3.4.3-1.fc17.gnu

7 files changed, 158 insertions, 104 deletions

diff --git a/freed-ora/current/f17/cifs-fix-parsing-of-password-mount-option.patch b/freed-ora/current/f17/cifs-fix-parsing-of-password-mount-option.patch
new file mode 100644
index 000000000..9805c6bf9
--- /dev/null
+++ b/freed-ora/current/f17/cifs-fix-parsing-of-password-mount-option.patch
@@ -0,0 +1,86 @@
+From e73f843a3235a19de38359c91586e9eadef12238 Mon Sep 17 00:00:00 2001
+From: Suresh Jayaraman <sjayaraman@suse.com>
+Date: Tue, 12 Jun 2012 07:15:50 +0530
+Subject: [PATCH] cifs: fix parsing of password mount option
+
+The double delimiter check that allows a comma in the password parsing code is
+unconditional. We set "tmp_end" to the end of the string and we continue to
+check for double delimiter. In the case where the password doesn't contain a
+comma we end up setting tmp_end to NULL and eventually setting "options" to
+"end". This results in the premature termination of the options string and hence
+the values of UNCip and UNC are being set to NULL. This results in mount failure
+with "Connecting to DFS root not implemented yet" error.
+
+This error is usually not noticable as we have password as the last option in
+the superblock mountdata. But when we call expand_dfs_referral() from
+cifs_mount() and try to compose mount options for the submount, the resulting
+mountdata will be of the form
+
+   ",ver=1,user=foo,pass=bar,ip=x.x.x.x,unc=\\server\share"
+
+and hence results in the above error. This bug has been seen with older NAS
+servers running Samba 3.0.24.
+
+Fix this by moving the double delimiter check inside the conditional loop.
+
+Changes since -v1
+
+   - removed the wrong strlen() micro optimization.
+
+Signed-off-by: Suresh Jayaraman <sjayaraman@suse.com>
+Acked-by: Sachin Prabhu <sprabhu@redhat.com>
+Cc: stable@vger.kernel.org [3.1+]
+Signed-off-by: Steve French <sfrench@us.ibm.com>
+---
+ fs/cifs/connect.c |   32 +++++++++++++++++---------------
+ 1 files changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
+index 78db68a..5b38407 100644
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -1653,24 +1653,26 @@ cifs_parse_mount_options(const char *mountdata, const char *devname,
+ 			 * If yes, we have encountered a double deliminator
+ 			 * reset the NULL character to the deliminator
+ 			 */
+-			if (tmp_end < end && tmp_end[1] == delim)
++			if (tmp_end < end && tmp_end[1] == delim) {
+ 				tmp_end[0] = delim;
+ 
+-			/* Keep iterating until we get to a single deliminator
+-			 * OR the end
+-			 */
+-			while ((tmp_end = strchr(tmp_end, delim)) != NULL &&
+-			       (tmp_end[1] == delim)) {
+-				tmp_end = (char *) &tmp_end[2];
+-			}
++				/* Keep iterating until we get to a single
++				 * deliminator OR the end
++				 */
++				while ((tmp_end = strchr(tmp_end, delim))
++					!= NULL && (tmp_end[1] == delim)) {
++						tmp_end = (char *) &tmp_end[2];
++				}
+ 
+-			/* Reset var options to point to next element */
+-			if (tmp_end) {
+-				tmp_end[0] = '\0';
+-				options = (char *) &tmp_end[1];
+-			} else
+-				/* Reached the end of the mount option string */
+-				options = end;
++				/* Reset var options to point to next element */
++				if (tmp_end) {
++					tmp_end[0] = '\0';
++					options = (char *) &tmp_end[1];
++				} else
++					/* Reached the end of the mount option
++					 * string */
++					options = end;
++			}
+ 
+ 			/* Now build new password string */
+ 			temp_len = strlen(value);
+-- 
+1.7.0.4
+
diff --git a/freed-ora/current/f17/iwlwifi-disable-the-buggy-chain-extension-feature-in-HW.patch b/freed-ora/current/f17/iwlwifi-disable-the-buggy-chain-extension-feature-in-HW.patch
deleted file mode 100644
index c4f2ed3a1..000000000
--- a/freed-ora/current/f17/iwlwifi-disable-the-buggy-chain-extension-feature-in-HW.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From d012d04e4d6312ea157b6cf19e9689af934f5aa7 Mon Sep 17 00:00:00 2001
-From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Date: Wed, 6 Jun 2012 13:55:02 +0200
-Subject: [PATCH] iwlwifi: disable the buggy chain extension feature in HW
-
-This feature has been reported to be buggy and enabled by
-default. We therefore need to disable it manually.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: John W. Linville <linville@tuxdriver.com>
----
- drivers/net/wireless/iwlwifi/iwl-prph.h       |    1 +
- drivers/net/wireless/iwlwifi/iwl-trans-pcie.c |    5 +++++
- 2 files changed, 6 insertions(+), 0 deletions(-)
-
-diff --git a/drivers/net/wireless/iwlwifi/iwl-prph.h b/drivers/net/wireless/iwlwifi/iwl-prph.h
-index 3b10692..dfd5466 100644
---- a/drivers/net/wireless/iwlwifi/iwl-prph.h
-+++ b/drivers/net/wireless/iwlwifi/iwl-prph.h
-@@ -224,6 +224,7 @@
- #define SCD_TXFACT		(SCD_BASE + 0x10)
- #define SCD_ACTIVE		(SCD_BASE + 0x14)
- #define SCD_QUEUECHAIN_SEL	(SCD_BASE + 0xe8)
-+#define SCD_CHAINEXT_EN		(SCD_BASE + 0x244)
- #define SCD_AGGR_SEL		(SCD_BASE + 0x248)
- #define SCD_INTERRUPT_MASK	(SCD_BASE + 0x108)
- 
-diff --git a/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c b/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c
-index ec6fb39..79c6b91 100644
---- a/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c
-+++ b/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c
-@@ -1058,6 +1058,11 @@ static void iwl_tx_start(struct iwl_trans *trans)
- 	iwl_write_prph(trans, SCD_DRAM_BASE_ADDR,
- 		       trans_pcie->scd_bc_tbls.dma >> 10);
- 
-+	/* The chain extension of the SCD doesn't work well. This feature is
-+	 * enabled by default by the HW, so we need to disable it manually.
-+	 */
-+	iwl_write_prph(trans, SCD_CHAINEXT_EN, 0);
-+
- 	/* Enable DMA channel */
- 	for (chan = 0; chan < FH_TCSR_CHNL_NUM ; chan++)
- 		iwl_write_direct32(trans, FH_TCSR_CHNL_TX_CONFIG_REG(chan),
--- 
-1.7.7.6
-
diff --git a/freed-ora/current/f17/iwlwifi-dont-mess-up-the-SCD-when-removing-a-key.patch b/freed-ora/current/f17/iwlwifi-dont-mess-up-the-SCD-when-removing-a-key.patch
deleted file mode 100644
index f7c3c7181..000000000
--- a/freed-ora/current/f17/iwlwifi-dont-mess-up-the-SCD-when-removing-a-key.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From d6ee27eb13beab94056e0de52d81220058ca2297 Mon Sep 17 00:00:00 2001
-From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Date: Wed, 6 Jun 2012 09:13:36 +0200
-Subject: [PATCH] iwlwifi: don't mess up the SCD when removing a key
-
-When we remove a key, we put a key index which was supposed
-to tell the fw that we are actually removing the key. But
-instead the fw took that index as a valid index and messed
-up the SRAM of the device.
-
-This memory corruption on the device mangled the data of
-the SCD. The impact on the user is that SCD queue 2 got
-stuck after having removed keys.
-The message is the log that was printed is:
-
-Queue 2 stuck for 10000ms
-
-This doesn't seem to fix the higher queues that get stuck
-from time to time.
-
-Cc: stable@vger.kernel.org [2.6.27+]
-Reviewed-by: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
-Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: John W. Linville <linville@tuxdriver.com>
----
- drivers/net/wireless/iwlwifi/iwl-agn-sta.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
-index aea07aa..eb6a8ea 100644
---- a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
-+++ b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
-@@ -1267,7 +1267,7 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
- 		key_flags |= STA_KEY_MULTICAST_MSK;
- 
- 	sta_cmd.key.key_flags = key_flags;
--	sta_cmd.key.key_offset = WEP_INVALID_OFFSET;
-+	sta_cmd.key.key_offset = keyconf->hw_key_idx;
- 	sta_cmd.sta.modify_mask = STA_MODIFY_KEY_MASK;
- 	sta_cmd.mode = STA_CONTROL_MODIFY_MSK;
- 
--- 
-1.7.6.5
-
diff --git a/freed-ora/current/f17/kernel.spec b/freed-ora/current/f17/kernel.spec
index 4d5f1e052..5a955c243 100644
--- a/freed-ora/current/f17/kernel.spec
+++ b/freed-ora/current/f17/kernel.spec
@@ -54,7 +54,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 4
+%global baserelease 1
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -104,7 +104,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 2
+%define stable_update 3
 # Is it a -stable RC?
 %define stable_rc 0
 # Set rpm version accordingly
@@ -700,6 +700,8 @@ Patch09: linux-2.6-upstream-reverts.patch
 # Standalone patches
 
 Patch100: taint-vbox.patch
+Patch101: taint-rss.patch
+
 Patch160: linux-2.6-32bit-mmap-exec-randomization.patch
 Patch161: linux-2.6-i386-nx-emulation.patch
 Patch162: nx-emu-remove-cpuinitdata-for-disable_nx-on-x86_32.patch
@@ -830,14 +832,16 @@ Patch22021: mm-pmd_read_atomic-fix-32bit-PAE-pmd-walk-vs-pmd_populate-SMP-race-c
 #rhbz 829016
 Patch22022: thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-PAE.patch
 
-#rhbz 825491
-Patch22023: iwlwifi-disable-the-buggy-chain-extension-feature-in-HW.patch
-Patch22024: iwlwifi-dont-mess-up-the-SCD-when-removing-a-key.patch
-
 #rhbz 830862
 Patch22030: SUNRPC-new-svc_bind-routine-introduced.patch
 Patch22031: SUNRPC-move-per-net-operations-from-svc_destroy.patch
 
+#rhbz 832741
+Patch22032: cifs-fix-parsing-of-password-mount-option.patch
+
+#rhbz 832188
+Patch22033: udl-bind-fix.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1443,6 +1447,7 @@ ApplyPatch freedo.patch
 ApplyOptionalPatch linux-2.6-upstream-reverts.patch -R
 
 ApplyPatch taint-vbox.patch
+ApplyPatch taint-rss.patch
 
 # Architecture patches
 # x86(-64)
@@ -1613,14 +1618,16 @@ ApplyPatch rtl818x-fix-sleeping-function-called-from-invalid-context.patch
 ApplyPatch mm-pmd_read_atomic-fix-32bit-PAE-pmd-walk-vs-pmd_populate-SMP-race-condition.patch
 ApplyPatch thp-avoid-atomic64_read-in-pmd_read_atomic-for-32bit-PAE.patch
 
-#rhbz 825491
-ApplyPatch iwlwifi-disable-the-buggy-chain-extension-feature-in-HW.patch
-ApplyPatch iwlwifi-dont-mess-up-the-SCD-when-removing-a-key.patch
-
 #rhbz 830862
 ApplyPatch SUNRPC-new-svc_bind-routine-introduced.patch
 ApplyPatch SUNRPC-move-per-net-operations-from-svc_destroy.patch
 
+#rhbz 832741
+ApplyPatch cifs-fix-parsing-of-password-mount-option.patch
+
+#rhbz 832188
+ApplyPatch udl-bind-fix.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2486,6 +2493,19 @@ fi
 #    '-'      |  |
 #              '-'
 %changelog
+* Mon Jun 18 2012 Alexandre Oliva <lxoliva@fsfla.org> -libre
+- GNU Linux-libre 3.4.3
+
+* Mon Jun 18 2012 Dave Jones <davej@redhat.com>
+- Output taint info when the RSS counter check trips up.
+
+* Mon Jun 18 2012 Justin M. Forbes <jforbes@redhat.com> 3.4.3-1
+- Linux 3.4.3
+
+* Mon Jun 18 2012 Josh Boyer <jwboyer@redhat.com>
+- Add patch to fix CIFS password mount option parsing (rhbz 832741)
+- Add patch to fix udl device binding (rhbz 832188)
+
 * Wed Jun 13 2012 Josh Boyer <jwboyer@redhat.com>
 - Add patches to fix NFS shutdown panic (rhbz 830862)
 
diff --git a/freed-ora/current/f17/sources b/freed-ora/current/f17/sources
index 495d2d8ed..fbf8d02c6 100644
--- a/freed-ora/current/f17/sources
+++ b/freed-ora/current/f17/sources
@@ -1,2 +1,2 @@
 a5e128ca059cceb8b69148b41ff4ac6f  linux-libre-3.4-gnu.tar.xz
-ac52d3d82c20c7e80740fc5fb00b6ed4  patch-3.4.2.xz
+3b6cf4f6337346ee78904eb70e2d4e08  patch-3.4.3.xz
diff --git a/freed-ora/current/f17/taint-rss.patch b/freed-ora/current/f17/taint-rss.patch
new file mode 100644
index 000000000..30265f3e7
--- /dev/null
+++ b/freed-ora/current/f17/taint-rss.patch
@@ -0,0 +1,13 @@
+diff --git a/kernel/fork.c b/kernel/fork.c
+index ab5211b..0aa3c51 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -556,7 +556,7 @@ static void check_mm(struct mm_struct *mm)
+ 
+ 		if (unlikely(x))
+ 			printk(KERN_ALERT "BUG: Bad rss-counter state "
+-					  "mm:%p idx:%d val:%ld\n", mm, i, x);
++					  "mm:%p idx:%d val:%ld (%s)\n", mm, i, x, print_tainted());
+ 	}
+ 
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
diff --git a/freed-ora/current/f17/udl-bind-fix.patch b/freed-ora/current/f17/udl-bind-fix.patch
new file mode 100644
index 000000000..45b4563c1
--- /dev/null
+++ b/freed-ora/current/f17/udl-bind-fix.patch
@@ -0,0 +1,28 @@
+@@ -, +, @@ 
+ drivers/gpu/drm/udl/udl_drv.c |   15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+--- a/drivers/gpu/drm/udl/udl_drv.c	
++++ a/drivers/gpu/drm/udl/udl_drv.c	
+@@ -13,8 +13,21 @@ 
+ 
+ static struct drm_driver driver;
+ 
++/*
++ * There are many DisplayLink-based graphics products, all with unique PIDs.
++ * So we match on DisplayLink's VID + Vendor-Defined Interface Class (0xff)
++ * We also require a match on SubClass (0x00) and Protocol (0x00),
++ * which is compatible with all known USB 2.0 era graphics chips and firmware,
++ * but allows DisplayLink to increment those for any future incompatible chips
++ */
+ static struct usb_device_id id_table[] = {
+-	{.idVendor = 0x17e9, .match_flags = USB_DEVICE_ID_MATCH_VENDOR,},
++	{.idVendor = 0x17e9, .bInterfaceClass = 0xff,
++	 .bInterfaceSubClass = 0x00,
++	 .bInterfaceProtocol = 0x00,
++	 .match_flags = USB_DEVICE_ID_MATCH_VENDOR |
++			USB_DEVICE_ID_MATCH_INT_CLASS |
++			USB_DEVICE_ID_MATCH_INT_SUBCLASS |
++			USB_DEVICE_ID_MATCH_INT_PROTOCOL,},
+ 	{},
+ };
+ MODULE_DEVICE_TABLE(usb, id_table);