timeouts-returned-from-tpm.patch @@ -0,0 +1,95 @@ +From 9b29050f8f75916f974a2d231ae5d3cd59792296 Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Tue, 11 Jan 2011 14:37:29 -0500 +Subject: tpm_tis: Use timeouts returned from TPM + +From: Stefan Berger + +commit 9b29050f8f75916f974a2d231ae5d3cd59792296 upstream. + +The current TPM TIS driver in git discards the timeout values returned +from the TPM. The check of the response packet needs to consider that +the return_code field is 0 on success and the size of the expected +packet is equivalent to the header size + u32 length indicator for the +TPM_GetCapability() result + 3 timeout indicators of type u32. + +I am also adding a sysfs entry 'timeouts' showing the timeouts that are +being used. + +Signed-off-by: Stefan Berger +Tested-by: Guillaume Chazarain +Signed-off-by: Rajiv Andrade +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tpm/tpm.c | 18 ++++++++++++++++-- + drivers/char/tpm/tpm.h | 2 ++ + drivers/char/tpm/tpm_tis.c | 4 +++- + 3 files changed, 21 insertions(+), 3 deletions(-) + +--- a/drivers/char/tpm/tpm.c ++++ b/drivers/char/tpm/tpm.c +@@ -577,9 +577,11 @@ duration: + if (rc) + return; + +- if (be32_to_cpu(tpm_cmd.header.out.return_code) +- != 3 * sizeof(u32)) ++ if (be32_to_cpu(tpm_cmd.header.out.return_code) != 0 || ++ be32_to_cpu(tpm_cmd.header.out.length) ++ != sizeof(tpm_cmd.header.out) + sizeof(u32) + 3 * sizeof(u32)) + return; ++ + duration_cap = &tpm_cmd.params.getcap_out.cap.duration; + chip->vendor.duration[TPM_SHORT] = + usecs_to_jiffies(be32_to_cpu(duration_cap->tpm_short)); +@@ -923,6 +925,18 @@ ssize_t tpm_show_caps_1_2(struct device + } + EXPORT_SYMBOL_GPL(tpm_show_caps_1_2); + ++ssize_t tpm_show_timeouts(struct device *dev, struct device_attribute *attr, ++ char *buf) ++{ ++ struct tpm_chip *chip = dev_get_drvdata(dev); ++ ++ return sprintf(buf, "%d %d %d\n", ++ jiffies_to_usecs(chip->vendor.duration[TPM_SHORT]), ++ jiffies_to_usecs(chip->vendor.duration[TPM_MEDIUM]), ++ jiffies_to_usecs(chip->vendor.duration[TPM_LONG])); ++} ++EXPORT_SYMBOL_GPL(tpm_show_timeouts); ++ + ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) + { +--- a/drivers/char/tpm/tpm.h ++++ b/drivers/char/tpm/tpm.h +@@ -56,6 +56,8 @@ extern ssize_t tpm_show_owned(struct dev + char *); + extern ssize_t tpm_show_temp_deactivated(struct device *, + struct device_attribute *attr, char *); ++extern ssize_t tpm_show_timeouts(struct device *, ++ struct device_attribute *attr, char *); + + struct tpm_chip; + +--- a/drivers/char/tpm/tpm_tis.c ++++ b/drivers/char/tpm/tpm_tis.c +@@ -376,6 +376,7 @@ static DEVICE_ATTR(temp_deactivated, S_I + NULL); + static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL); + static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel); ++static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL); + + static struct attribute *tis_attrs[] = { + &dev_attr_pubek.attr, +@@ -385,7 +386,8 @@ static struct attribute *tis_attrs[] = { + &dev_attr_owned.attr, + &dev_attr_temp_deactivated.attr, + &dev_attr_caps.attr, +- &dev_attr_cancel.attr, NULL, ++ &dev_attr_cancel.attr, ++ &dev_attr_timeouts.attr, NULL, + }; + + static struct attribute_group tis_attr_grp = { -- 2.47.3