rpms/kernel/FC-6 linux-2.6-futex-fix-traversal.patch, NONE, 1.1 linux-2.6-usb-allow-1-byte-replies.patch, NONE, 1.1 linux-2.6-usb-fixup-interval-lengths.patch, NONE, 1.1 linux-2.6-usb-linked-list-insertion.patch, NONE, 1.1 kernel-2.6.spec, 1.3022, 1.3023
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Sep 13 22:21:35 UTC 2007
- Previous message (by thread): rpms/kernel/FC-6 patch-2.6.22.6.bz2.sign, NONE, 1.1 .cvsignore, 1.570, 1.571 kernel-2.6.spec, 1.3021, 1.3022 sources, 1.534, 1.535 upstream, 1.454, 1.455 patch-2.6.22.5.bz2.sign, 1.1, NONE patch-2.6.22.6-rc1.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/FC-6 linux-2.6-libata-pata-dma-disable-option.patch, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/dist/rpms/kernel/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv11408
Modified Files:
kernel-2.6.spec
Added Files:
linux-2.6-futex-fix-traversal.patch
linux-2.6-usb-allow-1-byte-replies.patch
linux-2.6-usb-fixup-interval-lengths.patch
linux-2.6-usb-linked-list-insertion.patch
Log Message:
* Thu Sep 13 2007 Chuck Ebbert <cebbert at redhat.com>
- USB: three trivial fixes
- futex: fix compat list traversal
linux-2.6-futex-fix-traversal.patch:
futex_compat.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-futex-fix-traversal.patch ---
Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=179c85ea53bef807621f335767e41e23f86f01df
Commit: 179c85ea53bef807621f335767e41e23f86f01df
Parent: a570ab6f10462b062c28188b64377b8034235761
Author: Arnd Bergmann <arnd at arndb.de>
AuthorDate: Tue Sep 11 15:23:49 2007 -0700
Committer: Linus Torvalds <torvalds at woody.linux-foundation.org>
CommitDate: Tue Sep 11 17:21:20 2007 -0700
futex_compat: fix list traversal bugs
The futex list traversal on the compat side appears to have
a bug.
It's loop termination condition compares:
while (compat_ptr(uentry) != &head->list)
But that can't be right because "uentry" has the special
"pi" indicator bit still potentially set at bit 0. This
is cleared by fetch_robust_entry() into the "entry"
return value.
What this seems to mean is that the list won't terminate
when list iteration gets back to the the head. And we'll
also process the list head like a normal entry, which could
cause all kinds of problems.
So we should check for equality with "entry". That pointer
is of the non-compat type so we have to do a little casting
to keep the compiler and sparse happy.
The same problem can in theory occur with the 'pending'
variable, although that has not been reported from users
so far.
Based on the original patch from David Miller.
Acked-by: Ingo Molnar <mingo at elte.hu>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: David Miller <davem at davemloft.net>
Signed-off-by: Arnd Bergmann <arnd at arndb.de>
Cc: <stable at kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
---
kernel/futex_compat.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
index f792136..7e52eb0 100644
--- a/kernel/futex_compat.c
+++ b/kernel/futex_compat.c
@@ -61,10 +61,10 @@ void compat_exit_robust_list(struct task_struct *curr)
if (fetch_robust_entry(&upending, &pending,
&head->list_op_pending, &pip))
return;
- if (upending)
+ if (pending)
handle_futex_death((void __user *)pending + futex_offset, curr, pip);
- while (compat_ptr(uentry) != &head->list) {
+ while (entry != (struct robust_list __user *) &head->list) {
/*
* A pending lock might already be on the list, so
* dont process it twice:
linux-2.6-usb-allow-1-byte-replies.patch:
hub.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-usb-allow-1-byte-replies.patch ---
Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=46dede4690bbb23a2c9d60561e2e4fdc3e6bee61
Commit: 46dede4690bbb23a2c9d60561e2e4fdc3e6bee61
Parent: f095137e799ddb6a7c2bf0e4c73cda193ab9df41
Author: Alan Stern <stern at rowland.harvard.edu>
AuthorDate: Tue Aug 14 10:56:10 2007 -0400
Committer: Greg Kroah-Hartman <gregkh at suse.de>
CommitDate: Wed Aug 22 14:27:49 2007 -0700
USB: accept 1-byte Device Status replies, fixing some b0rken devices
Some devices have a bug which causes them to send a 1-byte reply to
Get-Device-Status requests instead of 2 bytes as required by the
spec. This doesn't play well with autosuspend, since we look for a
valid status reply to make sure the device is still present when it
resumes. Without both bytes, we assume the device has been
disconnected.
Lack of the second byte shouldn't matter much, since the spec requires
it always to be equal to 0. Hence this patch (as959) causes
finish_port_resume() to accept a 1-byte reply as valid.
Signed-off-by: Alan Stern <stern at rowland.harvard.edu>
Acked-by: David Brownell <david-b at pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
[<cebbert at redhat.com>: reworked for 2.6.22]
[<cebbert at redhat.com>: made test more careful]
---
drivers/usb/core/hub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- linux-2.6.22.noarch.orig/drivers/usb/core/hub.c
+++ linux-2.6.22.noarch/drivers/usb/core/hub.c
@@ -1719,7 +1719,7 @@ int usb_port_suspend(struct usb_device *
static int finish_port_resume(struct usb_device *udev)
{
int status;
- u16 devstatus;
+ u16 devstatus = 0;
/* caller owns the udev device lock */
dev_dbg(&udev->dev, "finish resume\n");
@@ -1739,7 +1739,7 @@ static int finish_port_resume(struct usb
*/
status = usb_get_status(udev, USB_RECIP_DEVICE, 0, &devstatus);
if (status >= 0)
- status = (status == 2 ? 0 : -ENODEV);
+ status = (status == 2 || status == 1) ? 0 : -ENODEV;
if (status)
dev_dbg(&udev->dev,
linux-2.6-usb-fixup-interval-lengths.patch:
config.c | 12 +++++++++---
1 files changed, 9 insertions(+), 3 deletions(-)
--- NEW FILE linux-2.6-usb-fixup-interval-lengths.patch ---
Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=300871cd963e24a68aaa9b762f4a10403697d9be
Commit: 300871cd963e24a68aaa9b762f4a10403697d9be
Parent: 87d093e25d73249ae92b28ae88db92eaea7df70f
Author: Laurent Pinchart <laurent.pinchart at skynet.be>
AuthorDate: Tue Jun 12 21:47:17 2007 +0200
Committer: Greg Kroah-Hartman <gregkh at suse.de>
CommitDate: Thu Jul 12 16:34:37 2007 -0700
USB: Fix up full-speed bInterval values in high-speed interrupt descriptor
Many device manufacturers are using full-speed bInterval values in high-speed
interrupt endpoint descriptors. If the bInterval value is greater than 16,
assume the device uses full-speed descriptors and fix the value accordingly.
Signed-off-by: Laurent Pinchart <laurent.pinchart at skynet.be>
Acked-by: Alan Stern <stern at rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/usb/core/config.c | 12 +++++++++---
1 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
index 9152e12..5e113db 100644
--- a/drivers/usb/core/config.c
+++ b/drivers/usb/core/config.c
@@ -85,15 +85,21 @@ static int usb_parse_endpoint(struct device *ddev, int cfgno, int inum,
memcpy(&endpoint->desc, d, n);
INIT_LIST_HEAD(&endpoint->urb_list);
- /* If the bInterval value is outside the legal range,
- * set it to a default value: 32 ms */
+ /* Fix up bInterval values outside the legal range. Use 32 ms if no
+ * proper value can be guessed. */
i = 0; /* i = min, j = max, n = default */
j = 255;
if (usb_endpoint_xfer_int(d)) {
i = 1;
switch (to_usb_device(ddev)->speed) {
case USB_SPEED_HIGH:
- n = 9; /* 32 ms = 2^(9-1) uframes */
+ /* Many device manufacturers are using full-speed
+ * bInterval values in high-speed interrupt endpoint
+ * descriptors. Try to fix those and fall back to a
+ * 32 ms default value otherwise. */
+ n = fls(d->bInterval*8);
+ if (n == 0)
+ n = 9; /* 32 ms = 2^(9-1) uframes */
j = 16;
break;
default: /* USB_SPEED_FULL or _LOW */
linux-2.6-usb-linked-list-insertion.patch:
driver.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE linux-2.6-usb-linked-list-insertion.patch ---
Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e5dd01154c1e9ca2400f4682602d1a4fa54c25dd
Commit: e5dd01154c1e9ca2400f4682602d1a4fa54c25dd
Parent: ce05916f6bf9906fba88853078715f9a4d300237
Author: Nathael Pajani <nathael.pajani at cpe.fr>
AuthorDate: Tue Sep 4 11:46:23 2007 +0200
Committer: Greg Kroah-Hartman <gregkh at suse.de>
CommitDate: Tue Sep 11 07:48:15 2007 -0700
USB: fix linked list insertion bugfix for usb core
This patch fixes the order of list_add_tail() arguments in
usb_store_new_id() so the list can have more than one single element.
Signed-off-by: Nathael Pajani <nathael.pajani at cpe.fr>
Cc: stable <stable at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/usb/core/driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
index a1ad11d..63b1243 100644
--- a/drivers/usb/core/driver.c
+++ b/drivers/usb/core/driver.c
@@ -60,7 +60,7 @@ ssize_t usb_store_new_id(struct usb_dynids *dynids,
dynid->id.match_flags = USB_DEVICE_ID_MATCH_DEVICE;
spin_lock(&dynids->lock);
- list_add_tail(&dynids->list, &dynid->node);
+ list_add_tail(&dynid->node, &dynids->list);
spin_unlock(&dynids->lock);
if (get_driver(driver)) {
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-6/kernel-2.6.spec,v
retrieving revision 1.3022
retrieving revision 1.3023
diff -u -r1.3022 -r1.3023
--- kernel-2.6.spec 13 Sep 2007 21:20:07 -0000 1.3022
+++ kernel-2.6.spec 13 Sep 2007 22:21:31 -0000 1.3023
@@ -617,7 +617,13 @@
Patch742: linux-2.6-sdhci-clear-error-interrupt.patch
Patch760: linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch
Patch770: linux-2.6-irda-smc-remove-quirk.patch
+Patch771: linux-2.6-futex-fix-traversal.patch
+
Patch780: linux-2.6-usb-storage-initialize-huawei-e220-properly.patch
+Patch781: linux-2.6-usb-allow-1-byte-replies.patch
+Patch782: linux-2.6-usb-fixup-interval-lengths.patch
+Patch783: linux-2.6-usb-linked-list-insertion.patch
+
Patch800: linux-2.6-wakeups-hdaps.patch
Patch801: linux-2.6-wakeups.patch
Patch900: linux-2.6-sched-cfs-v2.6.22.5-v20.5.patch
@@ -1322,11 +1328,17 @@
ApplyPatch linux-2.6-v4l-dvb-fix-airstar-hd5000-tuner.patch
# irda: remove smc quirk that breaks hp 6000 notebooks
ApplyPatch linux-2.6-irda-smc-remove-quirk.patch
+# futex: fix compat list traveral
+ApplyPatch linux-2.6-futex-fix-traversal.patch
# USB
#
# fix init of huawei device
ApplyPatch linux-2.6-usb-storage-initialize-huawei-e220-properly.patch
+# trivial USB fixes
+ApplyPatch linux-2.6-usb-allow-1-byte-replies.patch
+ApplyPatch linux-2.6-usb-fixup-interval-lengths.patch
+ApplyPatch linux-2.6-usb-linked-list-insertion.patch
# timers
@@ -2268,6 +2280,10 @@
%changelog
* Thu Sep 13 2007 Chuck Ebbert <cebbert at redhat.com>
+- USB: three trivial fixes
+- futex: fix compat list traversal
+
+* Thu Sep 13 2007 Chuck Ebbert <cebbert at redhat.com>
- Linux 2.6.22.6 (official)
* Thu Sep 13 2007 Chuck Ebbert <cebbert at redhat.com>
- Previous message (by thread): rpms/kernel/FC-6 patch-2.6.22.6.bz2.sign, NONE, 1.1 .cvsignore, 1.570, 1.571 kernel-2.6.spec, 1.3021, 1.3022 sources, 1.534, 1.535 upstream, 1.454, 1.455 patch-2.6.22.5.bz2.sign, 1.1, NONE patch-2.6.22.6-rc1.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/FC-6 linux-2.6-libata-pata-dma-disable-option.patch, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list