/* Ask for all the pages supported by this device */
result = scsi_vpd_inquiry(sdev, buf, 0, buf_len);
if (result)
-commit 4d0ed18277cc6f07513ee0b04475f19cd69e75ef
-Author: Peter Hurley <peter@hurleysoftware.com>
-Date: Tue Dec 10 17:12:02 2013 -0500
- n_tty: Fix buffer overruns with larger-than-4k pastes
-
- readline() inadvertently triggers an error recovery path when
- pastes larger than 4k overrun the line discipline buffer. The
- error recovery path discards input when the line discipline buffer
- is full and operating in canonical mode and no newline has been
- received. Because readline() changes the termios to non-canonical
- mode to read the line char-by-char, the line discipline buffer
- can become full, and then when readline() restores termios back
- to canonical mode for the caller, the now-full line discipline
- buffer triggers the error recovery.
-
- When changing termios from non-canon to canon mode and the read
- buffer contains data, simulate an EOF push _without_ the
- DISABLED_CHAR in the read buffer.
-
- Importantly for the readline() problem, the termios can be
- changed back to non-canonical mode without changes to the read
- buffer occurring; ie., as if the previous termios change had not
- happened (as long as no intervening read took place).
-
- Preserve existing userspace behavior which allows '\0's already
- received in non-canon mode to be read as '\0's in canon mode
- (rather than trigger add'l EOF pushes or an actual EOF).
-
- Patch based on original proposal and discussion here
- https://bugzilla.kernel.org/show_bug.cgi?id=55991
- by Stas Sergeev <stsp@users.sourceforge.net>
-
- Reported-by: Margarita Manterola <margamanterola@gmail.com>
- Cc: Maximiliano Curia <maxy@gnuservers.com.ar>
- Cc: Pavel Machek <pavel@ucw.cz>
- Cc: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com>
- Acked-by: Stas Sergeev <stsp@users.sourceforge.net>
- Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
- Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+From 1e2ee49f7f1b79f0b14884fe6a602f0411b39552 Mon Sep 17 00:00:00 2001
+From: Will Woods <wwoods@redhat.com>
+Date: Tue, 6 May 2014 12:50:10 -0700
+Subject: fanotify: fix -EOVERFLOW with large files on 64-bit
-diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index fdc2ecd..961e6a9 100644
---- a/drivers/tty/n_tty.c
-+++ b/drivers/tty/n_tty.c
-@@ -104,6 +104,7 @@ struct n_tty_data {
-
- /* must hold exclusive termios_rwsem to reset these */
- unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
-+ unsigned char push:1;
-
- /* shared by producer and consumer */
- char read_buf[N_TTY_BUF_SIZE];
-@@ -341,6 +342,7 @@ static void reset_buffer_flags(struct n_tty_data *ldata)
-
- ldata->erasing = 0;
- bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
-+ ldata->push = 0;
- }
-
- static void n_tty_packet_mode_flush(struct tty_struct *tty)
-@@ -1745,7 +1747,16 @@ static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
-
- if (!old || (old->c_lflag ^ tty->termios.c_lflag) & ICANON) {
- bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
-- ldata->line_start = ldata->canon_head = ldata->read_tail;
-+ ldata->line_start = ldata->read_tail;
-+ if (!L_ICANON(tty) || !read_cnt(ldata)) {
-+ ldata->canon_head = ldata->read_tail;
-+ ldata->push = 0;
-+ } else {
-+ set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
-+ ldata->read_flags);
-+ ldata->canon_head = ldata->read_head;
-+ ldata->push = 1;
-+ }
- ldata->erasing = 0;
- ldata->lnext = 0;
- }
-@@ -1951,6 +1962,12 @@ static int copy_from_read_buf(struct tty_struct *tty,
- * it copies one line of input up to and including the line-delimiting
- * character into the user-space buffer.
- *
-+ * NB: When termios is changed from non-canonical to canonical mode and
-+ * the read buffer contains data, n_tty_set_termios() simulates an EOF
-+ * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
-+ * This causes data already processed as input to be immediately available
-+ * as input although a newline has not been received.
-+ *
- * Called under the atomic_read_lock mutex
- *
- * n_tty_read()/consumer path:
-@@ -1997,7 +2014,7 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
- n += found;
- c = n;
-
-- if (found && read_buf(ldata, eol) == __DISABLED_CHAR) {
-+ if (found && !ldata->push && read_buf(ldata, eol) == __DISABLED_CHAR) {
- n--;
- eof_push = !n && ldata->read_tail != ldata->line_start;
- }
-@@ -2024,7 +2041,10 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
- ldata->read_tail += c;
-
- if (found) {
-- ldata->line_start = ldata->read_tail;
-+ if (!ldata->push)
-+ ldata->line_start = ldata->read_tail;
-+ else
-+ ldata->push = 0;
- tty_audit_push(tty);
- }
- return eof_push ? -EAGAIN : 0;
-From 27095111cbafd3212c7e9a4a8cef1099b7520ca8 Mon Sep 17 00:00:00 2001
-From: Kieran Clancy <clancy.kieran@gmail.com>
-Date: Fri, 28 Feb 2014 14:12:28 +0000
-Subject: ACPI / EC: Clear stale EC events on Samsung systems
+On 64-bit systems, O_LARGEFILE is automatically added to flags inside
+the open() syscall (also openat(), blkdev_open(), etc). Userspace
+therefore defines O_LARGEFILE to be 0 - you can use it, but it's a
+no-op. Everything should be O_LARGEFILE by default.
-A number of Samsung notebooks (530Uxx/535Uxx/540Uxx/550Pxx/900Xxx/etc)
-continue to log events during sleep (lid open/close, AC plug/unplug,
-battery level change), which accumulate in the EC until a buffer fills.
-After the buffer is full (tests suggest it holds 8 events), GPEs stop
-being triggered for new events. This state persists on wake or even on
-power cycle, and prevents new events from being registered until the EC
-is manually polled.
+But: when fanotify does create_fd() it uses dentry_open(), which skips
+all that. And userspace can't set O_LARGEFILE in fanotify_init()
+because it's defined to 0. So if fanotify gets an event regarding a
+large file, the read() will just fail with -EOVERFLOW.
-This is the root cause of a number of bugs, including AC not being
-detected properly, lid close not triggering suspend, and low ambient
-light not triggering the keyboard backlight. The bug also seemed to be
-responsible for performance issues on at least one user's machine.
+This patch adds O_LARGEFILE to fanotify_init()'s event_f_flags on 64-bit
+systems, using the same test as open()/openat()/etc.
-Juan Manuel Cabo found the cause of bug and the workaround of polling
-the EC manually on wake.
+Addresses https://bugzilla.redhat.com/show_bug.cgi?id=696821
-The loop which clears the stale events is based on an earlier patch by
-Lan Tianyu (see referenced attachment).
+Signed-off-by: Will Woods <wwoods@redhat.com>
+Acked-by: Eric Paris <eparis@redhat.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-This patch:
- - Adds a function acpi_ec_clear() which polls the EC for stale _Q
- events at most ACPI_EC_CLEAR_MAX (currently 100) times. A warning is
- logged if this limit is reached.
- - Adds a flag EC_FLAGS_CLEAR_ON_RESUME which is set to 1 if the DMI
- system vendor is Samsung. This check could be replaced by several
- more specific DMI vendor/product pairs, but it's likely that the bug
- affects more Samsung products than just the five series mentioned
- above. Further, it should not be harmful to run acpi_ec_clear() on
- systems without the bug; it will return immediately after finding no
- data waiting.
- - Runs acpi_ec_clear() on initialisation (boot), from acpi_ec_add()
- - Runs acpi_ec_clear() on wake, from acpi_ec_unblock_transactions()
-
-References: https://bugzilla.kernel.org/show_bug.cgi?id=44161
-References: https://bugzilla.kernel.org/show_bug.cgi?id=45461
-References: https://bugzilla.kernel.org/show_bug.cgi?id=57271
-References: https://bugzilla.kernel.org/attachment.cgi?id=126801
-Suggested-by: Juan Manuel Cabo <juanmanuel.cabo@gmail.com>
-Signed-off-by: Kieran Clancy <clancy.kieran@gmail.com>
-Reviewed-by: Lan Tianyu <tianyu.lan@intel.com>
-Reviewed-by: Dennis Jansen <dennis.jansen@web.de>
-Tested-by: Kieran Clancy <clancy.kieran@gmail.com>
-Tested-by: Juan Manuel Cabo <juanmanuel.cabo@gmail.com>
-Tested-by: Dennis Jansen <dennis.jansen@web.de>
-Tested-by: Maurizio D'Addona <mauritiusdadd@gmail.com>
-Tested-by: San Zamoyski <san@plusnet.pl>
-Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
----
-diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
-index 959d41a..d7d32c2 100644
---- a/drivers/acpi/ec.c
-+++ b/drivers/acpi/ec.c
-@@ -67,6 +67,8 @@ enum ec_command {
- #define ACPI_EC_DELAY 500 /* Wait 500ms max. during EC ops */
- #define ACPI_EC_UDELAY_GLK 1000 /* Wait 1ms max. to get global lock */
- #define ACPI_EC_MSI_UDELAY 550 /* Wait 550us for MSI EC */
-+#define ACPI_EC_CLEAR_MAX 100 /* Maximum number of events to query
-+ * when trying to clear the EC */
-
- enum {
- EC_FLAGS_QUERY_PENDING, /* Query is pending */
-@@ -116,6 +118,7 @@ EXPORT_SYMBOL(first_ec);
- static int EC_FLAGS_MSI; /* Out-of-spec MSI controller */
- static int EC_FLAGS_VALIDATE_ECDT; /* ASUStec ECDTs need to be validated */
- static int EC_FLAGS_SKIP_DSDT_SCAN; /* Not all BIOS survive early DSDT scan */
-+static int EC_FLAGS_CLEAR_ON_RESUME; /* Needs acpi_ec_clear() on boot/resume */
-
- /* --------------------------------------------------------------------------
- Transaction Management
-@@ -440,6 +443,29 @@ acpi_handle ec_get_handle(void)
-
- EXPORT_SYMBOL(ec_get_handle);
-
-+static int acpi_ec_query_unlocked(struct acpi_ec *ec, u8 *data);
-+
-+/*
-+ * Clears stale _Q events that might have accumulated in the EC.
-+ * Run with locked ec mutex.
-+ */
-+static void acpi_ec_clear(struct acpi_ec *ec)
-+{
-+ int i, status;
-+ u8 value = 0;
-+
-+ for (i = 0; i < ACPI_EC_CLEAR_MAX; i++) {
-+ status = acpi_ec_query_unlocked(ec, &value);
-+ if (status || !value)
-+ break;
-+ }
-+
-+ if (unlikely(i == ACPI_EC_CLEAR_MAX))
-+ pr_warn("Warning: Maximum of %d stale EC events cleared\n", i);
-+ else
-+ pr_info("%d stale EC events cleared\n", i);
-+}
-+
- void acpi_ec_block_transactions(void)
- {
- struct acpi_ec *ec = first_ec;
-@@ -463,6 +489,10 @@ void acpi_ec_unblock_transactions(void)
- mutex_lock(&ec->mutex);
- /* Allow transactions to be carried out again */
- clear_bit(EC_FLAGS_BLOCKED, &ec->flags);
-+
-+ if (EC_FLAGS_CLEAR_ON_RESUME)
-+ acpi_ec_clear(ec);
-+
- mutex_unlock(&ec->mutex);
- }
-
-@@ -821,6 +851,13 @@ static int acpi_ec_add(struct acpi_device *device)
-
- /* EC is fully operational, allow queries */
- clear_bit(EC_FLAGS_QUERY_PENDING, &ec->flags);
-+
-+ /* Clear stale _Q events if hardware might require that */
-+ if (EC_FLAGS_CLEAR_ON_RESUME) {
-+ mutex_lock(&ec->mutex);
-+ acpi_ec_clear(ec);
-+ mutex_unlock(&ec->mutex);
-+ }
- return ret;
- }
-
-@@ -922,6 +959,30 @@ static int ec_enlarge_storm_threshold(const struct dmi_system_id *id)
- return 0;
- }
-
-+/*
-+ * On some hardware it is necessary to clear events accumulated by the EC during
-+ * sleep. These ECs stop reporting GPEs until they are manually polled, if too
-+ * many events are accumulated. (e.g. Samsung Series 5/9 notebooks)
-+ *
-+ * https://bugzilla.kernel.org/show_bug.cgi?id=44161
-+ *
-+ * Ideally, the EC should also be instructed NOT to accumulate events during
-+ * sleep (which Windows seems to do somehow), but the interface to control this
-+ * behaviour is not known at this time.
-+ *
-+ * Models known to be affected are Samsung 530Uxx/535Uxx/540Uxx/550Pxx/900Xxx,
-+ * however it is very likely that other Samsung models are affected.
-+ *
-+ * On systems which don't accumulate _Q events during sleep, this extra check
-+ * should be harmless.
-+ */
-+static int ec_clear_on_resume(const struct dmi_system_id *id)
-+{
-+ pr_debug("Detected system needing EC poll on resume.\n");
-+ EC_FLAGS_CLEAR_ON_RESUME = 1;
-+ return 0;
-+}
-+
- static struct dmi_system_id ec_dmi_table[] __initdata = {
- {
- ec_skip_dsdt_scan, "Compal JFL92", {
-@@ -965,6 +1026,9 @@ static struct dmi_system_id ec_dmi_table[] __initdata = {
- ec_validate_ecdt, "ASUS hardware", {
- DMI_MATCH(DMI_SYS_VENDOR, "ASUSTek Computer Inc."),
- DMI_MATCH(DMI_PRODUCT_NAME, "L4R"),}, NULL},
-+ {
-+ ec_clear_on_resume, "Samsung hardware", {
-+ DMI_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD.")}, NULL},
- {},
- };
+diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
+index 4e565c8..732648b 100644
+--- a/fs/notify/fanotify/fanotify_user.c
++++ b/fs/notify/fanotify/fanotify_user.c
+@@ -698,6 +698,8 @@ SYSCALL_DEFINE2(fanotify_init, unsigned int, flags, unsigned int, event_f_flags)
+ }
+ group->overflow_event = &oevent->fse;
+
++ if (force_o_largefile())
++ event_f_flags |= O_LARGEFILE;
+ group->fanotify_data.f_flags = event_f_flags;
+ #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS
+ spin_lock_init(&group->fanotify_data.access_lock);
+--- a/drivers/pnp/pnpbios/bioscalls.c 2014-03-31 05:40:15.000000000 +0200
++++ b/drivers/pnp/pnpbios/bioscalls.c 2015-08-30 20:34:09.000000000 +0200
+@@ -21,7 +21,7 @@
+
+ #include "pnpbios.h"
+
+-static struct {
++__visible struct {
+ u16 offset;
+ u16 segment;
+ } pnp_bios_callpoint;
+@@ -37,10 +37,11 @@
+ * kernel begins at offset 3GB...
+ */
+
+-asmlinkage void pnp_bios_callfunc(void);
++asmlinkage __visible void pnp_bios_callfunc(void);
+
+ __asm__(".text \n"
+ __ALIGN_STR "\n"
++ ".globl pnp_bios_callfunc\n"
+ "pnp_bios_callfunc:\n"
+ " pushl %edx \n"
+ " pushl %ecx \n"
+@@ -66,9 +67,9 @@
+ * after PnP BIOS oopses.
+ */
+
+-u32 pnp_bios_fault_esp;
+-u32 pnp_bios_fault_eip;
+-u32 pnp_bios_is_utter_crap = 0;
++__visible u32 pnp_bios_fault_esp;
++__visible u32 pnp_bios_fault_eip;
++__visible u32 pnp_bios_is_utter_crap = 0;
+
+ static spinlock_t pnp_bios_lock;
---
-cgit v0.9.2
projects / packages / kernel.git / blobdiff