From: Greg Kroah-Hartman Date: Tue, 3 Feb 2009 00:07:45 +0000 (-0800) Subject: .27 patches X-Git-Tag: v2.6.28.3~5 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=09dac3002e01a69dd21ba610fcdef20ffedae427;p=thirdparty%2Fkernel%2Fstable-queue.git .27 patches --- diff --git a/queue-2.6.27/cifs-make-sure-we-allocate-enough-storage-for-socket-address.patch b/queue-2.6.27/cifs-make-sure-we-allocate-enough-storage-for-socket-address.patch new file mode 100644 index 00000000000..d66def9f2a0 --- /dev/null +++ b/queue-2.6.27/cifs-make-sure-we-allocate-enough-storage-for-socket-address.patch @@ -0,0 +1,101 @@ +From jlayton@redhat.com Mon Feb 2 15:10:37 2009 +From: Jeff Layton +Date: Thu, 22 Jan 2009 10:35:13 -0500 +Subject: cifs: make sure we allocate enough storage for socket address +To: stable@kernel.org +Message-ID: <1232638513-9022-1-git-send-email-jlayton@redhat.com> + +From: Jeff Layton + +commit a9ac49d303f967be0dabd97cb722c4a13109c6c2 upstream. + +cifs_mount declares a struct sockaddr on the stack and then casts it +to the proper address type. The storage allocated is fine for ipv4, +but is too small for ipv6 addresses. Declare it as +"struct sockaddr_storage" instead of struct sockaddr". + +This bug was manifesting itself as oopses and address corruption when +mounting IPv6 addresses. + +Signed-off-by: Jeff Layton +Tested-by: Stefan Bader +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/connect.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -1349,7 +1349,7 @@ cifs_parse_mount_options(char *options, + } + + static struct TCP_Server_Info * +-cifs_find_tcp_session(struct sockaddr *addr) ++cifs_find_tcp_session(struct sockaddr_storage *addr) + { + struct list_head *tmp; + struct TCP_Server_Info *server; +@@ -1369,11 +1369,11 @@ cifs_find_tcp_session(struct sockaddr *a + if (server->tcpStatus == CifsNew) + continue; + +- if (addr->sa_family == AF_INET && ++ if (addr->ss_family == AF_INET && + (addr4->sin_addr.s_addr != + server->addr.sockAddr.sin_addr.s_addr)) + continue; +- else if (addr->sa_family == AF_INET6 && ++ else if (addr->ss_family == AF_INET6 && + memcmp(&server->addr.sockAddr6.sin6_addr, + &addr6->sin6_addr, sizeof(addr6->sin6_addr))) + continue; +@@ -2027,7 +2027,7 @@ cifs_mount(struct super_block *sb, struc + int rc = 0; + int xid; + struct socket *csocket = NULL; +- struct sockaddr addr; ++ struct sockaddr_storage addr; + struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr; + struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr; + struct smb_vol volume_info; +@@ -2039,7 +2039,7 @@ cifs_mount(struct super_block *sb, struc + + /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */ + +- memset(&addr, 0, sizeof(struct sockaddr)); ++ memset(&addr, 0, sizeof(struct sockaddr_storage)); + memset(&volume_info, 0, sizeof(struct smb_vol)); + if (cifs_parse_mount_options(mount_data, devname, &volume_info)) { + rc = -EINVAL; +@@ -2069,9 +2069,9 @@ cifs_mount(struct super_block *sb, struc + rc = cifs_inet_pton(AF_INET6, volume_info.UNCip, + &sin_server6->sin6_addr.in6_u); + if (rc > 0) +- addr.sa_family = AF_INET6; ++ addr.ss_family = AF_INET6; + } else { +- addr.sa_family = AF_INET; ++ addr.ss_family = AF_INET; + } + + if (rc <= 0) { +@@ -2113,7 +2113,7 @@ cifs_mount(struct super_block *sb, struc + + srvTcp = cifs_find_tcp_session(&addr); + if (!srvTcp) { /* create socket */ +- if (addr.sa_family == AF_INET6) { ++ if (addr.ss_family == AF_INET6) { + cFYI(1, ("attempting ipv6 connect")); + /* BB should we allow ipv6 on port 139? */ + /* other OS never observed in Wild doing 139 with v6 */ +@@ -2144,7 +2144,7 @@ cifs_mount(struct super_block *sb, struc + } else { + srvTcp->noblocksnd = volume_info.noblocksnd; + srvTcp->noautotune = volume_info.noautotune; +- if (addr.sa_family == AF_INET6) ++ if (addr.ss_family == AF_INET6) + memcpy(&srvTcp->addr.sockAddr6, sin_server6, + sizeof(struct sockaddr_in6)); + else diff --git a/queue-2.6.27/ixgb-fix-bug-when-freeing-resources.patch b/queue-2.6.27/ixgb-fix-bug-when-freeing-resources.patch new file mode 100644 index 00000000000..e732fc332b4 --- /dev/null +++ b/queue-2.6.27/ixgb-fix-bug-when-freeing-resources.patch @@ -0,0 +1,50 @@ +From 23e55a32ca1ffdbe7a492ef99f0e0ac48e504a13 Mon Sep 17 00:00:00 2001 +From: Brandeburg, Jesse +Date: Tue, 30 Sep 2008 13:08:48 +0000 +Subject: ixgb: fix bug when freeing resources + +From: Brandeburg, Jesse + +commit 23e55a32ca1ffdbe7a492ef99f0e0ac48e504a13 upstream. + +It was pointed out by Breno Leitao that +ixgb would crash on PPC when an IOMMU was in use, if change_mtu was +called. + +It appears to be a pretty simple issue in the driver that wasn't discovered +because most systems don't run with an IOMMU. The driver needs to only unmap +buffers that are mapped (duh). + +CC: Breno Leitao + +Signed-off-by: Jesse Brandeburg +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ixgb/ixgb_main.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/drivers/net/ixgb/ixgb_main.c ++++ b/drivers/net/ixgb/ixgb_main.c +@@ -977,15 +977,17 @@ ixgb_clean_rx_ring(struct ixgb_adapter * + + for (i = 0; i < rx_ring->count; i++) { + buffer_info = &rx_ring->buffer_info[i]; +- if (buffer_info->skb) { +- ++ if (buffer_info->dma) { + pci_unmap_single(pdev, + buffer_info->dma, + buffer_info->length, + PCI_DMA_FROMDEVICE); ++ buffer_info->dma = 0; ++ buffer_info->length = 0; ++ } + ++ if (buffer_info->skb) { + dev_kfree_skb(buffer_info->skb); +- + buffer_info->skb = NULL; + } + } diff --git a/queue-2.6.27/m68knommu-set-no_dma.patch b/queue-2.6.27/m68knommu-set-no_dma.patch new file mode 100644 index 00000000000..c0c36389584 --- /dev/null +++ b/queue-2.6.27/m68knommu-set-no_dma.patch @@ -0,0 +1,57 @@ +From e0212e72186e855027dd35b37e9d7a99a078448c Mon Sep 17 00:00:00 2001 +From: Adrian Bunk +Date: Wed, 29 Oct 2008 12:15:47 +0200 +Subject: m68knommu: set NO_DMA + +From: Adrian Bunk + +commit e0212e72186e855027dd35b37e9d7a99a078448c upstream. + +m68knommu does not set the Kconfig NO_DMA variable, but also does +not provide the required functions, resulting in the following +build error triggered by commit a40c24a13366e324bc0ff8c3bb107db89312c984 +(net: Add SKB DMA mapping helper functions.): + +<-- snip --> + +.. + LD vmlinux +net/built-in.o: In function `skb_dma_unmap': +(.text+0xac5e): undefined reference to `dma_unmap_single' +net/built-in.o: In function `skb_dma_unmap': +(.text+0xac7a): undefined reference to `dma_unmap_page' +net/built-in.o: In function `skb_dma_map': +(.text+0xacdc): undefined reference to `dma_map_single' +net/built-in.o: In function `skb_dma_map': +(.text+0xace8): undefined reference to `dma_mapping_error' +net/built-in.o: In function `skb_dma_map': +(.text+0xad10): undefined reference to `dma_map_page' +net/built-in.o: In function `skb_dma_map': +(.text+0xad82): undefined reference to `dma_unmap_page' +net/built-in.o: In function `skb_dma_map': +(.text+0xadc6): undefined reference to `dma_unmap_single' +make[1]: *** [vmlinux] Error 1 + +<-- snip --> + +Signed-off-by: Adrian Bunk +Signed-off-by: Greg Ungerer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/m68knommu/Kconfig | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/m68knommu/Kconfig ++++ b/arch/m68knommu/Kconfig +@@ -14,6 +14,10 @@ config MMU + bool + default n + ++config NO_DMA ++ bool ++ default y ++ + config FPU + bool + default n diff --git a/queue-2.6.27/sata_mv-fix-8-port-timeouts-on-508x-6081-chips.patch b/queue-2.6.27/sata_mv-fix-8-port-timeouts-on-508x-6081-chips.patch new file mode 100644 index 00000000000..73fd081562a --- /dev/null +++ b/queue-2.6.27/sata_mv-fix-8-port-timeouts-on-508x-6081-chips.patch @@ -0,0 +1,33 @@ +From b0bccb18bc523d1d5060d25958f12438062829a9 Mon Sep 17 00:00:00 2001 +From: Mark Lord +Date: Mon, 19 Jan 2009 18:04:37 -0500 +Subject: sata_mv: fix 8-port timeouts on 508x/6081 chips + +From: Mark Lord + +commit b0bccb18bc523d1d5060d25958f12438062829a9 upstream. + +Fix a longstanding bug for the 8-port Marvell Sata controllers (508x/6081), +where accesses to the upper 4 ports would cause lost-interrupts / timeouts +for the lower 4-ports. With this patch, the 6081 boards should finally be +reliable enough for mainstream use with Linux. + +Signed-off-by: Mark Lord +Signed-off-by: Jeff Garzik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/sata_mv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/ata/sata_mv.c ++++ b/drivers/ata/sata_mv.c +@@ -883,7 +883,7 @@ static void mv_start_dma(struct ata_port + struct mv_host_priv *hpriv = ap->host->private_data; + int hardport = mv_hardport_from_port(ap->port_no); + void __iomem *hc_mmio = mv_hc_base_from_port( +- mv_host_base(ap->host), hardport); ++ mv_host_base(ap->host), ap->port_no); + u32 hc_irq_cause, ipending; + + /* clear EDMA event indicators, if any */ diff --git a/queue-2.6.27/series b/queue-2.6.27/series new file mode 100644 index 00000000000..2cd432c378f --- /dev/null +++ b/queue-2.6.27/series @@ -0,0 +1,5 @@ +cifs-make-sure-we-allocate-enough-storage-for-socket-address.patch +ixgb-fix-bug-when-freeing-resources.patch +m68knommu-set-no_dma.patch +sata_mv-fix-8-port-timeouts-on-508x-6081-chips.patch +x86-use-early-clobbers-in-usercopy-.c.patch diff --git a/queue-2.6.27/x86-use-early-clobbers-in-usercopy-.c.patch b/queue-2.6.27/x86-use-early-clobbers-in-usercopy-.c.patch new file mode 100644 index 00000000000..5de51ee1837 --- /dev/null +++ b/queue-2.6.27/x86-use-early-clobbers-in-usercopy-.c.patch @@ -0,0 +1,104 @@ +From e0a96129db574d6365e3439d16d88517c437ab33 Mon Sep 17 00:00:00 2001 +From: Andi Kleen +Date: Fri, 16 Jan 2009 15:22:11 +0100 +Subject: x86: use early clobbers in usercopy*.c + +From: Andi Kleen + +commit e0a96129db574d6365e3439d16d88517c437ab33 upstream. + +Impact: fix rare (but currently harmless) miscompile with certain configs and gcc versions + +Hugh Dickins noticed that strncpy_from_user() was miscompiled +in some circumstances with gcc 4.3. + +Thanks to Hugh's excellent analysis it was easy to track down. + +Hugh writes: + +> Try building an x86_64 defconfig 2.6.29-rc1 kernel tree, +> except not quite defconfig, switch CONFIG_PREEMPT_NONE=y +> and CONFIG_PREEMPT_VOLUNTARY off (because it expands a +> might_fault() there, which hides the issue): using a +> gcc 4.3.2 (I've checked both openSUSE 11.1 and Fedora 10). +> +> It generates the following: +> +> 0000000000000000 <__strncpy_from_user>: +> 0: 48 89 d1 mov %rdx,%rcx +> 3: 48 85 c9 test %rcx,%rcx +> 6: 74 0e je 16 <__strncpy_from_user+0x16> +> 8: ac lods %ds:(%rsi),%al +> 9: aa stos %al,%es:(%rdi) +> a: 84 c0 test %al,%al +> c: 74 05 je 13 <__strncpy_from_user+0x13> +> e: 48 ff c9 dec %rcx +> 11: 75 f5 jne 8 <__strncpy_from_user+0x8> +> 13: 48 29 c9 sub %rcx,%rcx +> 16: 48 89 c8 mov %rcx,%rax +> 19: c3 retq +> +> Observe that "sub %rcx,%rcx; mov %rcx,%rax", whereas gcc 4.2.1 +> (and many other configs) say "sub %rcx,%rdx; mov %rdx,%rax". +> Isn't it returning 0 when it ought to be returning strlen? + +The asm constraints for the strncpy_from_user() result were missing an +early clobber, which tells gcc that the last output arguments +are written before all input arguments are read. + +Also add more early clobbers in the rest of the file and fix 32-bit +usercopy.c in the same way. + +Signed-off-by: Andi Kleen +Signed-off-by: H. Peter Anvin +[ since this API is rarely used and no in-kernel user relies on a 'len' + return value (they only rely on negative return values) this miscompile + was never noticed in the field. But it's worth fixing it nevertheless. ] +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/lib/usercopy_32.c | 4 ++-- + arch/x86/lib/usercopy_64.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/x86/lib/usercopy_32.c ++++ b/arch/x86/lib/usercopy_32.c +@@ -49,7 +49,7 @@ do { \ + " jmp 2b\n" \ + ".previous\n" \ + _ASM_EXTABLE(0b,3b) \ +- : "=d"(res), "=c"(count), "=&a" (__d0), "=&S" (__d1), \ ++ : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \ + "=&D" (__d2) \ + : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \ + : "memory"); \ +@@ -211,7 +211,7 @@ long strnlen_user(const char __user *s, + " .align 4\n" + " .long 0b,2b\n" + ".previous" +- :"=r" (n), "=D" (s), "=a" (res), "=c" (tmp) ++ :"=&r" (n), "=&D" (s), "=&a" (res), "=&c" (tmp) + :"0" (n), "1" (s), "2" (0), "3" (mask) + :"cc"); + return res & mask; +--- a/arch/x86/lib/usercopy_64.c ++++ b/arch/x86/lib/usercopy_64.c +@@ -32,7 +32,7 @@ do { \ + " jmp 2b\n" \ + ".previous\n" \ + _ASM_EXTABLE(0b,3b) \ +- : "=r"(res), "=c"(count), "=&a" (__d0), "=&S" (__d1), \ ++ : "=&r"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \ + "=&D" (__d2) \ + : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \ + : "memory"); \ +@@ -86,7 +86,7 @@ unsigned long __clear_user(void __user * + ".previous\n" + _ASM_EXTABLE(0b,3b) + _ASM_EXTABLE(1b,2b) +- : [size8] "=c"(size), [dst] "=&D" (__d0) ++ : [size8] "=&c"(size), [dst] "=&D" (__d0) + : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(addr), + [zero] "r" (0UL), [eight] "r" (8UL)); + return size;