r4404 - dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches

Tue Oct 11 10:26:47 UTC 2005

Author: horms
Date: 2005-10-11 10:26:46 +0000 (Tue, 11 Oct 2005)
New Revision: 4404

Added:
   dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch
   dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch
   dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch
   dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch
Log:
add missing patches

Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch
===================================================================

--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch	2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fix-sparc64-fpu-register-corruption.dpatch	2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,189 @@
+From stable-bounces at linux.kernel.org  Fri Oct  7 13:41:25 2005
+Date: Fri, 07 Oct 2005 13:41:17 -0700 (PDT)
+To: stable at kernel.org
+From: "David S. Miller" <davem at davemloft.net>
+Cc: 
+Subject: [SPARC64]: Fix userland FPU state corruption.
+
+We need to use stricter memory barriers around the block
+load and store instructions we use to save and restore the
+FPU register file.
+
+Signed-off-by: David S. Miller <davem at davemloft.net>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ arch/sparc64/kernel/entry.S |   39 +++++++++++++++++++++------------------
+ arch/sparc64/kernel/rtrap.S |    7 ++++---
+ arch/sparc64/lib/VISsave.S  |    8 +++++---
+ 3 files changed, 30 insertions(+), 24 deletions(-)
+
+Backported to Debian's 2.6.8 by Horms
+
+--- from-0001/arch/sparc64/kernel/entry.S
++++ to-work/arch/sparc64/kernel/entry.S	2005-10-11 18:42:25.000000000 +0900
+@@ -135,7 +135,7 @@ vmalloc_addr:						! vmalloc addr access
+ 	/* This is trivial with the new code... */
+ 	.globl		do_fpdis
+ do_fpdis:
+-	sethi		%hi(TSTATE_PEF), %g4					! IEU0
++	sethi		%hi(TSTATE_PEF), %g4
+ 	rdpr		%tstate, %g5
+ 	andcc		%g5, %g4, %g0
+ 	be,pt		%xcc, 1f
+@@ -152,18 +152,18 @@ do_fpdis:
+ 	add		%g0, %g0, %g0
+ 	ba,a,pt		%xcc, rtrap_clr_l6
+ 
+-1:	ldub		[%g6 + TI_FPSAVED], %g5					! Load	Group
+-	wr		%g0, FPRS_FEF, %fprs					! LSU	Group+4bubbles
+-	andcc		%g5, FPRS_FEF, %g0					! IEU1	Group
+-	be,a,pt		%icc, 1f						! CTI
+-	 clr		%g7							! IEU0
+-	ldx		[%g6 + TI_GSR], %g7					! Load	Group
+-1:	andcc		%g5, FPRS_DL, %g0					! IEU1
+-	bne,pn		%icc, 2f						! CTI
+-	 fzero		%f0							! FPA
+-	andcc		%g5, FPRS_DU, %g0					! IEU1  Group
+-	bne,pn		%icc, 1f						! CTI
+-	 fzero		%f2							! FPA
++1:	ldub		[%g6 + TI_FPSAVED], %g5
++	wr		%g0, FPRS_FEF, %fprs
++	andcc		%g5, FPRS_FEF, %g0
++	be,a,pt		%icc, 1f
++	 clr		%g7
++	ldx		[%g6 + TI_GSR], %g7
++1:	andcc		%g5, FPRS_DL, %g0
++	bne,pn		%icc, 2f
++	 fzero		%f0
++	andcc		%g5, FPRS_DU, %g0
++	bne,pn		%icc, 1f
++	 fzero		%f2
+ 	faddd		%f0, %f2, %f4
+ 	fmuld		%f0, %f2, %f6
+ 	faddd		%f0, %f2, %f8
+@@ -204,8 +204,10 @@ do_fpdis:
+ 	membar		#Sync
+ 	faddd		%f0, %f2, %f8
+ 	fmuld		%f0, %f2, %f10
+-	ldda		[%g1] ASI_BLK_S, %f32	! grrr, where is ASI_BLK_NUCLEUS 8-(
++	membar		#Sync
++	ldda		[%g1] ASI_BLK_S, %f32
+ 	ldda		[%g2] ASI_BLK_S, %f48
++	membar		#Sync
+ 	faddd		%f0, %f2, %f12
+ 	fmuld		%f0, %f2, %f14
+ 	faddd		%f0, %f2, %f16
+@@ -217,7 +219,6 @@ do_fpdis:
+ 	faddd		%f0, %f2, %f28
+ 	fmuld		%f0, %f2, %f30
+ 	b,pt		%xcc, fpdis_exit
+-	 membar		#Sync
+ 2:	andcc		%g5, FPRS_DU, %g0
+ 	bne,pt		%icc, 3f
+ 	 fzero		%f32
+@@ -230,8 +231,10 @@ do_fpdis:
+ 	add		%g6, TI_FPREGS + 0x40, %g2
+ 	faddd		%f32, %f34, %f36
+ 	fmuld		%f32, %f34, %f38
+-	ldda		[%g1] ASI_BLK_S, %f0	! grrr, where is ASI_BLK_NUCLEUS 8-(
++	membar		#Sync
++	ldda		[%g1] ASI_BLK_S, %f0
+ 	ldda		[%g2] ASI_BLK_S, %f16
++	membar		#Sync
+ 	faddd		%f32, %f34, %f40
+ 	fmuld		%f32, %f34, %f42
+ 	faddd		%f32, %f34, %f44
+@@ -245,14 +248,13 @@ do_fpdis:
+ 	faddd		%f32, %f34, %f60
+ 	fmuld		%f32, %f34, %f62
+ 	ba,pt		%xcc, fpdis_exit
+-	 membar		#Sync
+ 3:	mov		SECONDARY_CONTEXT, %g3
+ 	add		%g6, TI_FPREGS, %g1
+ 	ldxa		[%g3] ASI_DMMU, %g5
+ 	mov		0x40, %g2
+ 	stxa		%g0, [%g3] ASI_DMMU
+ 	membar		#Sync
+-	ldda		[%g1] ASI_BLK_S, %f0		! grrr, where is ASI_BLK_NUCLEUS 8-(
++	ldda		[%g1] ASI_BLK_S, %f0
+ 	ldda		[%g1 + %g2] ASI_BLK_S, %f16
+ 	add		%g1, 0x80, %g1
+ 	ldda		[%g1] ASI_BLK_S, %f32
+--- from-0001/arch/sparc64/kernel/rtrap.S
++++ to-work/arch/sparc64/kernel/rtrap.S	2005-10-11 18:45:26.000000000 +0900
+@@ -303,18 +303,20 @@ kern_fpucheck:	ldub			[%g6 + TI_FPDEPTH]
+ 		wr			%g5, FPRS_FEF, %fprs
+ 		ldx			[%o1 + %o5], %g5
+ 		add			%g6, TI_XFSR, %o1
+-		membar			#StoreLoad | #LoadLoad
+ 		sll			%o0, 8, %o2
+ 		add			%g6, TI_FPREGS, %o3
+ 		brz,pn			%l6, 1f
+ 		 add			%g6, TI_FPREGS+0x40, %o4
+ 
++		membar			#Sync
+ 		ldda			[%o3 + %o2] ASI_BLK_P, %f0
+ 		ldda			[%o4 + %o2] ASI_BLK_P, %f16
++		membar			#Sync
+ 1:		andcc			%l2, FPRS_DU, %g0
+ 		be,pn			%icc, 1f
+ 		 wr			%g5, 0, %gsr
+ 		add			%o2, 0x80, %o2
++		membar			#Sync
+ 		ldda			[%o3 + %o2] ASI_BLK_P, %f32
+ 		ldda			[%o4 + %o2] ASI_BLK_P, %f48
+ 
+@@ -324,11 +326,11 @@ kern_fpucheck:	ldub			[%g6 + TI_FPDEPTH]
+ 		ba,pt			%xcc, rt_continue
+ 		 nop
+ 5:		wr			%g0, FPRS_FEF, %fprs
+-		membar			#StoreLoad | #LoadLoad
+ 		sll			%o0, 8, %o2
+ 
+ 		add			%g6, TI_FPREGS+0x80, %o3
+ 		add			%g6, TI_FPREGS+0xc0, %o4
++		membar			#Sync
+ 		ldda			[%o3 + %o2] ASI_BLK_P, %f32
+ 		ldda			[%o4 + %o2] ASI_BLK_P, %f48
+ 		membar			#Sync
+--- from-0001/arch/sparc64/lib/VISsave.S
++++ to-work/arch/sparc64/lib/VISsave.S	2005-10-11 18:32:00.000000000 +0900
+@@ -59,15 +59,17 @@ vis1:	ldub		[%g6 + TI_FPSAVED], %g3
+ 	be,pn		%icc, 9b
+ 	 add		%g6, TI_FPREGS, %g2
+ 	andcc		%o5, FPRS_DL, %g0
+-	membar		#StoreStore | #LoadStore
+ 
+ 	be,pn		%icc, 4f
+ 	 add		%g6, TI_FPREGS+0x40, %g3
++	membar		#Sync
+ 	stda		%f0, [%g2 + %g1] ASI_BLK_P
+ 	stda		%f16, [%g3 + %g1] ASI_BLK_P
++	membar		#Sync
+ 	andcc		%o5, FPRS_DU, %g0
+ 	be,pn		%icc, 5f
+ 4:	 add		%g1, 128, %g1
++	membar		#Sync
+ 	stda		%f32, [%g2 + %g1] ASI_BLK_P
+ 
+ 	stda		%f48, [%g3 + %g1] ASI_BLK_P
+@@ -83,7 +85,7 @@ vis1:	ldub		[%g6 + TI_FPSAVED], %g3
+ 	sll		%g1, 5, %g1
+ 	add		%g6, TI_FPREGS+0xc0, %g3
+ 	wr		%g0, FPRS_FEF, %fprs
+-	membar		#StoreStore | #LoadStore
++	membar		#Sync
+ 	stda		%f32, [%g2 + %g1] ASI_BLK_P
+ 	stda		%f48, [%g3 + %g1] ASI_BLK_P
+ 	membar		#Sync
+@@ -121,8 +123,8 @@ VISenterhalf:
+ 	be,pn		%icc, 4f
+ 	 add		%g6, TI_FPREGS, %g2
+ 
+-	membar		#StoreStore | #LoadStore
+ 	add		%g6, TI_FPREGS+0x40, %g3
++	membar		#Sync
+ 	stda		%f0, [%g2 + %g1] ASI_BLK_P
+ 	stda		%f16, [%g3 + %g1] ASI_BLK_P
+ 	membar		#Sync

Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch	2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ieee1394-sbp2-fixes-for-hot-unplug-and-module-unloading.dpatch	2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,130 @@
+From stable-bounces at linux.kernel.org  Sat Oct  1 10:58:10 2005
+Date: Sat, 1 Oct 2005 19:57:47 +0200 (CEST)
+From: Stefan Richter <stefanr at s5r6.in-berlin.de>
+Subject: [PATCH] ieee1394/sbp2: fixes for hot-unplug and module unloading
+To: stable at kernel.org
+Cc: chrisw at osdl.org, bcollins at debian.org, greg at kroah.com
+
+Fixes for reference counting problems, deadlocks, and delays when SBP-2 devices
+are unplugged or unbound from sbp2, or when unloading of sbp2/ ohci1394/ pcilynx
+is attempted.
+
+Most often reported symptoms were hotplugs remaining undetected once a FireWire
+disk was unplugged since the knodemgrd kernel thread went to uninterruptible
+sleep, and "modprobe -r sbp2" being unable to complete because still being in
+use.
+
+Patch is equivalent to commit abd559b1052e28d8b9c28aabde241f18fa89090b in
+2.6.14-rc3 plus a fix which is necessary together with 2.6.13's scsi core API
+(linux1394.org commit r1308 by Ben Collins).
+
+Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
+Cc: Ben Collins <bcollins at debian.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ drivers/ieee1394/sbp2.c |   38 +++++++++++++++++++++++++++++++++++---
+ 1 file changed, 35 insertions(+), 3 deletions(-)
+
+--- linux-2.6.13.y.orig/drivers/ieee1394/sbp2.c
++++ linux-2.6.13.y/drivers/ieee1394/sbp2.c
+@@ -596,6 +596,11 @@ static void sbp2util_mark_command_comple
+ 	spin_unlock_irqrestore(&scsi_id->sbp2_command_orb_lock, flags);
+ }
+ 
++static inline int sbp2util_node_is_available(struct scsi_id_instance_data *scsi_id)
++{
++	return scsi_id && scsi_id->ne && !scsi_id->ne->in_limbo;
++}
++
+ 
+ 
+ /*********************************************
+@@ -631,11 +636,23 @@ static int sbp2_remove(struct device *de
+ {
+ 	struct unit_directory *ud;
+ 	struct scsi_id_instance_data *scsi_id;
++	struct scsi_device *sdev;
+ 
+ 	SBP2_DEBUG("sbp2_remove");
+ 
+ 	ud = container_of(dev, struct unit_directory, device);
+ 	scsi_id = ud->device.driver_data;
++	if (!scsi_id)
++		return 0;
++
++	/* Trigger shutdown functions in scsi's highlevel. */
++	if (scsi_id->scsi_host)
++		scsi_unblock_requests(scsi_id->scsi_host);
++	sdev = scsi_id->sdev;
++	if (sdev) {
++		scsi_id->sdev = NULL;
++		scsi_remove_device(sdev);
++	}
+ 
+ 	sbp2_logout_device(scsi_id);
+ 	sbp2_remove_device(scsi_id);
+@@ -944,6 +961,7 @@ alloc_fail:
+ 		SBP2_ERR("scsi_add_device failed");
+ 		return PTR_ERR(sdev);
+ 	}
++	scsi_device_put(sdev);
+ 
+ 	return 0;
+ }
+@@ -2480,7 +2498,7 @@ static int sbp2scsi_queuecommand(struct 
+ 	 * If scsi_id is null, it means there is no device in this slot,
+ 	 * so we should return selection timeout.
+ 	 */
+-	if (!scsi_id) {
++	if (!sbp2util_node_is_available(scsi_id)) {
+ 		SCpnt->result = DID_NO_CONNECT << 16;
+ 		done (SCpnt);
+ 		return 0;
+@@ -2683,6 +2701,18 @@ static void sbp2scsi_complete_command(st
+ }
+ 
+ 
++static int sbp2scsi_slave_alloc(struct scsi_device *sdev)
++{
++	((struct scsi_id_instance_data *)sdev->host->hostdata[0])->sdev = sdev;
++	return 0;
++}
++
++static void sbp2scsi_slave_destroy(struct scsi_device *sdev)
++{
++	((struct scsi_id_instance_data *)sdev->host->hostdata[0])->sdev = NULL;
++	return;
++}
++
+ static int sbp2scsi_slave_configure (struct scsi_device *sdev)
+ {
+ 	blk_queue_dma_alignment(sdev->request_queue, (512 - 1));
+@@ -2705,7 +2735,7 @@ static int sbp2scsi_abort(struct scsi_cm
+ 	SBP2_ERR("aborting sbp2 command");
+ 	scsi_print_command(SCpnt);
+ 
+-	if (scsi_id) {
++	if (sbp2util_node_is_available(scsi_id)) {
+ 
+ 		/*
+ 		 * Right now, just return any matching command structures
+@@ -2749,7 +2779,7 @@ static int __sbp2scsi_reset(struct scsi_
+ 
+ 	SBP2_ERR("reset requested");
+ 
+-	if (scsi_id) {
++	if (sbp2util_node_is_available(scsi_id)) {
+ 		SBP2_ERR("Generating sbp2 fetch agent reset");
+ 		sbp2_agent_reset(scsi_id, 0);
+ 	}
+@@ -2817,7 +2847,9 @@ static struct scsi_host_template scsi_dr
+ 	.eh_device_reset_handler =	sbp2scsi_reset,
+ 	.eh_bus_reset_handler =		sbp2scsi_reset,
+ 	.eh_host_reset_handler =	sbp2scsi_reset,
++	.slave_alloc =			sbp2scsi_slave_alloc,
+ 	.slave_configure =		sbp2scsi_slave_configure,
++	.slave_destroy =		sbp2scsi_slave_destroy,
+ 	.this_id =			-1,
+ 	.sg_tablesize =			SG_ALL,
+ 	.use_clustering =		ENABLE_CLUSTERING,

Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch	2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/orinoco-info-leak.dpatch	2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,52 @@
+From stable-bounces at linux.kernel.org  Tue Oct  4 20:36:20 2005
+Date: Tue, 04 Oct 2005 21:33:10 -0400
+From: Pavel Roskin <proski at gnu.org>
+To: orinoco-devel <orinoco-devel at lists.sourceforge.net>, NetDev <netdev at vger.kernel.org>
+Cc: Meder Kydyraliev <meder at o0o.nu>
+Subject: [PATCH] orinoco: Information leakage due to incorrect padding
+
+The orinoco driver can send uninitialized data exposing random pieces of
+the system memory.  This happens because data is not padded with zeroes
+when its length needs to be increased.
+
+Reported by Meder Kydyraliev <meder at o0o.nu>
+
+Signed-off-by: Pavel Roskin <proski at gnu.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ drivers/net/wireless/orinoco.c |   14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+Backported to Debian's 2.6.8 by Horms
+
+--- from-0001/drivers/net/wireless/orinoco.c
++++ to-0003/drivers/net/wireless/orinoco.c	2005-10-11 15:26:22.000000000 +0900
+@@ -2358,9 +2358,14 @@ orinoco_xmit(struct sk_buff *skb, struct
+ 		return 0;
+ 	}
+ 
+-	/* Length of the packet body */
+-	/* FIXME: what if the skb is smaller than this? */
+-	len = max_t(int,skb->len - ETH_HLEN, ETH_ZLEN - ETH_HLEN);
++	/* Check packet length, pad short packets, round up odd length */
++	len = max_t(int, ALIGN(skb->len, 2), ETH_ZLEN);
++	if (skb->len < len) {
++		skb = skb_padto(skb, len);
++		if (skb == NULL)
++			goto fail;
++	}
++	len -= ETH_HLEN;
+ 
+ 	eh = (struct ethhdr *)skb->data;
+ 
+@@ -2411,7 +2416,8 @@ orinoco_xmit(struct sk_buff *skb, struct
+ 	}
+ 
+ 	/* Round up for odd length packets */
+-	err = hermes_bap_pwrite(hw, USER_BAP, p, RUP_EVEN(data_len), txfid, data_off);
++	err = hermes_bap_pwrite(hw, USER_BAP, p, data_len,
++				txfid, data_off);
+ 	if (err) {
+ 		printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
+ 		       dev->name, err);

Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch	2005-10-11 10:22:31 UTC (rev 4403)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/plug-names_cache-memleak.dpatch	2005-10-11 10:26:46 UTC (rev 4404)
@@ -0,0 +1,51 @@
+From: Linus Torvalds <torvalds at osdl.org>
+Date: Fri, 7 Oct 2005 04:54:21 +0000 (-0700)
+Subject: [PATCH] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
+
+Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
+
+The nameidata "last.name" is always allocated with "__getname()", and
+should always be free'd with "__putname()".
+
+Using "putname()" without the underscores will leak memory, because the
+allocation will have been hidden from the AUDITSYSCALL code.
+
+Arguably the real bug is that the AUDITSYSCALL code is really broken,
+but in the meantime this fixes the problem people see.
+
+Reported by Robert Derr, patch by Rick Lindsley.
+
+Acked-by: Al Viro <viro at ftp.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+Signed-off-by: Chris Wright <chrisw at osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+---
+ fs/namei.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Backported to Debian's 2.6.8 by Horms
+
+--- from-0001/fs/namei.c
++++ to-work/fs/namei.c	2005-10-11 18:21:45.000000000 +0900
+@@ -1469,18 +1469,18 @@ do_link:
+ 	if (nd->last_type != LAST_NORM)
+ 		goto exit;
+ 	if (nd->last.name[nd->last.len]) {
+-		putname(nd->last.name);
++		__putname(nd->last.name);
+ 		goto exit;
+ 	}
+ 	error = -ELOOP;
+ 	if (count++==32) {
+-		putname(nd->last.name);
++		__putname(nd->last.name);
+ 		goto exit;
+ 	}
+ 	dir = nd->dentry;
+ 	down(&dir->d_inode->i_sem);
+ 	dentry = __lookup_hash(&nd->last, nd->dentry, nd);
+-	putname(nd->last.name);
++	__putname(nd->last.name);
+ 	goto do_last;
+ }
+ 


