rpms/kernel/F-11 linux-2.6-libertas-crash.patch, NONE, 1.1 kernel.spec, 1.1784, 1.1785

Sat Dec 26 00:47:07 UTC 2009

Author: dcbw

Update of /cvs/extras/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17305

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-libertas-crash.patch 
Log Message:
* Fri Dec 25 2009 Dan Williams <dcbw at redhat.com> 2.6.30.10-106
- libertas: fix crash on 64-bit platforms with >= 4GB RAM



linux-2.6-libertas-crash.patch:
 if_usb.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE linux-2.6-libertas-crash.patch ---
2.6.31-stable review patch.  If anyone has any objections, please let us know.

------------------
From: David Woodhouse <dwmw2 at infradead.org>

commit e9024a059f2c17fb2bfab212ee9d31511d7b8e57 upstream.

On a 64-bit kernel, skb->tail is an offset, not a pointer. The libertas
usb driver passes it to usb_fill_bulk_urb() anyway, causing interesting
crashes. Fix that by using skb->data instead.

This highlights a problem with usb_fill_bulk_urb(). It doesn't notice
when dma_map_single() fails and return the error to its caller as it
should. In fact it _can't_ currently return the error, since it returns
void.

So this problem was showing up only at unmap time, after we'd already
suffered memory corruption by doing DMA to a bogus address.

Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
Acked-by: David S. Miller <davem at davemloft.net>
Signed-off-by: John W. Linville <linville at tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>

---
 drivers/net/wireless/libertas/if_usb.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/wireless/libertas/if_usb.c
+++ b/drivers/net/wireless/libertas/if_usb.c
@@ -507,7 +507,7 @@ static int __if_usb_submit_rx_urb(struct
 	/* Fill the receive configuration URB and initialise the Rx call back */
 	usb_fill_bulk_urb(cardp->rx_urb, cardp->udev,
 			  usb_rcvbulkpipe(cardp->udev, cardp->ep_in),
-			  (void *) (skb->tail + (size_t) IPFIELD_ALIGN_OFFSET),
+			  skb->data + IPFIELD_ALIGN_OFFSET,
 			  MRVDRV_ETH_RX_PACKET_BUFFER_SIZE, callbackfn,
 			  cardp);
 





Index: kernel.spec
===================================================================
RCS file: /cvs/extras/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1784
retrieving revision 1.1785
diff -u -p -r1.1784 -r1.1785
--- kernel.spec	24 Dec 2009 16:16:11 -0000	1.1784
+++ kernel.spec	26 Dec 2009 00:47:06 -0000	1.1785
@@ -844,6 +844,10 @@ Patch16471: fuse-prevent-fuse_put_reques
 # rhbz#549400 [0bd87182d3ab18a32a8e9175d3f68754c58e3432]
 Patch16472: fuse-fix-kunmap-in-fuse_ioctl_copy_user.patch
 
+# fix libertas on 64-bit platforms with >= 4GB RAM
+# kernel commit e9024a059f2c17fb2bfab212ee9d31511d7b8e57
+Patch16473: linux-2.6-libertas-crash.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1586,6 +1590,9 @@ ApplyPatch fuse-prevent-fuse_put_request
 # rhbz#549400 [0bd87182d3ab18a32a8e9175d3f68754c58e3432]
 ApplyPatch fuse-fix-kunmap-in-fuse_ioctl_copy_user.patch
 
+# libertas 64-bit crash fix [e9024a059f2c17fb2bfab212ee9d31511d7b8e57]
+ApplyPatch linux-2.6-libertas-crash.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2174,6 +2181,9 @@ fi
 # and build.
 
 %changelog
+* Fri Dec 25 2009 Dan Williams <dcbw at redhat.com> 2.6.30.10-106
+- libertas: fix crash on 64-bit platforms with >= 4GB RAM
+
 * Thu Dec 24 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.10-105
 - fuse: fix kunmap in fuse_ioctl_copy_user, #549400
 


