rpms/kernel/F-9 linux-2.6.27.5-stable-queue-reverts.patch, NONE, 1.1 linux-2.6.27.5-stable-queue.patch, NONE, 1.1 kernel.spec, 1.836, 1.837
Chuck Ebbert
cebbert at fedoraproject.org
Tue Nov 4 23:45:10 UTC 2008
- Previous message: rpms/python-fedora/F-9 .cvsignore, 1.20, 1.21 python-fedora.spec, 1.24, 1.25 sources, 1.22, 1.23
- Next message: rpms/kernel/F-8 linux-2.6-libata-avoid-overflow-with-large-disks.patch, NONE, 1.1 kernel.spec, 1.564, 1.565
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1392
Modified Files:
kernel.spec
Added Files:
linux-2.6.27.5-stable-queue-reverts.patch
linux-2.6.27.5-stable-queue.patch
Log Message:
2.6.27.5-stable queue (57 patches)
linux-2.6.27.5-stable-queue-reverts.patch:
--- NEW FILE linux-2.6.27.5-stable-queue-reverts.patch ---
Revert these patches from the stable queue:
firewire-fix-ioctl-return-code.patch
firewire-fix-setting-tag-and-sy-in-iso-transmission.patch
firewire-fix-struct-fw_node-memory-leak.patch
firewire-fw-sbp2-delay-first-login-to-avoid-retries.patch
firewire-fw-sbp2-fix-races.patch
firewire-survive-more-than-256-bus-resets.patch
>From stefanr at s5r6.in-berlin.de Tue Nov 4 13:55:39 2008
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
Date: Mon, 27 Oct 2008 23:26:35 +0100 (CET)
Subject: firewire: fix ioctl() return code
To: stable at kernel.org
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.509dbd5216c80cfd at s5r6.in-berlin.de>
Content-Disposition: INLINE
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
commit 99692f71ee04c6f249d0bf6a581359f32f409a38 upstream
Reported by Jay Fenlason: ioctl() did not return as intended
- the size of data read into ioctl_send_request,
- the number of datagrams enqueued by ioctl_queue_iso.
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/firewire/fw-cdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -913,7 +913,7 @@ dispatch_ioctl(struct client *client, un
return -EFAULT;
}
- return 0;
+ return retval;
}
static long
>From stefanr at s5r6.in-berlin.de Tue Nov 4 13:54:50 2008
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
Date: Mon, 27 Oct 2008 23:26:00 +0100 (CET)
Subject: firewire: fix setting tag and sy in iso transmission
To: stable at kernel.org
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.c6c9e197bd5d3af2 at s5r6.in-berlin.de>
Content-Disposition: INLINE
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
commit 7a1003449c693f0d57443c8786bbf19717921ae0 upstream
Reported by Jay Fenlason:
The iso packet control accessors in fw-cdev.c had bogus masks.
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/firewire/fw-cdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -720,8 +720,8 @@ static int ioctl_create_iso_context(stru
#define GET_PAYLOAD_LENGTH(v) ((v) & 0xffff)
#define GET_INTERRUPT(v) (((v) >> 16) & 0x01)
#define GET_SKIP(v) (((v) >> 17) & 0x01)
-#define GET_TAG(v) (((v) >> 18) & 0x02)
-#define GET_SY(v) (((v) >> 20) & 0x04)
+#define GET_TAG(v) (((v) >> 18) & 0x03)
+#define GET_SY(v) (((v) >> 20) & 0x0f)
#define GET_HEADER_LENGTH(v) (((v) >> 24) & 0xff)
static int ioctl_queue_iso(struct client *client, void *buffer)
>From stefanr at s5r6.in-berlin.de Tue Nov 4 13:57:03 2008
From: Jay Fenlason <fenlason at redhat.com>
Date: Mon, 27 Oct 2008 23:28:14 +0100 (CET)
Subject: firewire: fix struct fw_node memory leak
To: stable at kernel.org
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.e499a05eaa0ec529 at s5r6.in-berlin.de>
Content-Disposition: INLINE
From: Jay Fenlason <fenlason at redhat.com>
commit 77e557191701afa55ae7320d42ad6458a2ad292e upstream
With the bus_resets patch applied, it is easy to see this memory leak
by repeatedly resetting the firewire bus while running slabtop in
another window. Just watch kmalloc-32 grow and grow...
Signed-off-by: Jay Fenlason <fenlason at redhat.com>
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
---
drivers/firewire/fw-topology.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/firewire/fw-topology.c
+++ b/drivers/firewire/fw-topology.c
@@ -413,7 +413,7 @@ static void
update_tree(struct fw_card *card, struct fw_node *root)
{
struct list_head list0, list1;
- struct fw_node *node0, *node1;
+ struct fw_node *node0, *node1, *next1;
int i, event;
INIT_LIST_HEAD(&list0);
@@ -485,7 +485,9 @@ update_tree(struct fw_card *card, struct
}
node0 = fw_node(node0->link.next);
- node1 = fw_node(node1->link.next);
+ next1 = fw_node(node1->link.next);
+ fw_node_put(node1);
+ node1 = next1;
}
}
>From stefanr at s5r6.in-berlin.de Tue Nov 4 13:57:36 2008
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
Date: Mon, 27 Oct 2008 23:29:00 +0100 (CET)
Subject: firewire: fw-sbp2: delay first login to avoid retries
To: stable at kernel.org
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.9bc21c3b6a97bebe at s5r6.in-berlin.de>
Content-Disposition: INLINE
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
commit 0dcfeb7e3c8695c5aa3677dda8efb9bef2e7e64d upstream
This optimizes firewire-sbp2's device probe for the case that the local
node and the SBP-2 node were discovered at the same time. In this case,
fw-core's bus management work and fw-sbp2's login and SCSI probe work
are scheduled in parallel (in the globally shared workqueue and in
fw-sbp2's workqueue, respectively). The bus reset from fw-core may then
disturb and extremely delay the login and SCSI probe because the latter
fails with several command timeouts and retries and has to be retried
from scratch.
We avoid this particular situation of sbp2_login() and fw_card_bm_work()
running in parallel by delaying the first sbp2_login() a little bit.
This is meant to be a short-term fix for
https://bugzilla.redhat.com/show_bug.cgi?id=466679. In the long run,
the SCSI probe, i.e. fw-sbp2's call of __scsi_add_device(), should be
parallelized with sbp2_reconnect().
Problem reported and fix tested and confirmed by Alex Kanavin.
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/firewire/fw-sbp2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/firewire/fw-sbp2.c
+++ b/drivers/firewire/fw-sbp2.c
@@ -1158,7 +1158,7 @@ static int sbp2_probe(struct device *dev
/* Do the login in a workqueue so we can easily reschedule retries. */
list_for_each_entry(lu, &tgt->lu_list, link)
- sbp2_queue_work(lu, 0);
+ sbp2_queue_work(lu, DIV_ROUND_UP(HZ, 5));
return 0;
fail_tgt_put:
>From stefanr at s5r6.in-berlin.de Tue Nov 4 13:58:11 2008
From: Jay Fenlason <fenlason at redhat.com>
Date: Mon, 27 Oct 2008 23:29:32 +0100 (CET)
Subject: firewire: fw-sbp2: fix races
To: stable at kernel.org
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.84265bc39337ceb3 at s5r6.in-berlin.de>
From: Jay Fenlason <fenlason at redhat.com>
Same as commit cd1f70fdb4823c97328a1f151f328eb36fafd579 upstream
1: There is a small race between queue_delayed_work() and its
corresponding kref_get(). Do the kref_get first, and _put it again
if the queue_delayed_work() failed, so there is no chance of the
kref going to zero while the work is scheduled.
2: An SBP2_LOGOUT_REQUEST could be sent out with a login_id full of
garbage. Initialize it to an invalid value so we can tell if we
ever got a valid login_id.
3: The node ID and generation may have changed but the new values may
not yet have been recorded in lu and tgt when the final logout is
attempted. Use the latest values from the device in
sbp2_release_target().
Signed-off-by: Jay Fenlason <fenlason at redhat.com>
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/firewire/fw-sbp2.c | 36 ++++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
--- a/drivers/firewire/fw-sbp2.c
+++ b/drivers/firewire/fw-sbp2.c
@@ -172,6 +172,9 @@ struct sbp2_target {
int blocked; /* ditto */
};
+/* Impossible login_id, to detect logout attempt before successful login */
+#define INVALID_LOGIN_ID 0x10000
+
/*
* Per section 7.4.8 of the SBP-2 spec, a mgt_ORB_timeout value can be
* provided in the config rom. Most devices do provide a value, which
@@ -791,9 +794,20 @@ static void sbp2_release_target(struct k
scsi_remove_device(sdev);
scsi_device_put(sdev);
}
- sbp2_send_management_orb(lu, tgt->node_id, lu->generation,
- SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
-
+ if (lu->login_id != INVALID_LOGIN_ID) {
+ int generation, node_id;
+ /*
+ * tgt->node_id may be obsolete here if we failed
+ * during initial login or after a bus reset where
+ * the topology changed.
+ */
+ generation = device->generation;
+ smp_rmb(); /* node_id vs. generation */
+ node_id = device->node_id;
+ sbp2_send_management_orb(lu, node_id, generation,
+ SBP2_LOGOUT_REQUEST,
+ lu->login_id, NULL);
+ }
fw_core_remove_address_handler(&lu->address_handler);
list_del(&lu->link);
kfree(lu);
@@ -808,19 +822,20 @@ static void sbp2_release_target(struct k
static struct workqueue_struct *sbp2_wq;
+static void sbp2_target_put(struct sbp2_target *tgt)
+{
+ kref_put(&tgt->kref, sbp2_release_target);
+}
+
/*
* Always get the target's kref when scheduling work on one its units.
* Each workqueue job is responsible to call sbp2_target_put() upon return.
*/
static void sbp2_queue_work(struct sbp2_logical_unit *lu, unsigned long delay)
{
- if (queue_delayed_work(sbp2_wq, &lu->work, delay))
- kref_get(&lu->tgt->kref);
-}
-
-static void sbp2_target_put(struct sbp2_target *tgt)
-{
- kref_put(&tgt->kref, sbp2_release_target);
+ kref_get(&lu->tgt->kref);
+ if (!queue_delayed_work(sbp2_wq, &lu->work, delay))
+ sbp2_target_put(lu->tgt);
}
static void
@@ -993,6 +1008,7 @@ static int sbp2_add_logical_unit(struct
lu->tgt = tgt;
lu->lun = lun_entry & 0xffff;
+ lu->login_id = INVALID_LOGIN_ID;
lu->retries = 0;
lu->has_sdev = false;
lu->blocked = false;
>From stefanr at s5r6.in-berlin.de Tue Nov 4 13:56:10 2008
From: Jay Fenlason <fenlason at redhat.com>
Date: Mon, 27 Oct 2008 23:27:37 +0100 (CET)
Subject: firewire: Survive more than 256 bus resets
To: stable at kernel.org
Cc: linux1394-devel at lists.sourceforge.net, linux-kernel at vger.kernel.org
Message-ID: <tkrat.6faab57f3da8f9b9 at s5r6.in-berlin.de>
Content-Disposition: INLINE
From: Jay Fenlason <fenlason at redhat.com>
Same as commit 4f9740d4f5a17fa6a1b097fa3ccdfb7246660307 upstream
The "color" is used during the topology building after a bus reset,
hovever in "struct fw_node"s it is stored in a u8, but in struct fw_card
it is stored in an int. When the value wraps in one struct, but not
the other, disaster strikes.
Fixes http://bugzilla.kernel.org/show_bug.cgi?id=10922 -
machine locks up solid if a series of bus resets occurs.
Signed-off-by: Jay Fenlason <fenlason at redhat.com>
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/firewire/fw-transaction.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/firewire/fw-transaction.h
+++ b/drivers/firewire/fw-transaction.h
@@ -248,7 +248,7 @@ struct fw_card {
struct fw_node *local_node;
struct fw_node *root_node;
struct fw_node *irm_node;
- int color;
+ u8 color; /* must be u8 to match the definition in struct fw_node */
int gap_count;
bool beta_repeaters_present;
linux-2.6.27.5-stable-queue.patch:
--- NEW FILE linux-2.6.27.5-stable-queue.patch ---
Index: queue-2.6.27.5/drivers/char/agp/intel-agp.c
===================================================================
--- queue-2.6.27.5.orig/drivers/char/agp/intel-agp.c
+++ queue-2.6.27.5/drivers/char/agp/intel-agp.c
@@ -54,8 +54,7 @@
agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965Q_HB || \
agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965G_HB || \
agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GM_HB || \
- agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GME_HB || \
- agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_GM45_HB)
+ agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_82965GME_HB)
#define IS_G33 (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_G33_HB || \
agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_Q35_HB || \
@@ -63,7 +62,8 @@
#define IS_G4X (agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_IGD_E_HB || \
agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_Q45_HB || \
- agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_G45_HB)
+ agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_G45_HB || \
+ agp_bridge->dev->device == PCI_DEVICE_ID_INTEL_GM45_HB)
extern int agp_memory_reserved;
@@ -525,8 +525,10 @@ static void intel_i830_init_gtt_entries(
size += 4;
} else if (IS_G4X) {
/* On 4 series hardware, GTT stolen is separate from graphics
- * stolen, ignore it in stolen gtt entries counting */
- size = 0;
+ * stolen, ignore it in stolen gtt entries counting. However,
+ * 4KB of the stolen memory doesn't get mapped to the GTT.
+ */
+ size = 4;
} else {
/* On previous hardware, the GTT size was just what was
* required to map the aperture.
Index: queue-2.6.27.5/drivers/scsi/sd.c
===================================================================
--- queue-2.6.27.5.orig/drivers/scsi/sd.c
+++ queue-2.6.27.5/drivers/scsi/sd.c
@@ -1047,7 +1047,6 @@ static int sd_done(struct scsi_cmnd *SCp
good_bytes = sd_completed_bytes(SCpnt);
break;
case RECOVERED_ERROR:
- case NO_SENSE:
/* Inform the user, but make sure that it's not treated
* as a hard error.
*/
@@ -1056,6 +1055,15 @@ static int sd_done(struct scsi_cmnd *SCp
memset(SCpnt->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
good_bytes = scsi_bufflen(SCpnt);
break;
+ case NO_SENSE:
+ /* This indicates a false check condition, so ignore it. An
+ * unknown amount of data was transferred so treat it as an
+ * error.
+ */
+ scsi_print_sense("sd", SCpnt);
+ SCpnt->result = 0;
+ memset(SCpnt->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
+ break;
case ABORTED_COMMAND:
if (sshdr.asc == 0x10) { /* DIF: Disk detected corruption */
scsi_print_result(SCpnt);
Index: queue-2.6.27.5/arch/s390/kernel/smp.c
===================================================================
--- queue-2.6.27.5.orig/arch/s390/kernel/smp.c
+++ queue-2.6.27.5/arch/s390/kernel/smp.c
@@ -1117,9 +1117,7 @@ out:
return rc;
}
-static ssize_t __ref rescan_store(struct sys_device *dev,
- struct sysdev_attribute *attr,
- const char *buf,
+static ssize_t __ref rescan_store(struct sysdev_class *class, const char *buf,
size_t count)
{
int rc;
@@ -1127,12 +1125,10 @@ static ssize_t __ref rescan_store(struct
rc = smp_rescan_cpus();
return rc ? rc : count;
}
-static SYSDEV_ATTR(rescan, 0200, NULL, rescan_store);
+static SYSDEV_CLASS_ATTR(rescan, 0200, NULL, rescan_store);
#endif /* CONFIG_HOTPLUG_CPU */
-static ssize_t dispatching_show(struct sys_device *dev,
- struct sysdev_attribute *attr,
- char *buf)
+static ssize_t dispatching_show(struct sysdev_class *class, char *buf)
{
ssize_t count;
@@ -1142,9 +1138,8 @@ static ssize_t dispatching_show(struct s
return count;
}
-static ssize_t dispatching_store(struct sys_device *dev,
- struct sysdev_attribute *attr,
- const char *buf, size_t count)
+static ssize_t dispatching_store(struct sysdev_class *dev, const char *buf,
+ size_t count)
{
int val, rc;
char delim;
@@ -1166,7 +1161,8 @@ out:
put_online_cpus();
return rc ? rc : count;
}
-static SYSDEV_ATTR(dispatching, 0644, dispatching_show, dispatching_store);
+static SYSDEV_CLASS_ATTR(dispatching, 0644, dispatching_show,
+ dispatching_store);
static int __init topology_init(void)
{
@@ -1176,13 +1172,11 @@ static int __init topology_init(void)
register_cpu_notifier(&smp_cpu_nb);
#ifdef CONFIG_HOTPLUG_CPU
- rc = sysfs_create_file(&cpu_sysdev_class.kset.kobj,
- &attr_rescan.attr);
+ rc = sysdev_class_create_file(&cpu_sysdev_class, &attr_rescan);
if (rc)
return rc;
#endif
- rc = sysfs_create_file(&cpu_sysdev_class.kset.kobj,
- &attr_dispatching.attr);
+ rc = sysdev_class_create_file(&cpu_sysdev_class, &attr_dispatching);
if (rc)
return rc;
for_each_present_cpu(cpu) {
Index: queue-2.6.27.5/drivers/base/sys.c
===================================================================
--- queue-2.6.27.5.orig/drivers/base/sys.c
+++ queue-2.6.27.5/drivers/base/sys.c
@@ -488,7 +488,8 @@ ssize_t sysdev_store_ulong(struct sys_de
if (end == buf)
return -EINVAL;
*(unsigned long *)(ea->var) = new;
- return end - buf;
+ /* Always return full write size even if we didn't consume all */
+ return size;
}
EXPORT_SYMBOL_GPL(sysdev_store_ulong);
@@ -511,7 +512,8 @@ ssize_t sysdev_store_int(struct sys_devi
if (end == buf || new > INT_MAX || new < INT_MIN)
return -EINVAL;
*(int *)(ea->var) = new;
- return end - buf;
+ /* Always return full write size even if we didn't consume all */
+ return size;
}
EXPORT_SYMBOL_GPL(sysdev_store_int);
Index: queue-2.6.27.5/drivers/char/ipmi/ipmi_devintf.c
===================================================================
--- queue-2.6.27.5.orig/drivers/char/ipmi/ipmi_devintf.c
+++ queue-2.6.27.5/drivers/char/ipmi/ipmi_devintf.c
@@ -957,3 +957,4 @@ module_exit(cleanup_ipmi);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Corey Minyard <minyard at mvista.com>");
MODULE_DESCRIPTION("Linux device interface for the IPMI message handler.");
+MODULE_ALIAS("platform:ipmi_si");
Index: queue-2.6.27.5/drivers/usb/core/hcd.c
===================================================================
--- queue-2.6.27.5.orig/drivers/usb/core/hcd.c
+++ queue-2.6.27.5/drivers/usb/core/hcd.c
@@ -106,6 +106,9 @@ static DEFINE_SPINLOCK(hcd_root_hub_lock
/* used when updating an endpoint's URB list */
static DEFINE_SPINLOCK(hcd_urb_list_lock);
+/* used to protect against unlinking URBs after the device is gone */
+static DEFINE_SPINLOCK(hcd_urb_unlink_lock);
+
/* wait queue for synchronous unlinks */
DECLARE_WAIT_QUEUE_HEAD(usb_kill_urb_queue);
@@ -1377,10 +1380,25 @@ static int unlink1(struct usb_hcd *hcd,
int usb_hcd_unlink_urb (struct urb *urb, int status)
{
struct usb_hcd *hcd;
- int retval;
+ int retval = -EIDRM;
+ unsigned long flags;
- hcd = bus_to_hcd(urb->dev->bus);
- retval = unlink1(hcd, urb, status);
+ /* Prevent the device and bus from going away while
+ * the unlink is carried out. If they are already gone
+ * then urb->use_count must be 0, since disconnected
+ * devices can't have any active URBs.
+ */
+ spin_lock_irqsave(&hcd_urb_unlink_lock, flags);
+ if (atomic_read(&urb->use_count) > 0) {
+ retval = 0;
+ usb_get_dev(urb->dev);
[...2064 lines suppressed...]
if (!ec_install_handlers(boot_ec)) {
first_ec = boot_ec;
Index: queue-2.6.27.5/drivers/ata/pata_it821x.c
===================================================================
--- queue-2.6.27.5.orig/drivers/ata/pata_it821x.c
+++ queue-2.6.27.5/drivers/ata/pata_it821x.c
@@ -557,9 +557,8 @@ static unsigned int it821x_read_id(struc
if (strstr(model_num, "Integrated Technology Express")) {
/* Set feature bits the firmware neglects */
id[49] |= 0x0300; /* LBA, DMA */
- id[82] |= 0x0400; /* LBA48 */
id[83] &= 0x7FFF;
- id[83] |= 0x4000; /* Word 83 is valid */
+ id[83] |= 0x4400; /* Word 83 is valid and LBA48 */
id[86] |= 0x0400; /* LBA48 on */
id[ATA_ID_MAJOR_VER] |= 0x1F;
}
Index: queue-2.6.27.5/drivers/acpi/reboot.c
===================================================================
--- queue-2.6.27.5.orig/drivers/acpi/reboot.c
+++ queue-2.6.27.5/drivers/acpi/reboot.c
@@ -15,9 +15,28 @@ void acpi_reboot(void)
rr = &acpi_gbl_FADT.reset_register;
- /* Is the reset register supported? */
- if (!(acpi_gbl_FADT.flags & ACPI_FADT_RESET_REGISTER) ||
- rr->bit_width != 8 || rr->bit_offset != 0)
+ /*
+ * Is the ACPI reset register supported?
+ *
+ * According to ACPI 3.0, FADT.flags.RESET_REG_SUP indicates
+ * whether the ACPI reset mechanism is supported.
+ *
+ * However, some boxes have this bit clear, yet a valid
+ * ACPI_RESET_REG & RESET_VALUE, and ACPI reboot is the only
+ * mechanism that works for them after S3.
+ *
+ * This suggests that other operating systems may not be checking
+ * the RESET_REG_SUP bit, and are using other means to decide
+ * whether to use the ACPI reboot mechanism or not.
+ *
+ * So when acpi reboot is requested,
+ * only the reset_register is checked. If the following
+ * conditions are met, it indicates that the reset register is supported.
+ * a. reset_register is not zero
+ * b. the access width is eight
+ * c. the bit_offset is zero
+ */
+ if (!(rr->address) || rr->bit_width != 8 || rr->bit_offset != 0)
return;
reset_value = acpi_gbl_FADT.reset_value;
Index: queue-2.6.27.5/drivers/acpi/hardware/hwsleep.c
===================================================================
--- queue-2.6.27.5.orig/drivers/acpi/hardware/hwsleep.c
+++ queue-2.6.27.5/drivers/acpi/hardware/hwsleep.c
@@ -612,6 +612,13 @@ acpi_status acpi_leave_sleep_state(u8 sl
}
/* TBD: _WAK "sometimes" returns stuff - do we want to look at it? */
+ /*
+ * Some BIOSes assume that WAK_STS will be cleared on resume and use
+ * it to determine whether the system is rebooting or resuming. Clear
+ * it for compatibility.
+ */
+ acpi_set_register(ACPI_BITREG_WAKE_STATUS, 1);
+
acpi_gbl_system_awake_and_running = TRUE;
/* Enable power button */
Index: queue-2.6.27.5/drivers/input/keyboard/atkbd.c
===================================================================
--- queue-2.6.27.5.orig/drivers/input/keyboard/atkbd.c
+++ queue-2.6.27.5/drivers/input/keyboard/atkbd.c
@@ -834,10 +834,10 @@ static void atkbd_disconnect(struct seri
}
/*
- * Most special keys (Fn+F?) on Dell Latitudes do not generate release
+ * Most special keys (Fn+F?) on Dell laptops do not generate release
* events so we have to do it ourselves.
*/
-static void atkbd_latitude_keymap_fixup(struct atkbd *atkbd)
+static void atkbd_dell_laptop_keymap_fixup(struct atkbd *atkbd)
{
const unsigned int forced_release_keys[] = {
0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8f, 0x93,
@@ -1461,13 +1461,13 @@ static int __init atkbd_setup_fixup(cons
static struct dmi_system_id atkbd_dmi_quirk_table[] __initdata = {
{
- .ident = "Dell Latitude series",
+ .ident = "Dell Laptop",
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
- DMI_MATCH(DMI_PRODUCT_NAME, "Latitude"),
+ DMI_MATCH(DMI_CHASSIS_TYPE, "8"), /* Portable */
},
.callback = atkbd_setup_fixup,
- .driver_data = atkbd_latitude_keymap_fixup,
+ .driver_data = atkbd_dell_laptop_keymap_fixup,
},
{
.ident = "HP 2133",
Index: queue-2.6.27.5/fs/hfsplus/catalog.c
===================================================================
--- queue-2.6.27.5.orig/fs/hfsplus/catalog.c
+++ queue-2.6.27.5/fs/hfsplus/catalog.c
@@ -168,6 +168,11 @@ int hfsplus_find_cat(struct super_block
return -EIO;
}
+ if (be16_to_cpu(tmp.thread.nodeName.length) > 255) {
+ printk(KERN_ERR "hfs: catalog name length corrupted\n");
+ return -EIO;
+ }
+
hfsplus_cat_build_key_uni(fd->search_key, be32_to_cpu(tmp.thread.parentID),
&tmp.thread.nodeName);
return hfs_brec_find(fd);
Index: queue-2.6.27.5/fs/hfsplus/bitmap.c
===================================================================
--- queue-2.6.27.5.orig/fs/hfsplus/bitmap.c
+++ queue-2.6.27.5/fs/hfsplus/bitmap.c
@@ -32,6 +32,10 @@ int hfsplus_block_allocate(struct super_
mutex_lock(&HFSPLUS_SB(sb).alloc_file->i_mutex);
mapping = HFSPLUS_SB(sb).alloc_file->i_mapping;
page = read_mapping_page(mapping, offset / PAGE_CACHE_BITS, NULL);
+ if (IS_ERR(page)) {
+ start = size;
+ goto out;
+ }
pptr = kmap(page);
curr = pptr + (offset & (PAGE_CACHE_BITS - 1)) / 32;
i = offset % 32;
@@ -73,6 +77,10 @@ int hfsplus_block_allocate(struct super_
break;
page = read_mapping_page(mapping, offset / PAGE_CACHE_BITS,
NULL);
+ if (IS_ERR(page)) {
+ start = size;
+ goto out;
+ }
curr = pptr = kmap(page);
if ((size ^ offset) / PAGE_CACHE_BITS)
end = pptr + PAGE_CACHE_BITS / 32;
@@ -120,6 +128,10 @@ found:
offset += PAGE_CACHE_BITS;
page = read_mapping_page(mapping, offset / PAGE_CACHE_BITS,
NULL);
+ if (IS_ERR(page)) {
+ start = size;
+ goto out;
+ }
pptr = kmap(page);
curr = pptr;
end = pptr + PAGE_CACHE_BITS / 32;
Index: queue-2.6.27.5/drivers/net/bonding/bond_alb.c
===================================================================
--- queue-2.6.27.5.orig/drivers/net/bonding/bond_alb.c
+++ queue-2.6.27.5/drivers/net/bonding/bond_alb.c
@@ -167,11 +167,14 @@ static void tlb_clear_slave(struct bondi
/* clear slave from tx_hashtbl */
tx_hash_table = BOND_ALB_INFO(bond).tx_hashtbl;
- index = SLAVE_TLB_INFO(slave).head;
- while (index != TLB_NULL_INDEX) {
- u32 next_index = tx_hash_table[index].next;
- tlb_init_table_entry(&tx_hash_table[index], save_load);
- index = next_index;
+ /* skip this if we've already freed the tx hash table */
+ if (tx_hash_table) {
+ index = SLAVE_TLB_INFO(slave).head;
+ while (index != TLB_NULL_INDEX) {
+ u32 next_index = tx_hash_table[index].next;
+ tlb_init_table_entry(&tx_hash_table[index], save_load);
+ index = next_index;
+ }
}
tlb_init_slave(slave);
Index: queue-2.6.27.5/security/commoncap.c
===================================================================
--- queue-2.6.27.5.orig/security/commoncap.c
+++ queue-2.6.27.5/security/commoncap.c
@@ -279,10 +279,10 @@ static int get_file_caps(struct linux_bi
struct vfs_cap_data vcaps;
struct inode *inode;
- if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) {
- bprm_clear_caps(bprm);
+ bprm_clear_caps(bprm);
+
+ if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
return 0;
- }
dentry = dget(bprm->file->f_dentry);
inode = dentry->d_inode;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/kernel.spec,v
retrieving revision 1.836
retrieving revision 1.837
diff -u -r1.836 -r1.837
--- kernel.spec 4 Nov 2008 23:16:50 -0000 1.836
+++ kernel.spec 4 Nov 2008 23:44:39 -0000 1.837
@@ -595,7 +595,8 @@
Patch09: linux-2.6-upstream-reverts.patch
Patch10: linux-2.6-hotfixes.patch
# patches queued for the next -stable release
-#Patch11: linux-2.6-stable-queue.patch
+Patch11: linux-2.6.27.5-stable-queue.patch
+Patch12: linux-2.6.27.5-stable-queue-reverts.patch
Patch21: linux-2.6-utrace.patch
Patch22: linux-2.6-x86-tracehook.patch
@@ -1076,7 +1077,8 @@
%if !%{nopatches}
ApplyPatch linux-2.6-hotfixes.patch
-#ApplyPatch linux-2.6-stable-queue.patch
+ApplyPatch linux-2.6.27.5-stable-queue.patch
+ApplyPatch linux-2.6.27.5-stable-queue-reverts.patch -R
# revert patches from upstream that conflict or that we get via other means
C=$(wc -l $RPM_SOURCE_DIR/linux-2.6-upstream-reverts.patch | awk '{print $1}')
@@ -1093,8 +1095,8 @@
ApplyPatch linux-2.6-sysrq-c.patch
# scheduler patches approved for -stable
-ApplyPatch linux-2.6-sched-features-disable-hrtick.patch
-ApplyPatch linux-2.6-sched_clock-prevent-scd-clock-from-moving-backwards
+#ApplyPatch linux-2.6-sched-features-disable-hrtick.patch
+#ApplyPatch linux-2.6-sched_clock-prevent-scd-clock-from-moving-backwards
# Architecture patches
# x86(-64)
@@ -1103,7 +1105,7 @@
# don't oops if there's no IRQ stack available
ApplyPatch linux-2.6-x86-check-for-null-irq-context.patch
# don't try to read memory beyond end-of-stack
-ApplyPatch linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
+#ApplyPatch linux-2.6-x86-avoid-dereferencing-beyond-stack-THREAD_SIZE.patch
#
# PowerPC
@@ -1147,12 +1149,12 @@
# actually honor the nousb parameter
ApplyPatch linux-2.6-usb-ehci-hcd-respect-nousb.patch
# fix jmicron usb/sata bridge
-ApplyPatch linux-2.6-usb-storage-unusual-devs-jmicron-ata-bridge.patch
+#ApplyPatch linux-2.6-usb-storage-unusual-devs-jmicron-ata-bridge.patch
# ACPI
# reboot / resume fixes from F10
-ApplyPatch linux-2.6-acpi-clear-wake-status.patch
-ApplyPatch linux-2.6-acpi-ignore-reset_reg_sup.patch
+#ApplyPatch linux-2.6-acpi-clear-wake-status.patch
+#ApplyPatch linux-2.6-acpi-ignore-reset_reg_sup.patch
# mm
@@ -1204,13 +1206,13 @@
# Disable easy to trigger printk's.
ApplyPatch linux-2.6-net-silence-noisy-printks.patch
# fix tcp option ordering broken in .27
-ApplyPatch linux-2.6-net-tcp-option-ordering.patch
+#ApplyPatch linux-2.6-net-tcp-option-ordering.patch
# Misc fixes
# The input layer spews crap no-one cares about.
ApplyPatch linux-2.6-input-kill-stupid-messages.patch
# dell can't make keyboards
-ApplyPatch linux-2.6-input-dell-keyboard-keyup.patch
+#ApplyPatch linux-2.6-input-dell-keyboard-keyup.patch
# kill annoying applesmc debug messages
ApplyPatch linux-2.6.27-hwmon-applesmc-2.6.28.patch
@@ -1221,7 +1223,7 @@
# hush pci bar allocation failures
ApplyPatch linux-2.6.27-pci-hush-allocation-failures.patch
# EC storms aren't anything you can fix, shut up already
-ApplyPatch linux-2.6.27-acpi-ec-drizzle.patch
+#ApplyPatch linux-2.6.27-acpi-ec-drizzle.patch
# Fix the SELinux mprotect checks on executable mappings
ApplyPatch linux-2.6-selinux-mprotect-checks.patch
@@ -1234,7 +1236,7 @@
# ia64 ata quirk
ApplyPatch linux-2.6-ata-quirk.patch
# fix it821x
-ApplyPatch linux-2.6-libata-pata_it821x-fix-lba48-on-raid-volumes.patch
+#ApplyPatch linux-2.6-libata-pata_it821x-fix-lba48-on-raid-volumes.patch
# Make Eee disk faster.
ApplyPatch linux-2.6-sata-eeepc-faster.patch
# disable swncq on sata_nv
@@ -1309,8 +1311,8 @@
ApplyPatch linux-2.6-merge-efifb-imacfb.patch
# fix RTC
-ApplyPatch linux-2.6-rtc-cmos-look-for-pnp-rtc-first.patch
-ApplyPatch linux-2.6-x86-register-platform-rtc-if-pnp-doesnt-describe-it.patch
+#ApplyPatch linux-2.6-rtc-cmos-look-for-pnp-rtc-first.patch
+#ApplyPatch linux-2.6-x86-register-platform-rtc-if-pnp-doesnt-describe-it.patch
# END OF PATCH APPLICATIONS
@@ -1915,6 +1917,9 @@
%kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL}.xen -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.xen.conf %{with_xen} xen
%changelog
+* Tue Nov 04 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.4-24
+- 2.6.27.5-stable queue (57 patches)
+
* Tue Nov 04 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.4-23
- linux-2.6-dmi-autoload.patch: backport DMI autoloading from 2.6.28
fixes autoloading of Macbook Pro Nvidia backlight driver (F10#462409)
- Previous message: rpms/python-fedora/F-9 .cvsignore, 1.20, 1.21 python-fedora.spec, 1.24, 1.25 sources, 1.22, 1.23
- Next message: rpms/kernel/F-8 linux-2.6-libata-avoid-overflow-with-large-disks.patch, NONE, 1.1 kernel.spec, 1.564, 1.565
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list