commit adb67a73a50d930e75950ee3263615c6a28875fb Author: Greg Kroah-Hartman Date: Fri Feb 3 09:28:09 2012 -0800 Linux 2.6.32.56 commit 8905e272a595430e4b24deb1c1239a63fb2f2c70 Author: Johan Hovold Date: Wed Jan 18 01:46:00 2012 +0100 USB: ftdi_sio: fix initial baud rate commit 108e02b12921078a59dcacd048079ece48a4a983 upstream. Fix regression introduced by commit b1ffb4c851f1 ("USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c") which caused the termios settings to no longer be initialised at open. Consequently it was no longer possible to set the port to the default speed of 9600 baud without first changing to another baud rate and back again. Reported-by: Roland Ramthun Signed-off-by: Johan Hovold Tested-by: Roland Ramthun Signed-off-by: Greg Kroah-Hartman commit a14c3540d6a6ee6eec3f7551825225ef29857f9c Author: Johan Hovold Date: Mon Jan 16 00:36:50 2012 +0100 USB: cp210x: do not map baud rates to B0 commit be125d9c8d59560e7cc2d6e2b65c8fd233498ab7 upstream. We do not implement B0 hangup yet so map low baudrates to 300bps. Signed-off-by: Johan Hovold Cc: Preston Fick Signed-off-by: Greg Kroah-Hartman commit 377f930f02a9b38e28761e081338aed363d4ea17 Author: Renato Caldas Date: Fri Jan 6 15:20:51 2012 +0000 USB: serial: CP210x: Added USB-ID for the Link Instruments MSO-19 commit 791b7d7cf69de11275e4dccec2f538eec02cbff6 upstream. This device is a Oscilloscope/Logic Analizer/Pattern Generator/TDR, using a Silabs CP2103 USB to UART Bridge. Signed-off-by: Renato Caldas Signed-off-by: Greg Kroah-Hartman commit 5a233b185a4a53478fe4f8ade7fdf8204b412fd8 Author: Vivien Didelot Date: Thu Jan 26 15:59:00 2012 -0500 hwmon: (sht15) fix bad error code commit 6edf3c30af01854c416f8654d3d5d2652470afd4 upstream. When no platform data was supplied, returned error code was 0. Signed-off-by: Vivien Didelot Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit b67cbf2deeb8198972d4d19da61ed3fc949388d6 Author: Jean Delvare Date: Fri Jan 20 10:09:23 2012 -0500 hwmon: (f71805f) Fix clamping of temperature limits commit 86b2bbfdbd1fcc4a3aa62ccd3f245c40c5ad5b85 upstream. Properly clamp temperature limits set by the user. Without this fix, attempts to write temperature limits above the maximum supported by the chip (255 degrees Celsius) would arbitrarily and unexpectedly result in the limit being set to 0 degree Celsius. Signed-off-by: Jean Delvare Signed-off-by: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit 2b93e1fde1b44ed8941e946515ecf10eb15a5a96 Author: Harrison Metzger Date: Sun Jan 15 08:43:24 2012 -0600 USB: usbsevseg: fix max length commit 1097ccebe630170080c41df0edcf88e0626e9c75 upstream. This changes the max length for the usb seven segment delcom device to 8 from 6. Delcom has both 6 and 8 variants and having 8 works fine with devices which are only 6. Signed-off-by: Harrison Metzger Signed-off-by: Stuart Pook Signed-off-by: Greg Kroah-Hartman commit 881bec2f23410ae6f6074469f3ce0daaf93f72c1 Author: Eric W. Biederman Date: Fri Jan 13 21:32:06 2012 -0800 usb: io_ti: Make edge_remove_sysfs_attrs the port_remove method. commit 6d443d8499e4e59ffb949759cdded32730f8d2f6 upstream. Calling edge_remove_sysfs_attrs from edge_disconnect is too late as the device has already been removed from sysfs. Do the simple and obvious thing and make edge_remove_sysfs_attrs the port_remove method. Signed-off-by: Eric W. Biederman Reported-by: Wolfgang Frisch Signed-off-by: Greg Kroah-Hartman commit 89b6c4ea1a545908809604812e23a7f83ba782e8 Author: Bjørn Mork Date: Mon Jan 16 12:41:47 2012 +0100 USB: cdc-wdm: updating desc->length must be protected by spin_lock commit c428b70c1e115c5649707a602742e34130d19428 upstream. wdm_in_callback() will also touch this field, so we cannot change it without locking Signed-off-by: Bjørn Mork Acked-by: Oliver Neukum Signed-off-by: Greg Kroah-Hartman commit f9a85dfe60bbfe74ecd0c62863e8b683314533a4 Author: Alan Cox Date: Thu Jan 26 17:41:34 2012 +0000 USB: ftdi_sio: Add more identifiers commit 2353f806c97020d4c7709f15eebb49b591f7306d upstream. 0x04d8, 0x000a: Hornby Elite Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman commit cf67b4aa5b3ef40413625eb2daf2ec2941975b4b Author: Peter Naulls Date: Tue Jan 17 18:27:09 2012 -0800 USB: serial: ftdi additional IDs commit fc216ec363f4d174932df90bbf35c77d0540e561 upstream. I tested this against 2.6.39 in the Ubuntu kernel, however I see the IDs are not in latest 3.2 git. This adds IDs for the FTDI controller in the Rainforest Automation Zigbee dongle. Signed-off-by: Peter Naulls Signed-off-by: Greg Kroah-Hartman commit 305525045e5da585ae85d5f8ef6e05c6d22d05f1 Author: Peter Korsgaard Date: Wed Jan 18 23:43:45 2012 +0100 USB: ftdi_sio: add PID for TI XDS100v2 / BeagleBone A3 commit 55f13aeae0346f0c89bfface91ad9a97653dc433 upstream. Port A for JTAG, port B for serial. Signed-off-by: Peter Korsgaard Signed-off-by: Greg Kroah-Hartman commit d71e097d67569b483cdecec08b736e49d1df1d37 Author: Johan Hovold Date: Tue Jan 10 23:33:37 2012 +0100 USB: ftdi_sio: fix TIOCSSERIAL baud_base handling commit eb833a9e0972f60beb4ab8104ad7ef6bf30f02fc upstream. Return EINVAL if new baud_base does not match the current one. The baud_base is device specific and can not be changed. This restores the old (pre-2005) behaviour which was changed due to a misunderstanding regarding this fact (see https://lkml.org/lkml/2005/1/20/84). Reported-by: Torbjörn Lofterud Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit 3f4896b5d392137ff92cbdc447310417ac980768 Author: Paolo Bonzini Date: Tue Jan 17 04:07:31 2012 +0000 dm: do not forward ioctls from logical volumes to the underlying device commit ec8013beddd717d1740cfefb1a9b900deef85462 upstream. A logical volume can map to just part of underlying physical volume. In this case, it must be treated like a partition. Based on a patch from Alasdair G Kergon. Cc: Alasdair G Kergon Cc: dm-devel@redhat.com Signed-off-by: Paolo Bonzini Signed-off-by: Linus Torvalds [bwh: Backport to 2.6.32 - drop change to drivers/md/dm-flakey.c] Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit ddd80d112479aaa16e3b82c5729451dcbeafe00c Author: Paolo Bonzini Date: Tue Jan 17 04:07:02 2012 +0000 block: fail SCSI passthrough ioctls on partition devices commit 0bfc96cb77224736dfa35c3c555d37b3646ef35e upstream. [ Changes with respect to 3.3: return -ENOTTY from scsi_verify_blk_ioctl and -ENOIOCTLCMD from sd_compat_ioctl. ] Linux allows executing the SG_IO ioctl on a partition or LVM volume, and will pass the command to the underlying block device. This is well-known, but it is also a large security problem when (via Unix permissions, ACLs, SELinux or a combination thereof) a program or user needs to be granted access only to part of the disk. This patch lets partitions forward a small set of harmless ioctls; others are logged with printk so that we can see which ioctls are actually sent. In my tests only CDROM_GET_CAPABILITY actually occurred. Of course it was being sent to a (partition on a) hard disk, so it would have failed with ENOTTY and the patch isn't changing anything in practice. Still, I'm treating it specially to avoid spamming the logs. In principle, this restriction should include programs running with CAP_SYS_RAWIO. If for example I let a program access /dev/sda2 and /dev/sdb, it still should not be able to read/write outside the boundaries of /dev/sda2 independent of the capabilities. However, for now programs with CAP_SYS_RAWIO will still be allowed to send the ioctls. Their actions will still be logged. This patch does not affect the non-libata IDE driver. That driver however already tests for bd != bd->bd_contains before issuing some ioctl; it could be restricted further to forbid these ioctls even for programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO. Cc: linux-scsi@vger.kernel.org Cc: Jens Axboe Cc: James Bottomley Signed-off-by: Paolo Bonzini [ Make it also print the command name when warning - Linus ] Signed-off-by: Linus Torvalds [bwh: Backport to 2.6.32 - ENOIOCTLCMD does not get converted to ENOTTY, so we must return ENOTTY directly] Signed-off-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman commit 80375fc467ecef560d6c73bf04752b02f6204ada Author: Herton Ronaldo Krzesinski Date: Tue Jan 24 16:00:16 2012 -0200 Revert "ARM: 7220/1: mmc: mmci: Fixup error handling for dma" This reverts commit c8cdf3f97d34d906e0519d5cbc2ab3f81269d0b4, applied on linux 2.6.32.53 stable release, as it can introduce the following build error while building 2.6.32.y on armel: linux-2.6.32/drivers/mmc/host/mmci.c: In function 'mmci_cmd_irq': linux-2.6.32/drivers/mmc/host/mmci.c:237: error: implicit declaration of function 'dma_inprogress' linux-2.6.32/drivers/mmc/host/mmci.c:238: error: implicit declaration of function 'mmci_dma_data_error' Aparently the commit was wrongly pushed into 2.6.32, since it depends on commit c8ebae37 ("ARM: mmci: add dmaengine-based DMA support"), not present on 2.6.32. Signed-off-by: Herton Ronaldo Krzesinski Signed-off-by: Greg Kroah-Hartman commit 4d385100b02a7b255797ac2066ea043a6f60e3dc Author: Alexey Dobriyan Date: Sat Jan 14 21:40:57 2012 +0300 crypto: sha512 - reduce stack usage to safe number commit 51fc6dc8f948047364f7d42a4ed89b416c6cc0a3 upstream. For rounds 16--79, W[i] only depends on W[i - 2], W[i - 7], W[i - 15] and W[i - 16]. Consequently, keeping all W[80] array on stack is unnecessary, only 16 values are really needed. Using W[16] instead of W[80] greatly reduces stack usage (~750 bytes to ~340 bytes on x86_64). Line by line explanation: * BLEND_OP array is "circular" now, all indexes have to be modulo 16. Round number is positive, so remainder operation should be without surprises. * initial full message scheduling is trimmed to first 16 values which come from data block, the rest is calculated before it's needed. * original loop body is unrolled version of new SHA512_0_15 and SHA512_16_79 macros, unrolling was done to not do explicit variable renaming. Otherwise it's the very same code after preprocessing. See sha1_transform() code which does the same trick. Patch survives in-tree crypto test and original bugreport test (ping flood with hmac(sha512). See FIPS 180-2 for SHA-512 definition http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf Signed-off-by: Alexey Dobriyan Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit bef4c3bef7d6cbe3638d910b93483f7dfe03b5c2 Author: Alexey Dobriyan Date: Sat Jan 14 21:27:37 2012 +0300 crypto: sha512 - make it work, undo percpu message schedule commit 84e31fdb7c797a7303e0cc295cb9bc8b73fb872d upstream. commit f9e2bca6c22d75a289a349f869701214d63b5060 aka "crypto: sha512 - Move message schedule W[80] to static percpu area" created global message schedule area. If sha512_update will ever be entered twice, hash will be silently calculated incorrectly. Probably the easiest way to notice incorrect hashes being calculated is to run 2 ping floods over AH with hmac(sha512): #!/usr/sbin/setkey -f flush; spdflush; add IP1 IP2 ah 25 -A hmac-sha512 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025; add IP2 IP1 ah 52 -A hmac-sha512 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000052; spdadd IP1 IP2 any -P out ipsec ah/transport//require; spdadd IP2 IP1 any -P in ipsec ah/transport//require; XfrmInStateProtoError will start ticking with -EBADMSG being returned from ah_input(). This never happens with, say, hmac(sha1). With patch applied (on BOTH sides), XfrmInStateProtoError does not tick with multiple bidirectional ping flood streams like it doesn't tick with SHA-1. After this patch sha512_transform() will start using ~750 bytes of stack on x86_64. This is OK for simple loads, for something more heavy, stack reduction will be done separatedly. Signed-off-by: Alexey Dobriyan Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit 26487be3d861e50dcfd4b19199e3c206d3700678 Author: Thomas Hellstrom Date: Tue Jan 24 18:54:21 2012 +0100 drm: Fix authentication kernel crash commit 598781d71119827b454fd75d46f84755bca6f0c6 upstream. If the master tries to authenticate a client using drm_authmagic and that client has already closed its drm file descriptor, either wilfully or because it was terminated, the call to drm_authmagic will dereference a stale pointer into kmalloc'ed memory and corrupt it. Typically this results in a hard system hang. This patch fixes that problem by removing any authentication tokens (struct drm_magic_entry) open for a file descriptor when that file descriptor is closed. Signed-off-by: Thomas Hellstrom Reviewed-by: Daniel Vetter Signed-off-by: Dave Airlie Signed-off-by: Greg Kroah-Hartman commit bd8f0a46a1d92470b88ae53e8282dc4edf4f0ba9 Author: Tyler Hicks Date: Wed Jan 18 18:30:04 2012 -0600 eCryptfs: Make truncate path killable commit 5e6f0d769017cc49207ef56996e42363ec26c1f0 upstream. ecryptfs_write() handles the truncation of eCryptfs inodes. It grabs a page, zeroes out the appropriate portions, and then encrypts the page before writing it to the lower filesystem. It was unkillable and due to the lack of sparse file support could result in tying up a large portion of system resources, while encrypting pages of zeros, with no way for the truncate operation to be stopped from userspace. This patch adds the ability for ecryptfs_write() to detect a pending fatal signal and return as gracefully as possible. The intent is to leave the lower file in a useable state, while still allowing a user to break out of the encryption loop. If a pending fatal signal is detected, the eCryptfs inode size is updated to reflect the modified inode size and then -EINTR is returned. Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit 7727d2c0b842a1971090a15c434b41049632fff5 Author: Tim Gardner Date: Thu Jan 12 16:31:55 2012 +0100 ecryptfs: Improve metadata read failure logging commit 30373dc0c87ffef68d5628e77d56ffb1fa22e1ee upstream. Print inode on metadata read failure. The only real way of dealing with metadata read failures is to delete the underlying file system file. Having the inode allows one to 'find . -inum INODE`. [tyhicks@canonical.com: Removed some minor not-for-stable parts] Signed-off-by: Tim Gardner Reviewed-by: Kees Cook Signed-off-by: Tyler Hicks Signed-off-by: Greg Kroah-Hartman commit 22b1c8706204fc3b225fa2ee99b3f71d3203d146 Author: Tyler Hicks Date: Thu Jan 12 11:30:44 2012 +0100 eCryptfs: Sanitize write counts of /dev/ecryptfs commit db10e556518eb9d21ee92ff944530d84349684f4 upstream. A malicious count value specified when writing to /dev/ecryptfs may result in a a very large kernel memory allocation. This patch peeks at the specified packet payload size, adds that to the size of the packet headers and compares the result with the write count value. The resulting maximum memory allocation size is approximately 532 bytes. Signed-off-by: Tyler Hicks Reported-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman