[Karmic] SRU: Update to stable kernel

Stefan Bader stefan.bader at canonical.com
Wed Jan 20 13:30:58 UTC 2010

Some inline comments and full review notes attached.

Surbhi Palande wrote:
> Hi All,
> https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/509730
> The stable kernel has recently been released.  The
> Upstream Stable Kernel brings in 38 patches (1 of which we already
> have).  I've applied and pushed these to my tree for review.
> git://kernel.ubuntu.com/surbhi/ubuntu-karmic.git stable-
> http://kernel.ubuntu.com/git?p=surbhi/ubuntu-karmic.git;a=shortlog;h=refs/heads/stable-
> The upstream process for stable tree updates is quite similar in scope
> to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a
> bug, and each patch is vetted by upstream by originating either directly
> from Linus' tree or in a minimally backported form of that patch. The
> upstream stable patch set is now available. It should be
> included in the Ubuntu kernel as well.
> http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-
> http://kernel.org/pub/linux/kernel/v2.6/patch-
> The following bugs might be resolved via patches from
> * https://bugs.edge.launchpad.net/bugs/435958 - fixed with "acerhdf:
> limit modalias matching to supported"
> * https://bugs.edge.launchpad.net/bugs/490068 - fixed with "USB: option:
> support hi speed for modem Haier CE100"
> * https://bugs.edge.launchpad.net/bugs/253874- fixed with "Input: atkbd
> - add force relese key quirk for Samsung R59P/R60P/R61P"

Just some general notes which might or might not require some action:
For bugs we already are carrying we usually revert those with a short note
that this is going to be replaced by an upstream patch. Then apply the upstream
patch, but without adding the BugLink for the specific bug (if the specific bug
is already in fix released). The reasoning is that when the bug is already fix
released, then it is in updates and then again claiming it fixed just causes
confusion. (In some cases this can mean to remove a BugLink)

If a patches fixes a bug we not yet have released, then the specific bug
number(s) are added as BugLinks aside with the one for the tracking bug.

Special handling for patches that already went in via security. For those we
decided not to replace them by stable upstream patches at all but to drop the
stable patch. They should be the same anyway and we don't want to mess with

> The 38 stable patches are as follows.  I've inlined my own review
> comments (marked by #).
> Warm Regards,
> Surbhi.
> commit f3b8a699214d28f17c1ef8fd3c71cba7c33c3889
> Author: Stefan Bader <stefan.bader at canonical.com>
> acerhdf: limit modalias matching to supported
> # This commit fixes launchpad bug #435958. It removes an unnecessary
> warning on Acer machines with model numbers not starting with
> AOA or DOA

I believe we have this one as fix released. Lets make sure the original buglink
gets removed if it is in there.

> commit 637cd43cefe67a93f58a5147762ad66a556d0483
> Author: Eric Millbrandt <emillbrandt at dekaresearch.com>
> ASoC: Do not write to invalid registers on the wm9712.
> # This patch prevents the population of virtual invalid registers
>  offering the same protection which is offered in the wm9713 driver.
> Doing so prevents the overwriting of unrelated registers.
> commit c7d622e356d6a21b788bd34cef607e01ae28c197
> Author: Jeff Layton <jlayton at redhat.com>
> cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS
> referrals
> # This patch fixes an Oops at: cifs_put_smb_ses+0x14/0xd0 by moving the
> initialization of some variables below the try_mount_again label. This
> patch also prevents xid leaks by adding a FreeXid()
> commit 5c87f0c04abf876c8019c04ff581976a9a241206
> Author: Thomas Gleixner <tglx at linutronix.de>
> clockevents: Prevent clockevent_devices list corruption on cpu hotplug

> # Fixes the shutdown-time oops or segmentation fault in clockevents_notify()
> related to upstream kernel bugzilla #15005 and #15028

A good way to find bugs in LP which reference upstream bugs is this page:


You can order the results by upstream number and then look for it.

> commit 2ebcfd6c0ef863636ce215f71c70c3b2d4e57a6f
> Author: Nicolas Ferre <nicolas.ferre at atmel.com>
> dma: at_hdmac: correct incompatible type for argument 1 of 'spin_lock_bh'
> # This is a typo correction patch that adds a '&' to a variable which is
> being passed to the spin_lock_bh().
> commit cf95a4b52defc0daf910a71f76e5f647eb28bd1d
> Author: Julia Lawall <julia at diku.dk>
> drivers/net/usb: Correct code taking the size of a pointer
> # This patch uses the precalculated size of a variable rather than
> reusing the sizeof()
> commit 2e6f37a113babaf54f2ef776a549a6440d262de9
> Author: Daniel Mack <daniel at caiaq.de>
> Libertas: fix buffer overflow in lbs_get_essid()
> # This patch removes the copying of an extra null character to a
> kzalloced buffer. Fixes memory corruption.
> commit 73b52c3b88805ec5528c647fcb71eab3443e47cb
> Author: NeilBrown <neilb at suse.de>
> md: Fix unfortunate interaction with evms
> # In order to prevent a device from disappearing erroneously, this patch
> sets the mddev->ctime in the SET_ARRAY_INFO ioctl and checks to see if
> the mddev->ctime is 0  before declaring an array inactive and non
> configured.
> commit 7564ecada882a2ec698bddcfb85a48e4b0e2b2a5
> Author: Bartlomiej Zolnierkiewicz <bzolnier at gmail.com>
> pata_cmd64x: fix overclocking of UDMA0-2 modes
> # This patch fixes a potential memory corruption caused by a wrong DMA
> speed selection when actually the DMA needs to be done at a slower
> speed. The fix involved correctly comparing the transfer mode value
> instead of the transfer mode number.
> commit 14e3cd129aad425dae38ac5ba9aa7d709283a085
> Author: Sergei Shtylyov <sshtylyov at ru.mvista.com>
> pata_hpt3x2n: fix clock turnaround
> # This patch fixes a series of bugs related to the changing of the clock
> mode from DPLL to PCI, in the pata_hpt3x2n driver. Following is the
> result of the patch:
>     * Correctly change from the DPLL to PCI clock whenever necessary.
>     * Disabled channels are not written to
>      * The correct ports are written to for the secondary channels.
> commit fc480c27d9d5b2be5da93de8169d040f8a082f71
> Author: Mike Christie <michaelc at cs.wisc.edu>
> SCSI: fc class: fix fc_transport_init error handling
> # This patch fixes the memory leak which could occur when a call to the
> transport_class_register fails. This fix is done by appropriately
> unregistering the already registered classes when this call fails.
> commit 184369b078e7c0c13bcd9f4487b994536713cc4c
> Author: Clemens Ladisch <clemens at ladisch.de>
> sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer
> # This patch uses vmalloc_user() instead of vmalloc() while allocating a
> PCM buffer. This prevents the wrong buffer from being exposed to userspace.
> commit 61a6c8ed6de9b2eb4c3f2850bbfb2e0aa9e182f0
> Author: Clemens Ladisch <clemens at ladisch.de>
> USB: emi62: fix crash when trying to load EMI 6|2 firmware
> # This patch fixes the BUG: unable to handle kernel NULL pointer
> dereference at (null) IP: [<f80d248c>] emi62_load_firmware+0x33c/0x740
> [emi62]. emi62 was changed to use the ihex helper functions which
> indicate end or record by a NULL pointer. This patch uses this end of
> record value in order to prevent dereferencing a NULL pointer.
> commit 79ec7f562e3d0a7a78697ce3031e648e5a4cbdc2
> Author: pancho horrillo <pancho at pancho.name>
> USB: Fix a bug on appledisplay.c regarding signedness
> # brightness status is reported by the Apple Cinema Displays as an
> 'unsigned char' (u8) value, but the code used 'char' instead. Due to
> this the driver interprets the brightness level > 127 as negative and
> fails to load. This patch fixes this bug.
> commit 67024e047458edebb46559ad7db8b568f7443599
> Author: Sergei Shtylyov <sshtylyov at ru.mvista.com>
> USB: musb: gadget_ep0: avoid SetupEnd interrupt
> # Fixed this bug : "SetupEnd came in a wrong ep0stage idle when stalling
> a zero length SETUP request". This is done by setting the DATAEND bit
> only after detecting a zero lenght request.
> commit 3c55fa560d5befabcfe62c76d94e84a43ee34f06
> Author: Donny Kurnia <donnykurnia at gmail.com>
> USB: option: support hi speed for modem Haier CE100
> # This patch adds the support for EVDO modem Haier CE100.
> It fixes the lp bug: #490068

You should add a BugLink type reference to the patch here. I updated the
referenced bug to have a Karmic task. When we commit the update, make sure
that is set to committed. And also check whether the patch made it to Lucid
already. If yes, you can set the main task to released.

> commit 43abf240b660703fbff2bae3695e41f1169795f5
> Author: Suresh Siddha <suresh.b.siddha at intel.com>
> x86, cpuid: Add "volatile" to asm in native_cpuid()
> # This patch fixes a bug that uses an gcc optimized value of cpuid,
> which could lead to a crash on processors supporting more state than the
> legacy FP/SSE. In order to use the correct value a "volatile" is added
> before executing the cpuid instruction.
> commit 550b1d3896894543cc13dafe6910119024177482
> Author: Roger Oksanen <roger.oksanen at cs.helsinki.fi>
> e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation
> failure
> # This patch fixes the upstream kernel bugzilla #14265. While allocating
> memory, this patch uses GFP_KERNEL instead o the GFP_ATOMIC which might
> fail on some systems.
> commit 1bfc1db036675e61af0ea34d3ac18206de566b64
> Author: Roger Oksanen <roger.oksanen at cs.helsinki.fi>
> e100: Fix broken cbs accounting due to missing memset.
> # This patch fixes the slab corruption caused by the e100 driver that
> used a non zeroed buffer. This patch explicitly zeroes it before use.

This and the previous patch belong together as it was the one before that caused
the problems by changing from pci_alloc_consistent() returns zeroed memory,
while pci_pool_alloc() does not.

> commit cebb2ee677ef2016331f14e937811976a95003b3
> Author: Martin Decky <martin at decky.cz>
> hostap: Revert a toxic part of the conversion to net_device_ops
> # This patch to the hostap driver, reverts back to the original
> semantics of handling the packets in the AP mode. This patch fixes the
> packet loss which occurs in the AP mode because of the wrong queue length.

It probably is worth noting that this is not a complete revert but just
addresses the
issue of the semantics which got reversed by the previous patch.

> commit cdbb74a7b9d18c0a3f99c5e242fce12456a52899
> Author: Roel Kluin <roel.kluin at gmail.com>
> hwmon: (fschmd) Fix check on unsigned in watchdog_write()
> # This patch to the hwmon driver corrects the type of the return value
> of watchdog_trigger() from unsigned to signed in order to handle errors
> correctly and to prevent from loosing return values.
> commit 0b8d9a7c4ac4e90adf8a499d91ebc9ca4513f295
> Author: Jonathan Cameron <jic23 at cam.ac.uk>
> hwmon: (sht15) Off-by-one error in array index + incorrect constants
> # This patch fixes the wrong array index value used in a for loop in the
> sht15 driver's sht15_calc_temp()
> commit b167b0c6a4ae732370eba9486b6274d6637fdd06
> Author: Michele Jr De Candia <michele.decandia at valueteam.com>
> i2c/tsl2550: Fix lux value in extended mode
> # This patch to the i2c/tsl2550 fixes the lux value calculation in
> extended mode to correctly control the backlight with the ambient light
> sensor.
> commit 1e856b3bc1a27e2a41b64af46296112a8aa6a7bd
> Author: Patrick McHardy <kaber at trash.net>
> ipv6: reassembly: use seperate reassembly queues for conntrack and local
> delivery
> # This patch adds a "user" identifier to the reassembly queue key to
> seperate the queues of each caller, similar to what is done in IPv4.

Seems an ABI bumper to me as it adds the user field. This affects ipv6 only and
should be resonably ok as it follows the ipv4 code.

> commit 238659281dab178c457e16b515582f0b4f4019b7
> Author: Stefan Weinhuber <wein at de.ibm.com>
> S390: dasd: support DIAG access for read-only devices
> # This patch fixes this bug: "dasd(diag) 0.0.0404: DIAG initialization
> failed (rc=4)". The return value 4 by the mdsk_init_io() was interpreted
> by the dasd driver as an error whereas it was returned for a read-only
> device. This patch adds code to initialize a readonly device and also to
> warn a user when device access mode changes to readonly.

And as we do not support S/390 this cannot cause regression for anybody that
cares. :) But it looks sensible, too.

> commit 45a53b5dce3f9e5c368061a77b9dcbce6d7f8946
> Author: Jan Kara <jack at suse.cz>
> udf: Try harder when looking for VAT inode
> # Some disks do not contain the VAT inode in the last recorded block but
> in a few blocks earlier (or the number of recorded blocks is wrong).
> This patch looks for the VAT inode a bit before the end of the media.
> commit 2bdc1c6942693c9ab1c17b82bc374966133963f3
> Author: Dan Carpenter <error27 at gmail.com>
> V4L/DVB (13596): ov511.c typo: lock => unlock
> # This was found with a static checker and has not been tested, but it
> seems pretty clear that the mutex_lock() was supposed to be
> mutex_unlock(). This patch fixes this typo.
> commit 1bb36e83e350d997fb109b77e41bf4dce57ffe58
> Author: Linus Torvalds <torvalds at linux-foundation.org>
> x86/ptrace: make genregs[32]_get/set more robust
> # This patch makes the genregs_get/set calls more robust by making the
> loop condition check more defensive and appropriate.
> commit 64b220304ef04ce44243aae5f477407a7dc26fa6
> Author: Jan Rekorajski <baggins at sith.mimuw.edu.pl>
> XFS bug in log recover with quota (bugzilla id 855)
> # This patch fixes the upstream bug #855 where XFS is not able to
> recover the log after a crash when fs was mounted with quotas. This
> patch fixes the comparision of buffer lenght to the size of the correct
> xfs_disk_dquot_t struct to prevent the bug from occuring.
> commit 92a5184168d552fd3e8f43d05ac04924d6aaa43b
> Author: Serge E. Hallyn <serue at us.ibm.com>
> generic_permission: MAY_OPEN is not write access
> # After this patch, CAP_DAC_READ_SEARCH is again sufficient to
> open(fname, O_RDONLY) on a file to which DAC otherwise refuses us read
> permission.
> commit f1850a5783908f6528c305e321119e7aa6641151
> Author: Gertjan van Wingerde <gwingerde at gmail.com>
> rt2x00: Disable powersaving for rt61pci and rt2800pci.
> #  This patch causes some builds to fail. It is reverted
> in released upstream. Hence we do not include this patch as a
>   part of this release.

I would opt to modify the tracking bug to update to and pull in
just the other two patches which revert this one and make the version number right.

> commit ae3559fa2fe48ab923b52885bba2dca0355428f0
> Author: Daisuke Nishimura <nishimura at mxp.nes.nec.co.jp>
> memcg: avoid oom-killing innocent task in case of use_hierarchy
> # This patch fixes the bug in task_in_mem_cgroup() and prevents the
> killing of an innocent child task in a memory cgroup.
> commit 0bce92b05a81bb290ae58f689b14a283a87db6d7
> Author: Moiseev Vladimir <cdb at linkycat.com>
> Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P
> # This is a quirk which is applicable for <= 2.6.31 kernels. This patch
> handles the force_release event from userspace and enables the Samsung
> driver work correctly.

This has the buglink in. We just need to keep an eye on it to be put into the
changelog on release (it should work but better be cautious).

> commit 36f1fbe83ea3e2b64d4429439d05ad2dc25b3ca8
> Author: Dmitry Monakhov <dmonakhov at openvz.org>
> Add unlocked version of inode_add_bytes() function
> # This patch creates another function __inode_add_bytes() which must be
> called with the  inode's i_lock held. The original inode_add_bytes() is
> changed to a wrapper call which  handles the locking/unlocking and
> ultimately calls the __inode_add_bytes() to do what it originally did.
> commit c169e13a6662cbf36fc0098508e7aa31b49cbf23
> Author: Dmitry Monakhov <dmonakhov at openvz.org>
> quota: decouple fs reserved space from quota reservation
> # Managing the inode_reservation on a quota_transfer introduces a lot of
> complex issues. This patch manages the quota based on a fs inode field
> which is introduced for every fs (through other patches).  This patch
> also does some code rearrangement and updates some warning messages.
> commit 8227f06a8f941d900836bc7ac22d72949fc247d5
> Author: Dmitry Monakhov <dmonakhov at openvz.org>
> ext4: Convert to generic reserved quota's space management.
> # This patch also fixes write vs chown race condition. This patch adds a
> quota reservation field i_reserved_quota for each fs inode. This field
> is managed by the quota code.
> NOTE: The above two patches cause a regression. The solution to these
> patches is available with the commit
> 05b5d898235401c489c68e1f3bc5706a29ad5713 upstream which shall be a part
> of Hence we will make these two patches a part of


> commit 710854ea715d8e31df700d87a64d6ed0d08ee442
> Author: Dmitry Monakhov <dmonakhov at openvz.org>
> ext4: fix sleep inside spinlock issue with quota and dealloc (#14739)
> # This patch fixes the upstream bug #14739. It unlocks the
> i_block_reservation_lock before calling the vfs_dq_reserve_block()in the
> ext4_da_reserve_space(). This patch also fixes the reservation for the
> meta data blocks in ext4_da_reserve_space()
> commit 8140e5b46ab0b4cc6d3f7f7efa311b348aff7f1d
> Author: Greg Kroah-Hartman <gregkh at suse.de>
> Revert "rt2x00: Disable powersaving for rt61pci and rt2800pci."
> # This patch reverts commit f1850a5783908f6528c305e321119e7aa6641151
> since it breaks the build.
> Since we are not including the commit
> f1850a5783908f6528c305e321119e7aa6641151 we will not be including this
> commit as a part of the update.
> commit fe21db377c34c1a24a6069713bcf87d44bb89a18
> Author: Greg Kroah-Hartman <gregkh at suse.de>
> Linux

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: stable-
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20100120/bebe16f7/attachment.txt>

More information about the kernel-team mailing list