Chris Metcalf [Tue, 14 Dec 2010 20:57:49 +0000 (15:57 -0500)]
arch/tile: handle CLONE_SETTLS in copy_thread(), not user space
commit
bc4cf2bb271b2d557fc510426755da786fc985be upstream.
Previously we were just setting up the "tp" register in the
new task as started by clone() in libc. However, this is not
quite right, since in principle a signal might be delivered to
the new task before it had its TLS set up. (Of course, this race
window still exists for resetting the libc getpid() cached value
in the new task, in principle. But in any case, we are now doing
this exactly the way all other architectures do it.)
This change is important for 2.6.37 since the tile glibc we will
be submitting upstream will not set TLS in user space any more,
so it will only work on a kernel that has this fix. It should
also be taken for 2.6.36.x in the stable tree if possible.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Slava Pestov [Wed, 24 Nov 2010 23:13:16 +0000 (15:13 -0800)]
tracing: Fix panic when lseek() called on "trace" opened for writing
commit
364829b1263b44aa60383824e4c1289d83d78ca7 upstream.
The file_ops struct for the "trace" special file defined llseek as seq_lseek().
However, if the file was opened for writing only, seq_open() was not called,
and the seek would dereference a null pointer, file->private_data.
This patch introduces a new wrapper for seq_lseek() which checks if the file
descriptor is opened for reading first. If not, it does nothing.
Signed-off-by: Slava Pestov <slavapestov@google.com>
LKML-Reference: <
1290640396-24179-1-git-send-email-slavapestov@google.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
NeilBrown [Thu, 9 Dec 2010 06:02:14 +0000 (17:02 +1100)]
md: protect against NULL reference when waiting to start a raid10.
commit
589a594be1fb8815b3f18e517be696c48664f728 upstream.
When we fail to start a raid10 for some reason, we call
md_unregister_thread to kill the thread that was created.
Unfortunately md_thread() will then make one call into the handler
(raid10d) even though md_wakeup_thread has not been called. This is
not safe and as md_unregister_thread is called after mddev->private
has been set to NULL, it will definitely cause a NULL dereference.
So fix this at both ends:
- md_thread should only call the handler if THREAD_WAKEUP has been
set.
- raid10 should call md_unregister_thread before setting things
to NULL just like all the other raid modules do.
This is applicable to 2.6.35 and later.
Reported-by: "Citizen" <citizen_lee@thecus.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
NeilBrown [Thu, 9 Dec 2010 05:36:28 +0000 (16:36 +1100)]
md: fix bug with re-adding of partially recovered device.
commit
1a855a0606653d2d82506281e2c686bacb4b2f45 upstream.
With v0.90 metadata, a hot-spare does not become a full member of the
array until recovery is complete. So if we re-add such a device to
the array, we know that all of it is as up-to-date as the event count
would suggest, and so it a bitmap-based recovery is possible.
However with v1.x metadata, the hot-spare immediately becomes a full
member of the array, but it record how much of the device has been
recovered. If the array is stopped and re-assembled recovery starts
from this point.
When such a device is hot-added to an array we currently lose the 'how
much is recovered' information and incorrectly included it as a full
in-sync member (after bitmap-based fixup).
This is wrong and unsafe and could corrupt data.
So be more careful about setting saved_raid_disk - which is what
guides the re-adding of devices back into an array.
The new code matches the code in slot_store which does a similar
thing, which is encouraging.
This is suitable for any -stable kernel.
Reported-by: "Dailey, Nate" <Nate.Dailey@stratus.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andreas Herrmann [Thu, 16 Dec 2010 20:29:37 +0000 (21:29 +0100)]
x86, amd: Fix panic on AMD CPU family 0x15
[The mainline kernel doesn't have this problem. Commit "(
23588c3) x86,
amd: Add support for CPUID topology extension of AMD CPUs" removed the
family check. But 2.6.32.y needs to be fixed.]
This CPU family check is not required -- existence of the NodeId MSR
is indicated by a CPUID feature flag which is already checked in
amd_fixup_dcm() -- and it needlessly prevents amd_fixup_dcm() to be
called for newer AMD CPUs.
In worst case this can lead to a panic in the scheduler code for AMD
family 0x15 multi-node AMD CPUs. I just have a picture of VGA console
output so I can't copy-and-paste it herein, but the call stack of such
a panic looked like:
do_divide_error
...
find_busiest_group
run_rebalance_domains
...
apic_timer_interrupt
...
cpu_idle
The mainline kernel doesn't have this problem. Commit "(
23588c3) x86,
amd: Add support for CPUID topology extension of AMD CPUs" removed the
family check. But 2.6.32.y needs to be fixed.
Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Kilroy [Sun, 5 Dec 2010 15:45:58 +0000 (15:45 +0000)]
orinoco: clear countermeasure setting on commit
commit
ba34fcee476d11e7c9df95932787a22a96ff6e68 upstream.
... and interface up.
In these situations, you are usually trying to connect to a new AP, so
keeping TKIP countermeasures active is confusing. This is already how
the driver behaves (inadvertently). However, querying SIOCGIWAUTH may
tell userspace that countermeasures are active when they aren't.
Clear the setting so that the reporting matches what the driver has
done..
Signed-off by: David Kilroy <kilroyd@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Kilroy [Sun, 5 Dec 2010 15:43:55 +0000 (15:43 +0000)]
orinoco: fix TKIP countermeasure behaviour
commit
0a54917c3fc295cb61f3fb52373c173fd3b69f48 upstream.
Enable the port when disabling countermeasures, and disable it on
enabling countermeasures.
This bug causes the response of the system to certain attacks to be
ineffective.
It also prevents wpa_supplicant from getting scan results, as
wpa_supplicant disables countermeasures on startup - preventing the
hardware from scanning.
wpa_supplicant works with ap_mode=2 despite this bug because the commit
handler re-enables the port.
The log tends to look like:
State: DISCONNECTED -> SCANNING
Starting AP scan for wildcard SSID
Scan requested (ret=0) - scan timeout 5 seconds
EAPOL: disable timer tick
EAPOL: Supplicant port status: Unauthorized
Scan timeout - try to get results
Failed to get scan results
Failed to get scan results - try scanning again
Setting scan request: 1 sec 0 usec
Starting AP scan for wildcard SSID
Scan requested (ret=-1) - scan timeout 5 seconds
Failed to initiate AP scan.
Reported by: Giacomo Comes <comes@naic.edu>
Signed-off by: David Kilroy <kilroyd@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Paris [Tue, 23 Nov 2010 23:18:37 +0000 (18:18 -0500)]
inotify: stop kernel memory leak on file creation failure
commit
a2ae4cc9a16e211c8a128ba10d22a85431f093ab upstream.
If inotify_init is unable to allocate a new file for the new inotify
group we leak the new group. This patch drops the reference on the
group on file allocation failure.
Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Rafael J. Wysocki [Thu, 16 Dec 2010 16:11:58 +0000 (17:11 +0100)]
PM / Runtime: Fix pm_runtime_suspended()
commit
f08f5a0add20834d3f3d876dfe08005a5df656db upstream.
There are some situations (e.g. in __pm_generic_call()), where
pm_runtime_suspended() is used to decide whether or not to execute
a device's (system) ->suspend() callback. The callback is not
executed if pm_runtime_suspended() returns true, but it does so
for devices that don't even support runtime PM, because the
power.disable_depth device field is ignored by it. This leads to
problems (i.e. devices are not suspened when they should), so rework
pm_runtime_suspended() so that it returns false if the device's
power.disable_depth field is different from zero.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Lars-Peter Clausen [Thu, 4 Nov 2010 22:25:56 +0000 (23:25 +0100)]
MIPS: jz4740: qi_lb60: Fix gpio for the 6th row of the keyboard matrix
commit
fe749aab1d21cbb4d87527a7df8799583c233496 upstream.
This patch fixes the gpio number for the 6th row of the keyboard matrix.
(And fixes a typo in my name...)
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Cc: linux-mips@linux-mips.org
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alexey Starikovskiy [Thu, 9 Dec 2010 22:07:54 +0000 (17:07 -0500)]
ACPI: EC: Add another dmi match entry for MSI hardware
commit
a5dc4f898c2a0f66e2cefada6c687db82ba2fcbc upstream.
http://bugzilla.kernel.org/show_bug.cgi?id=15418
Signed-off-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Peter Zijlstra [Tue, 30 Nov 2010 18:48:45 +0000 (19:48 +0100)]
sched: Cure more NO_HZ load average woes
commit
0f004f5a696a9434b7214d0d3cbd0525ee77d428 upstream.
There's a long-running regression that proved difficult to fix and
which is hitting certain people and is rather annoying in its effects.
Damien reported that after
74f5187ac8 (sched: Cure load average vs
NO_HZ woes) his load average is unnaturally high, he also noted that
even with that patch reverted the load avgerage numbers are not
correct.
The problem is that the previous patch only solved half the NO_HZ
problem, it addressed the part of going into NO_HZ mode, not of
comming out of NO_HZ mode. This patch implements that missing half.
When comming out of NO_HZ mode there are two important things to take
care of:
- Folding the pending idle delta into the global active count.
- Correctly aging the averages for the idle-duration.
So with this patch the NO_HZ interaction should be complete and
behaviour between CONFIG_NO_HZ=[yn] should be equivalent.
Furthermore, this patch slightly changes the load average computation
by adding a rounding term to the fixed point multiplication.
Reported-by: Damien Wyart <damien.wyart@free.fr>
Reported-by: Tim McGrath <tmhikaru@gmail.com>
Tested-by: Damien Wyart <damien.wyart@free.fr>
Tested-by: Orion Poplawski <orion@cora.nwra.com>
Tested-by: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Chase Douglas <chase.douglas@canonical.com>
LKML-Reference: <
1291129145.32004.874.camel@laptop>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jeremy Fitzhardinge [Wed, 8 Dec 2010 20:39:12 +0000 (12:39 -0800)]
xen: Provide a variant of __RING_SIZE() that is an integer constant expression
commit
667c78afaec0ac500908e191e8f236e9578d7b1f upstream.
Without this, gcc 4.5 won't compile xen-netfront and xen-blkfront, where
this is being used to specify array sizes.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Heiko Carstens [Fri, 26 Nov 2010 12:42:47 +0000 (13:42 +0100)]
printk: Fix wake_up_klogd() vs cpu hotplug
commit
49f4138346b3cec2706adff02658fe27ceb1e46f upstream.
wake_up_klogd() may get called from preemptible context but uses
__raw_get_cpu_var() to write to a per cpu variable. If it gets preempted
between getting the address and writing to it, the cpu in question could be
offline if the process gets scheduled back and hence writes to the per cpu data
of an offline cpu.
This buggy behaviour was introduced with
fa33507a "printk: robustify
printk, fix #2" which was supposed to fix a "using smp_processor_id() in
preemptible" warning.
Let's use this_cpu_write() instead which disables preemption and makes sure
that the outlined scenario cannot happen.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <
20101126124247.GC7023@osiris.boeblingen.de.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andy Lutomirski [Tue, 16 Nov 2010 23:40:52 +0000 (18:40 -0500)]
nouveau: Acknowledge HPD irq in handler, not bottom half
commit
ab838338a2a9e0cb8346eb0cab9977be13e8dce5 upstream.
The old code generated an interrupt storm bad enough to completely
take down my system.
Signed-off-by: Andy Lutomirski <luto@mit.edu>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Bob Moore [Sat, 23 Oct 2010 05:36:40 +0000 (01:36 -0400)]
ACPICA: Fix Scope() op in module level code
commit
8df3fc981dc12d9fdcaef4100a2193b605024d7a upstream.
Some Panasonic Toughbooks create nodes in module level code.
Module level code is the executable AML code outside of control method,
for example, below AML code creates a node \_SB.PCI0.GFX0.DD02.CUBL
If (\_OSI ("Windows 2006"))
{
Scope (\_SB.PCI0.GFX0.DD02)
{
Name (CUBL, Ones)
...
}
}
Scope() op does not actually create a new object, it refers to an
existing object(\_SB.PCI0.GFX0.DD02 in above example). However, for
Scope(), we want to indeed open a new scope, so the child nodes(CUBL in
above example) can be created correctly under it.
https://bugzilla.kernel.org/show_bug.cgi?id=19462
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andrej Ota [Sun, 12 Dec 2010 23:06:16 +0000 (15:06 -0800)]
pppoe.c: Fix kernel panic caused by __pppoe_xmit
[ Upstream commit
2a27a03d3a891e87ca33d27a858b4db734a4cbab ]
__pppoe_xmit function return value was invalid resulting in
additional call to kfree_skb on already freed skb. This resulted in
memory corruption and consequent kernel panic after PPPoE peer
terminated the link.
This fixes commit
55c95e738da85373965cb03b4f975d0fd559865b.
Reported-by: Gorik Van Steenberge <gvs@zemos.net>
Reported-by: Daniel Kenzelmann <kernel.bugzilla@kenzelmann.dyndns.info>
Reported-by: Denys Fedoryshchenko <nuclearcat@nuclearcat.com>
Reported-by: Pawel Staszewski <pstaszewski@artcom.pl>
Diagnosed-by: Andrej Ota <andrej@ota.si>
Diagnosed-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Denys Fedoryshchenko <nuclearcat@nuclearcat.com>
Tested-by: Pawel Staszewski <pstaszewski@artcom.pl>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: Andrej Ota <andrej@ota.si>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasiliy Kulikov [Wed, 10 Nov 2010 20:09:10 +0000 (12:09 -0800)]
net: packet: fix information leak to userland
[ Upstream commit
67286640f638f5ad41a946b9a3dc75327950248f ]
packet_getname_spkt() doesn't initialize all members of sa_data field of
sockaddr struct if strlen(dev->name) < 13. This structure is then copied
to userland. It leads to leaking of contents of kernel stack memory.
We have to fully fill sa_data with strncpy() instead of strlcpy().
The same with packet_getname(): it doesn't initialize sll_pkttype field of
sockaddr_ll. Set it to zero.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Sun, 5 Dec 2010 18:50:32 +0000 (18:50 +0000)]
net: fix skb_defer_rx_timestamp()
[ Upstream commit
a19faf0250e09b16cac169354126404bc8aa342b ]
After commit
c1f19b51d1d8 (net: support time stamping in phy devices.),
kernel might crash if CONFIG_NETWORK_PHY_TIMESTAMPING=y and
skb_defer_rx_timestamp() handles a packet without an ethernet header.
Fixes kernel bugzilla #24102
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=24102
Reported-and-tested-by: Andrew Watts <akwatts@ymail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mariusz Kozlowski [Mon, 8 Nov 2010 11:58:45 +0000 (11:58 +0000)]
net: Fix header size check for GSO case in recvmsg (af_packet)
[ Upstream commit
1f18b7176e2e41fada24584ce3c80e9abfaca52b]
Parameter 'len' is size_t type so it will never get negative.
Signed-off-by: Mariusz Kozlowski <mk@lab.zgora.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Tue, 9 Nov 2010 19:46:33 +0000 (11:46 -0800)]
net/dst: dst_dev_event() called after other notifiers
[ Upstream commit
332dd96f7ac15e937088fe11f15cfe0210e8edd1 ]
Followup of commit
ef885afbf8a37689 (net: use rcu_barrier() in
rollback_registered_many)
dst_dev_event() scans a garbage dst list that might be feeded by various
network notifiers at device dismantle time.
Its important to call dst_dev_event() after other notifiers, or we might
enter the infamous msleep(250) in netdev_wait_allrefs(), and wait one
second before calling again call_netdevice_notifiers(NETDEV_UNREGISTER,
dev) to properly remove last device references.
Use priority -10 to let dst_dev_notifier be called after other network
notifiers (they have the default 0 priority)
Reported-by: Ben Greear <greearb@candelatech.com>
Reported-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reported-by: Octavian Purdila <opurdila@ixiacom.com>
Reported-by: Benjamin LaHaise <bcrl@kvack.org>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ben Hutchings [Fri, 17 Dec 2010 18:16:23 +0000 (10:16 -0800)]
tehuti: Firmware filename is tehuti/bdx.bin
[ Upstream commit
46814e08d80f87449b5adb3d549a3cae6f9f8148 ]
My conversion of tehuti to use request_firmware() was confused about
the filename of the firmware blob. Change the driver to match the
blob.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Apollon Oikonomopoulos [Tue, 7 Dec 2010 09:43:30 +0000 (09:43 +0000)]
x25: decrement netdev reference counts on unload
[ Upstream commit
171995e5d82dcc92bea37a7d2a2ecc21068a0f19]
x25 does not decrement the network device reference counts on module unload.
Thus unregistering any pre-existing interface after unloading the x25 module
hangs and results in
unregister_netdevice: waiting for tap0 to become free. Usage count = 1
This patch decrements the reference counts of all interfaces in x25_link_free,
the way it is already done in x25_link_device_down for NETDEV_DOWN events.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Michal Marek [Mon, 6 Dec 2010 02:39:12 +0000 (02:39 +0000)]
l2tp: Fix modalias of l2tp_ip
[ Upstream commit
e8d34a884e4ff118920bb57664def8a73b1b784f]
Using the SOCK_DGRAM enum results in
"net-pf-2-proto-SOCK_DGRAM-type-115", so use the numeric value like it
is done in net/dccp.
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Changli Gao [Sat, 4 Dec 2010 14:09:08 +0000 (14:09 +0000)]
ifb: goto resched directly if error happens and dp->tq isn't empty
[ Upstream commit
75c1c82566f23dd539fb7ccbf57a1caa7ba82628 ]
If we break the loop when there are still skbs in tq and no skb in
rq, the skbs will be left in txq until new skbs are enqueued into rq.
In rare cases, no new skb is queued, then these skbs will stay in rq
forever.
After this patch, if tq isn't empty when we break the loop, we goto
resched directly.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Thu, 9 Dec 2010 02:42:23 +0000 (18:42 -0800)]
econet: Fix crash in aun_incoming().
[ Upstream commit
4e085e76cbe558b79b54cbab772f61185879bc64 ]
Unconditional use of skb->dev won't work here,
try to fetch the econet device via skb_dst()->dev
instead.
Suggested by Eric Dumazet.
Reported-by: Nelson Elhage <nelhage@ksplice.com>
Tested-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Nelson Elhage [Wed, 8 Dec 2010 18:13:55 +0000 (10:13 -0800)]
econet: Do the correct cleanup after an unprivileged SIOCSIFADDR.
[ Upstream commit
0c62fc6dd02c8d793c75ae76a9b6881fc36388ad]
We need to drop the mutex and do a dev_put, so set an error code and break like
the other paths, instead of returning directly.
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Mon, 6 Dec 2010 17:29:43 +0000 (09:29 -0800)]
filter: fix sk_filter rcu handling
[ Upstream commit
46bcf14f44d8f31ecfdc8b6708ec15a3b33316d9 ]
Pavel Emelyanov tried to fix a race between sk_filter_(de|at)tach and
sk_clone() in commit
47e958eac280c263397
Problem is we can have several clones sharing a common sk_filter, and
these clones might want to sk_filter_attach() their own filters at the
same time, and can overwrite old_filter->rcu, corrupting RCU queues.
We can not use filter->rcu without being sure no other thread could do
the same thing.
Switch code to a more conventional ref-counting technique : Do the
atomic decrement immediately and queue one rcu call back when last
reference is released.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Herbert Xu [Wed, 3 Nov 2010 13:31:05 +0000 (13:31 +0000)]
cls_cgroup: Fix crash on module unload
[ Upstream commit
c00b2c9e79466d61979cd21af526cc6d5d0ee04f ]
Somewhere along the lines net_cls_subsys_id became a macro when
cls_cgroup is built as a module. Not only did it make cls_cgroup
completely useless, it also causes it to crash on module unload.
This patch fixes this by removing that macro.
Thanks to Eric Dumazet for diagnosing this problem.
Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Stevens [Tue, 14 Dec 2010 08:42:16 +0000 (08:42 +0000)]
bridge: fix IPv6 queries for bridge multicast snooping
[ Upstream commit
76d661586c8131453ba75a2e027c1f21511a893a]
This patch fixes a missing ntohs() for bridge IPv6 multicast snooping.
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Hillf Danton [Fri, 10 Dec 2010 18:54:11 +0000 (18:54 +0000)]
bonding: Fix slave selection bug.
[ Upstream commit
af3e5bd5f650163c2e12297f572910a1af1b8236 ]
The returned slave is incorrect, if the net device under check is not
charged yet by the master.
Signed-off-by: Hillf Danton <dhillf@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Joe Jin [Mon, 6 Dec 2010 03:00:59 +0000 (03:00 +0000)]
driver/net/benet: fix be_cmd_multicast_set() memcpy bug
[ Upstream commit
3fd40d0ceac9c234243730f4d7a6ffdb2fd3023a ]
Regarding benet be_cmd_multicast_set() function, now using
netdev_for_each_mc_addr() helper for mac address copy, but
when copying to req->mac[] did not increase of the index.
Cc: Sathya Perla <sathyap@serverengines.com>
Cc: Subbu Seetharaman <subbus@serverengines.com>
Cc: Sarveshwar Bandi <sarveshwarb@serverengines.com>
Cc: Ajit Khaparde <ajitk@serverengines.com>
Signed-off-by: Joe Jin <joe.jin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasiliy Kulikov [Wed, 10 Nov 2010 18:14:33 +0000 (10:14 -0800)]
net: ax25: fix information leak to userland
[ Upstream commit
fe10ae53384e48c51996941b7720ee16995cbcb7 ]
Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
field of fsa struct, also the struct has padding bytes between
sax25_call and sax25_ndigis fields. This structure is then copied to
userland. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Thu, 25 Nov 2010 04:11:39 +0000 (04:11 +0000)]
af_unix: limit recursion level
[ Upstream commit
25888e30319f8896fc656fc68643e6a078263060 ]
Its easy to eat all kernel memory and trigger NMI watchdog, using an
exploit program that queues unix sockets on top of others.
lkml ref : http://lkml.org/lkml/2010/11/25/8
This mechanism is used in applications, one choice we have is to have a
recursion limit.
Other limits might be needed as well (if we queue other types of files),
since the passfd mechanism is currently limited by socket receive queue
sizes only.
Add a recursion_level to unix socket, allowing up to 4 levels.
Each time we send an unix socket through sendfd mechanism, we copy its
recursion level (plus one) to receiver. This recursion level is cleared
when socket receive queue is emptied.
Reported-by: Марк Коренберг <socketpair@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Wed, 24 Nov 2010 17:15:27 +0000 (09:15 -0800)]
af_unix: limit unix_tot_inflight
[ Upstream commit
9915672d41273f5b77f1b3c29b391ffb7732b84b ]
Vegard Nossum found a unix socket OOM was possible, posting an exploit
program.
My analysis is we can eat all LOWMEM memory before unix_gc() being
called from unix_release_sock(). Moreover, the thread blocked in
unix_gc() can consume huge amount of time to perform cleanup because of
huge working set.
One way to handle this is to have a sensible limit on unix_tot_inflight,
tested from wait_for_unix_gc() and to force a call to unix_gc() if this
limit is hit.
This solves the OOM and also reduce overall latencies, and should not
slowdown normal workloads.
Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
françois romieu [Mon, 8 Nov 2010 13:23:58 +0000 (13:23 +0000)]
r8169: fix sleeping while holding spinlock.
[ Upstream commit
ea80907ff066edd1dd43c5fe90ae6677d15e6384 ]
As device_set_wakeup_enable can now sleep, move the call to outside
the critical section.
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Shan Wei [Wed, 17 Nov 2010 19:55:08 +0000 (11:55 -0800)]
8139cp: fix checksum broken
[ Upstream commit
24b7ea9f6c9787fad885442ed0cc010f1aa69cca ]
I am not family with RealTek RTL-8139C+ series 10/100 PCI Ethernet driver.
I try to guess the meaning of RxProtoIP and IPFail.
RxProtoIP stands for received IPv4 packet that upper protocol is not tcp and udp.
!(status & IPFail) is true means that driver correctly to check checksum in IPv4 header.
If these are right, driver will set ip_summed with CHECKSUM_UNNECESSARY for other
upper protocol, e.g. sctp, igmp protocol. This will cause protocol stack ignores
checksum check for packets with invalid checksum.
This patch is only compile-test.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Tue, 7 Dec 2010 12:20:47 +0000 (12:20 +0000)]
tcp: protect sysctl_tcp_cookie_size reads
[ Upstream commit
f19872575ff7819a3723154657a497d9bca66b33 ]
Make sure sysctl_tcp_cookie_size is read once in
tcp_cookie_size_check(), or we might return an illegal value to caller
if sysctl_tcp_cookie_size is changed by another cpu.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Cc: William Allen Simpson <william.allen.simpson@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Tue, 7 Dec 2010 12:03:55 +0000 (12:03 +0000)]
tcp: avoid a possible divide by zero
[ Upstream commit
ad9f4f50fe9288bbe65b7dfd76d8820afac6a24c ]
sysctl_tcp_tso_win_divisor might be set to zero while one cpu runs in
tcp_tso_should_defer(). Make sure we dont allow a divide by zero by
reading sysctl_tcp_tso_win_divisor exactly once.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Nandita Dukkipati [Fri, 3 Dec 2010 13:33:44 +0000 (13:33 +0000)]
tcp: Bug fix in initialization of receive window.
[ Upstream commit
b1afde60f2b9ee8444fba4e012dc99a3b28d224d ]
The bug has to do with boundary checks on the initial receive window.
If the initial receive window falls between init_cwnd and the
receive window specified by the user, the initial window is incorrectly
brought down to init_cwnd. The correct behavior is to allow it to
remain unchanged.
Signed-off-by: Nandita Dukkipati <nanditad@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Wed, 24 Nov 2010 19:47:22 +0000 (11:47 -0800)]
tcp: Make TCP_MAXSEG minimum more correct.
[ Upstream commit
c39508d6f118308355468314ff414644115a07f3 ]
Use TCP_MIN_MSS instead of constant 64.
Reported-by: Min Zhang <mzhang@mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Thu, 11 Nov 2010 05:35:37 +0000 (21:35 -0800)]
tcp: Increase TCP_MAXSEG socket option minimum.
[ Upstream commit
7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 ]
As noted by Steve Chen, since commit
f5fff5dc8a7a3f395b0525c02ba92c95d42b7390 ("tcp: advertise MSS
requested by user") we can end up with a situation where
tcp_select_initial_window() does a divide by a zero (or
even negative) mss value.
The problem is that sometimes we effectively subtract
TCPOLEN_TSTAMP_ALIGNED and/or TCPOLEN_MD5SIG_ALIGNED from the mss.
Fix this by increasing the minimum from 8 to 64.
Reported-by: Steve Chen <schen@mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Fri, 12 Nov 2010 21:35:00 +0000 (13:35 -0800)]
tcp: Don't change unlocked socket state in tcp_v4_err().
[ Upstream commit
8f49c2703b33519aaaccc63f571b465b9d2b3a2d ]
Alexey Kuznetsov noticed a regression introduced by
commit
f1ecd5d9e7366609d640ff4040304ea197fbc618
("Revert Backoff [v3]: Revert RTO on ICMP destination unreachable")
The RTO and timer modification code added to tcp_v4_err()
doesn't check sock_owned_by_user(), which if true means we
don't have exclusive access to the socket and therefore cannot
modify it's critical state.
Just skip this new code block if sock_owned_by_user() is true
and eliminate the now superfluous sock_owned_by_user() code
block contained within.
Reported-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
CC: Damian Lukowski <damian@tvk.rwth-aachen.de>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Wed, 1 Dec 2010 04:15:58 +0000 (20:15 -0800)]
sparc: Write to prom console using indirect buffer.
[ Upstream commit
595a251c0740785fd3c0d2156d78578c7479811e ]
sparc64 systems have a restriction in that passing in buffer
addressses above 4GB to prom calls is not reliable.
We end up violating this when we do prom console writes, because we
use an on-stack buffer to translate '\n' into '\r\n'.
So instead, do this translation into an intermediate buffer, which is
in the kernel image and thus below 4GB, then pass that to the PROM
console write calls.
On the 32-bit side we don't have to deal with any of these issues, so
the new prom_console_write_buf() uses the existing prom_nbputchar()
implementation. However we can now mark those routines static.
Since the 64-bit side completely uses new code we can delete the
putchar bits as they are now completely unused.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Tue, 30 Nov 2010 22:53:05 +0000 (14:53 -0800)]
sparc: Delete prom_*getchar().
[ Upstream commit
12c7a35ee6a1c605e740733f2cbd5b5079f09f0f ]
Completely unused.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Tue, 30 Nov 2010 22:33:29 +0000 (14:33 -0800)]
sparc: Pass buffer pointer all the way down to prom_{get,put}char().
[ Upstream commit
e62cac1fd035b4cde707285008499dbe71955a86 ]
This gets us closer to being able to eliminate the use
of dynamic and stack based buffers, so that we can adhere
to the "no buffer addresses above 4GB" rule for PROM calls.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Wed, 17 Nov 2010 18:22:56 +0000 (10:22 -0800)]
sparc: Do not export prom_nb{get,put}char().
[ Upstream commit
91921fef7c658b12de53376b312d071d757f7770 ]
Never used outside of console_{32,64}.c
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Tue, 16 Nov 2010 20:50:19 +0000 (12:50 -0800)]
sparc64: Delete prom_setcallback().
[ Upstream commit
c540ee70e49b573535c7ddfd0e9a0fc9d549c8b7 ]
Unused.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Tue, 16 Nov 2010 20:24:16 +0000 (12:24 -0800)]
sparc64: Unexport prom_service_exists().
[ Upstream commit
f7b5f55ac1623dfde24ef5319ad77c1746645f3f ]
Only used by functions in misc_64.c so make it private
to that file.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Tue, 16 Nov 2010 20:23:20 +0000 (12:23 -0800)]
sparc: Kill prom devops_{32,64}.c
[ Upstream commit
b148246912bea92bde2a0cba125ca94f1f776b12 ]
Completely unused.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Tue, 16 Nov 2010 20:11:15 +0000 (12:11 -0800)]
sparc: Remove prom_pathtoinode()
[ Upstream commit
17d70d6df0c4ea7a203b444001572a91ad9c2bef ]
Unused.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Tue, 16 Nov 2010 20:08:23 +0000 (12:08 -0800)]
sparc64: Delete prom_puts() unused.
[ Upstream commit
ce05a94efaf71d562eeefd30d6bbc2ab42b06bac ]
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel Hellstrom [Fri, 29 Oct 2010 20:25:24 +0000 (13:25 -0700)]
SPARC/LEON: removed constant timer initialization as if HZ=100, now it reflects the value of HZ
[ Upstream commit
b690c425fe07c725e7f1f7d40303588416cba67f ]
Signed-off-by: Daniel Hellstrom <daniel@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Helmut Schaa [Thu, 2 Dec 2010 17:44:09 +0000 (18:44 +0100)]
mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs
commit
7e2447075690860e2cea96b119fc9cadbaa7e83c upstream.
mac80211 doesn't handle shared skbs correctly at the moment. As a result
a possible resize can trigger a BUG in pskb_expand_head.
[ 676.030000] Kernel bug detected[#1]:
[ 676.030000] Cpu 0
[ 676.030000] $ 0 :
00000000 00000000 819662ff 00000002
[ 676.030000] $ 4 :
81966200 00000020 00000000 00000020
[ 676.030000] $ 8 :
819662e0 800043c0 00000002 00020000
[ 676.030000] $12 :
3b9aca00 00000000 00000000 00470000
[ 676.030000] $16 :
80ea2000 00000000 00000000 00000000
[ 676.030000] $20 :
818aa200 80ea2018 80ea2000 00000008
[ 676.030000] $24 :
00000002 800ace5c
[ 676.030000] $28 :
8199a000 8199bd20 81938f88 80f180d4
[ 676.030000] Hi :
0000026e
[ 676.030000] Lo :
0000757e
[ 676.030000] epc :
801245e4 pskb_expand_head+0x44/0x1d8
[ 676.030000] Not tainted
[ 676.030000] ra :
80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]
[ 676.030000] Status:
1000a403 KERNEL EXL IE
[ 676.030000] Cause :
10800024
[ 676.030000] PrId :
0001964c (MIPS 24Kc)
[ 676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]
[ 676.030000] Process kpktgend_0 (pid: 97, threadinfo=
8199a000, task=
81879f48, tls=
00000000)
[ 676.030000] Stack :
ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000
[ 676.030000]
818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018
[ 676.030000]
81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48
[ 676.030000]
81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c
[ 676.030000]
80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90
[ 676.030000] ...
[ 676.030000] Call Trace:
[ 676.030000] [<
801245e4>] pskb_expand_head+0x44/0x1d8
[ 676.030000] [<
80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211]
[ 676.030000] [<
80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211]
[ 676.030000] [<
80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]
[ 676.030000] [<
8014361c>] pktgen_thread_worker+0xfac/0x16f8
[ 676.030000] [<
8002ebe8>] kthread+0x7c/0x88
[ 676.030000] [<
80008e0c>] kernel_thread_helper+0x10/0x18
[ 676.030000]
[ 676.030000]
[ 676.030000] Code:
24020001 10620005 2502001f <
0200000d>
0804917a 00000000 2502001f 00441023 00531021
Fix this by making a local copy of shared skbs prior to mangeling them.
To avoid copying the skb unnecessarily move the skb_copy call below the
checks that don't need write access to the skb.
Also, move the assignment of nh_pos and h_pos below the skb_copy to point
to the correct skb.
It would be possible to avoid another resize of the copied skb by using
skb_copy_expand instead of skb_copy but that would make the patch more
complex. Also, shared skbs are a corner case right now, so the resize
shouldn't matter much.
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Matteo Croce [Fri, 3 Dec 2010 01:25:08 +0000 (02:25 +0100)]
ath9k: fix bug in tx power
commit
841051602e3fa18ea468fe5a177aa92b6eb44b56 upstream.
The ath9k driver subtracts 3 dBm to the txpower as with two radios the
signal power is doubled.
The resulting value is assigned in an u16 which overflows and makes
the card work at full power.
Signed-off-by: Matteo Croce <matteo@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Felix Fietkau [Wed, 1 Dec 2010 18:07:46 +0000 (19:07 +0100)]
ath9k_hw: fix endian issues with CTLs on AR9003
commit
e702ba18f25887c76d26c8a85cc1706463c62e9a upstream.
Parsing data using bitfields is messy, because it makes endian handling
much harder. AR9002 and earlier got it right, AR9003 got it wrong.
This might lead to either using too high or too low tx power values,
depending on frequency and eeprom settings.
Fix it by getting rid of the CTL related bitfields entirely and use
masks instead.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasanthakumar Thiagarajan [Wed, 1 Dec 2010 07:24:09 +0000 (23:24 -0800)]
ath9k: Fix bug in reading input gpio state for ar9003
commit
9306990a656d9cfd8bf3586938012729c1f2ea50 upstream.
The register which gives input gpio state is 0x404c for ar9003,
currently 0x4048 is wrongly used. This will disable RF and make
it unusable on some of AR9003.
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Senthil Balasubramanian [Tue, 30 Nov 2010 14:45:39 +0000 (20:15 +0530)]
ath9k: Fix STA disconnect issue due to received MIC failed bcast frames
commit
916448e77f6bcaaa7f13c3de0c3851783ae2bfd0 upstream.
AR_RxKeyIdxValid will not be set for bcast/mcast frames and so relying
this status for MIC failed frames is buggy.
Due to this, MIC failure events for broadcast frames are not sent to
supplicant resulted in AP disconnecting the STA.
Able to pass Wifi Test case 5.2.18 with this fix.
Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Rajkumar Manoharan [Fri, 26 Nov 2010 17:54:31 +0000 (23:24 +0530)]
ath9k: Disable SWBA interrupt on remove_interface
commit
46047784b8cdcfc916f6c1cccee0c18dd1223dfd upstream.
while removing beaconing mode interface, SWBA interrupt
was never disabled when there are no other beaconing interfaces.
Signed-off-by: Rajkumar Manoharan <rmanoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Sun, 5 Dec 2010 02:03:26 +0000 (02:03 +0000)]
llc: fix a device refcount imbalance
commit
35d9b0c906ad92d32a0b8db5daa6fabfcc2f068d upstream.
Le dimanche 05 décembre 2010 à 12:23 +0100, Eric Dumazet a écrit :
> Le dimanche 05 décembre 2010 à 09:19 +0100, Eric Dumazet a écrit :
>
> > Hmm..
> >
> > If somebody can explain why RTNL is held in arp_ioctl() (and therefore
> > in arp_req_delete()), we might first remove RTNL use in arp_ioctl() so
> > that your patch can be applied.
> >
> > Right now it is not good, because RTNL wont be necessarly held when you
> > are going to call arp_invalidate() ?
>
> While doing this analysis, I found a refcount bug in llc, I'll send a
> patch for net-2.6
Oh well, of course I must first fix the bug in net-2.6, and wait David
pull the fix in net-next-2.6 before sending this rcu conversion.
Note: this patch should be sent to stable teams (2.6.34 and up)
[PATCH net-2.6] llc: fix a device refcount imbalance
commit
abf9d537fea225 (llc: add support for SO_BINDTODEVICE) added one
refcount imbalance in llc_ui_bind(), because dev_getbyhwaddr() doesnt
take a reference on device, while dev_get_by_index() does.
Fix this using RCU locking. And since an RCU conversion will be done for
2.6.38 for dev_getbyhwaddr(), put the rcu_read_lock/unlock exactly at
their final place.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Octavian Purdila <opurdila@ixiacom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mike Hernandez [Wed, 24 Nov 2010 00:52:46 +0000 (16:52 -0800)]
qla2xxx: Populate Command Type 6 LUN field properly.
commit
85727e1f78bd8392a0657ad6a4ff85fef1cc4a6d upstream.
Use the host_to_fcp_swap call to correctly populate the LUN field
in the Command Type 6 path. This field is used during LUN reset
cleanup and must match the field used in the FCP command.
Signed-off-by: Mike Hernandez <michael.hernandez@qlogic.com>
Signed-off-by: Madhuranath Iyengar <Madhu.Iyengar@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andrew Vasquez [Wed, 24 Nov 2010 00:52:48 +0000 (16:52 -0800)]
qla2xxx: Correct issue where NPIV-config data was not being allocated for 82xx parts.
commit
087c621e22f49c326cdc65d98c6fc0737ac13533 upstream.
This would cause a panic while reading the NPIV-config data.
Signed-off-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Madhuranath Iyengar <Madhu.Iyengar@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Valentine Barshak [Mon, 13 Dec 2010 23:03:16 +0000 (00:03 +0100)]
ARM: 6535/1: V6 MPCore v6_dma_inv_range and v6_dma_flush_range RWFO fix
commit
85b093bcc5322baa811a03ec73de0909c157f181 upstream.
Cache ownership must be acquired by reading/writing data from the
cache line to make cache operation have the desired effect on the
SMP MPCore CPU. However, the ownership is never acquired in the
v6_dma_inv_range function when cleaning the first line and
flushing the last one, in case the address is not aligned
to D_CACHE_LINE_SIZE boundary.
Fix this by reading/writing data if needed, before performing
cache operations.
While at it, fix v6_dma_flush_range to prevent RWFO outside
the buffer.
Signed-off-by: Valentine Barshak <vbarshak@mvista.com>
Signed-off-by: George G. Davis <gdavis@mvista.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Takashi Iwai [Thu, 9 Dec 2010 23:16:39 +0000 (00:16 +0100)]
PM / Hibernate: Fix PM_POST_* notification with user-space suspend
commit
1497dd1d29c6a53fcd3c80f7ac8d0e0239e7389e upstream.
The user-space hibernation sends a wrong notification after the image
restoration because of thinko for the file flag check. RDONLY
corresponds to hibernation and WRONLY to restoration, confusingly.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dan Carpenter [Wed, 13 Oct 2010 09:13:12 +0000 (09:13 +0000)]
IB/uverbs: Handle large number of entries in poll CQ
commit
7182afea8d1afd432a17c18162cc3fd441d0da93 upstream.
In ib_uverbs_poll_cq() code there is a potential integer overflow if
userspace passes in a large cmd.ne. The calls to kmalloc() would
allocate smaller buffers than intended, leading to memory corruption.
There iss also an information leak if resp wasn't all used.
Unprivileged userspace may call this function, although only if an
RDMA device that uses this function is present.
Fix this by copying CQ entries one at a time, which avoids the
allocation entirely, and also by moving this copying into a function
that makes sure to initialize all memory copied to userspace.
Special thanks to Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
for his help and advice.
Signed-off-by: Dan Carpenter <error27@gmail.com>
[ Monkey around with things a bit to avoid bad code generation by gcc
when designated initializers are used. - Roland ]
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Suresh Siddha [Tue, 16 Nov 2010 21:23:51 +0000 (13:23 -0800)]
x86, xsave: Use alloc_bootmem_align() instead of alloc_bootmem()
commit
10340ae130fb70352eae1ae8a00b7906d91bf166 upstream.
Alignment of alloc_bootmem() depends on the value of
L1_CACHE_SHIFT. What we need here, however, is 64 byte alignment. Use
alloc_bootmem_align() and explicitly specify the alignment instead.
This fixes a kernel boot crash reported by Jody when the cpu in .config
is set to MPENTIUMII but the kernel is booted on a xsave-capable CPU.
Reported-by: Jody Bruchon <jody@nctritech.com>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <
20101116212442.
059967454@sbsiddha-MOBL3.sc.intel.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Suresh Siddha [Tue, 16 Nov 2010 21:23:50 +0000 (13:23 -0800)]
bootmem: Add alloc_bootmem_align()
commit
53dde5f385bc56e312f78b7cb25ffaf8efd4735d upstream.
Add an alloc_bootmem_align() interface to allocate bootmem with
specified alignment. This is necessary to be able to allocate the
xsave area in a subsequent patch.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <
20101116212441.
977574826@sbsiddha-MOBL3.sc.intel.com>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dmitry Artamonow [Wed, 8 Dec 2010 20:36:17 +0000 (23:36 +0300)]
ASoC: fix deemphasis control in wm8904/55/60 codecs
commit
3f343f8512c7882a3637d9aea4ec6b3801cbcdc5 upstream.
Deemphasis control's .get callback should update control's value instead
of returning it - return value of callback function is used for indicating
error or success of operation.
Signed-off-by: Dmitry Artamonow <mad_soft@inbox.ru>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Seungwhan Youn [Thu, 9 Dec 2010 09:07:52 +0000 (18:07 +0900)]
ASoC: WM8580: Fix R8 initial value
commit
a0968628097380be52db8b4664da98fc425546a5 upstream.
Acc to WM8580 manual, the default value for R8 is 0x10, not 0x1c.
Signed-off-by: Seungwhan Youn <sw.youn@samsung.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Uk Kim [Sun, 5 Dec 2010 08:32:16 +0000 (17:32 +0900)]
ASoC: Fix off by one error in WM8994 EQ register bank size
commit
3fcc0afbb9c93f3599ba03273e59915670b6c2c2 upstream.
Signed-off-by: Uk Kim <w0806.kim@samsung.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Uk Kim [Sun, 5 Dec 2010 08:26:07 +0000 (17:26 +0900)]
ASoC: Fix swap of left and right channels for WM8993/4 speaker boost gain
commit
ed8cc471d75365f8590c76f580def899d58028c0 upstream.
SPKOUTL_BOOST start from third bit, SPKOUTLR_BOOST start from 0 bit.
Signed-off-by: Uk Kim <w0806.kim@samsung.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Borislav Petkov [Mon, 6 Dec 2010 15:20:25 +0000 (16:20 +0100)]
amd64_edac: Fix interleaving check
commit
e726f3c368e7c1919a7166ec09c5705759f1a69d upstream.
When matching error address to the range contained by one memory node,
we're in valid range when node interleaving
1. is disabled, or
2. enabled and when the address bits we interleave on match the
interleave selector on this node (see the "Node Interleaving" section in
the BKDG for an enlightening example).
Thus, when we early-exit, we need to reverse the compound logic
statement properly.
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Borislav Petkov [Thu, 2 Dec 2010 16:48:35 +0000 (17:48 +0100)]
EDAC: Fix workqueue-related crashes
commit
bb31b3122c0dd07d2d958da17a50ad771ce79e2b upstream.
00740c58541b6087d78418cebca1fcb86dc6077d changed edac_core to
un-/register a workqueue item only if a lowlevel driver supplies a
polling routine. Normally, when we remove a polling low-level driver, we
go and cancel all the queued work. However, the workqueue unreg happens
based on the ->op_state setting, and edac_mc_del_mc() sets this to
OP_OFFLINE _before_ we cancel the work item, leading to NULL ptr oops on
the workqueue list.
Fix it by putting the unreg stuff in proper order.
Reported-and-tested-by: Tobias Karnat <tobias.karnat@googlemail.com>
LKML-Reference: <
1291201307.3029.21.camel@Tobias-Karnat>
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Gabriele Gorla [Wed, 8 Dec 2010 15:27:22 +0000 (16:27 +0100)]
hwmon: (adm1026) Fix setting fan_div
commit
52bc9802ce849d0d287cc5fe76d06b0daa3986ca upstream.
Prevent setting fan_div from stomping on other fans that share the
same I2C register.
Signed-off-by: Gabriele Gorla <gorlik@penguintown.net>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Gabriele Gorla [Wed, 8 Dec 2010 15:27:22 +0000 (16:27 +0100)]
hwmon: (adm1026) Allow 1 as a valid divider value
commit
8b0f1840a46449e1946fc88860ef3ec8d6b1c2c7 upstream.
Allow 1 as a valid div value as specified in the ADM1026 datasheet.
Signed-off-by: Gabriele Gorla <gorlik@penguintown.net>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
NeilBrown [Tue, 16 Nov 2010 05:55:19 +0000 (16:55 +1100)]
sunrpc: prevent use-after-free on clearing XPT_BUSY
commit
ed2849d3ecfa339435818eeff28f6c3424300cec upstream.
When an xprt is created, it has a refcount of 1, and XPT_BUSY is set.
The refcount is *not* owned by the thread that created the xprt
(as is clear from the fact that creators never put the reference).
Rather, it is owned by the absence of XPT_DEAD. Once XPT_DEAD is set,
(And XPT_BUSY is clear) that initial reference is dropped and the xprt
can be freed.
So when a creator clears XPT_BUSY it is dropping its only reference and
so must not touch the xprt again.
However svc_recv, after calling ->xpo_accept (and so getting an XPT_BUSY
reference on a new xprt), calls svc_xprt_recieved. This clears
XPT_BUSY and then svc_xprt_enqueue - this last without owning a reference.
This is dangerous and has been seen to leave svc_xprt_enqueue working
with an xprt containing garbage.
So we need to hold an extra counted reference over that call to
svc_xprt_received.
For safety, any time we clear XPT_BUSY and then use the xprt again, we
first get a reference, and the put it again afterwards.
Note that svc_close_all does not need this extra protection as there are
no threads running, and the final free can only be called asynchronously
from such a thread.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sergey Vlasov [Sun, 28 Nov 2010 21:04:05 +0000 (21:04 +0000)]
NFS: Fix fcntl F_GETLK not reporting some conflicts
commit
21ac19d484a8ffb66f64487846c8d53afef04d2b upstream.
The commit
129a84de2347002f09721cda3155ccfd19fade40 (locks: fix F_GETLK
regression (failure to find conflicts)) fixed the posix_test_lock()
function by itself, however, its usage in NFS changed by the commit
9d6a8c5c213e34c475e72b245a8eb709258e968c (locks: give posix_test_lock
same interface as ->lock) remained broken - subsequent NFS-specific
locking code received F_UNLCK instead of the user-specified lock type.
To fix the problem, fl->fl_type needs to be saved before the
posix_test_lock() call and restored if no local conflicts were reported.
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=23892
Tested-by: Alexander Morozov <amorozov@etersoft.ru>
Signed-off-by: Sergey Vlasov <vsu@altlinux.ru>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Neil Brown [Thu, 2 Dec 2010 00:14:30 +0000 (11:14 +1100)]
nfsd: Fix possible BUG_ON firing in set_change_info
commit
c1ac3ffcd0bc7e9617f62be8c7043d53ab84deac upstream.
If vfs_getattr in fill_post_wcc returns an error, we don't
set fh_post_change.
For NFSv4, this can result in set_change_info triggering a BUG_ON.
i.e. fh_post_saved being zero isn't really a bug.
So:
- instead of BUGging when fh_post_saved is zero, just clear ->atomic.
- if vfs_getattr fails in fill_post_wcc, take a copy of i_ctime anyway.
This will be used i seg_change_info, but not overly trusted.
- While we are there, remove the pointless 'if' statements in set_change_info.
There is no harm setting all the values.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chuck Lever [Fri, 10 Dec 2010 17:31:14 +0000 (12:31 -0500)]
NFS: Fix panic after nfs_umount()
commit
5b362ac3799ff4225c40935500f520cad4d7ed66 upstream.
After a few unsuccessful NFS mount attempts in which the client and
server cannot agree on an authentication flavor both support, the
client panics. nfs_umount() is invoked in the kernel in this case.
Turns out nfs_umount()'s UMNT RPC invocation causes the RPC client to
write off the end of the rpc_clnt's iostat array. This is because the
mount client's nrprocs field is initialized with the count of defined
procedures (two: MNT and UMNT), rather than the size of the client's
proc array (four).
The fix is to use the same initialization technique used by most other
upper layer clients in the kernel.
Introduced by commit
0b524123, which failed to update nrprocs when
support was added for UMNT in the kernel.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=24302
BugLink: http://bugs.launchpad.net/bugs/683938
Reported-by: Stefan Bader <stefan.bader@canonical.com>
Tested-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stefan Richter [Tue, 7 Dec 2010 19:32:40 +0000 (20:32 +0100)]
firewire: ohci: fix regression with Agere FW643 rev 06, disable MSI
commit
9993e0fe0f5f29c69e79efcb271ffc9843002985 upstream.
Agere FW643 rev 06, listed as "11c1:5901 (rev 06) (prog-if 10 [OHCI])",
produced SBP-2 I/O errors since kernel 2.6.36. Disabling MSI fixes it.
Since MSI work on Agere FW643-E (same vendor and device ID, but rev 07),
introduce a device revision field into firewire-ohci's quirks list so
that different quirks can be defined for older and newer revisions.
Reported-by: Jonathan Isom <jeisom@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stefan Richter [Tue, 7 Dec 2010 18:16:02 +0000 (19:16 +0100)]
firewire: ohci: fix regression with VIA VT6315, disable MSI
commit
af0cdf4947818becfe209610b209315578645ab4 upstream.
"VIA Technologies, Inc. VT6315 Series Firewire Controller [1106:3403]"
does not generate any interrupts if Message Signaled Interrupts were
enabled. This is a regression since kernel 2.6.36 in which MSI support
was added to firewire-ohci. Hence blacklist MSI on all VIA controllers.
Reported-by: Robin Cook <rcook@wyrms.net>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Heiko Carstens [Wed, 1 Dec 2010 09:11:09 +0000 (10:11 +0100)]
nohz: Fix get_next_timer_interrupt() vs cpu hotplug
commit
dbd87b5af055a0cc9bba17795c9a2b0d17795389 upstream.
This fixes a bug as seen on 2.6.32 based kernels where timers got
enqueued on offline cpus.
If a cpu goes offline it might still have pending timers. These will
be migrated during CPU_DEAD handling after the cpu is offline.
However while the cpu is going offline it will schedule the idle task
which will then call tick_nohz_stop_sched_tick().
That function in turn will call get_next_timer_intterupt() to figure
out if the tick of the cpu can be stopped or not. If it turns out that
the next tick is just one jiffy off (delta_jiffies == 1)
tick_nohz_stop_sched_tick() incorrectly assumes that the tick should
not stop and takes an early exit and thus it won't update the load
balancer cpu.
Just afterwards the cpu will be killed and the load balancer cpu could
be the offline cpu.
On 2.6.32 based kernel get_nohz_load_balancer() gets called to decide
on which cpu a timer should be enqueued (see __mod_timer()). Which
leads to the possibility that timers get enqueued on an offline cpu.
These will never expire and can cause a system hang.
This has been observed 2.6.32 kernels. On current kernels
__mod_timer() uses get_nohz_timer_target() which doesn't have that
problem. However there might be other problems because of the too
early exit tick_nohz_stop_sched_tick() in case a cpu goes offline.
The easiest and probably safest fix seems to be to let
get_next_timer_interrupt() just lie and let it say there isn't any
pending timer if the current cpu is offline.
I also thought of moving migrate_[hr]timers() from CPU_DEAD to
CPU_DYING, but seeing that there already have been fixes at least in
the hrtimer code in this area I'm afraid that this could add new
subtle bugs.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <
20101201091109.GA8984@osiris.boeblingen.de.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Heiko Carstens [Fri, 26 Nov 2010 12:00:59 +0000 (13:00 +0100)]
nohz: Fix printk_needs_cpu() return value on offline cpus
commit
61ab25447ad6334a74e32f60efb135a3467223f8 upstream.
This patch fixes a hang observed with 2.6.32 kernels where timers got enqueued
on offline cpus.
printk_needs_cpu() may return 1 if called on offline cpus. When a cpu gets
offlined it schedules the idle process which, before killing its own cpu, will
call tick_nohz_stop_sched_tick(). That function in turn will call
printk_needs_cpu() in order to check if the local tick can be disabled. On
offline cpus this function should naturally return 0 since regardless if the
tick gets disabled or not the cpu will be dead short after. That is besides the
fact that __cpu_disable() should already have made sure that no interrupts on
the offlined cpu will be delivered anyway.
In this case it prevents tick_nohz_stop_sched_tick() to call
select_nohz_load_balancer(). No idea if that really is a problem. However what
made me debug this is that on 2.6.32 the function get_nohz_load_balancer() is
used within __mod_timer() to select a cpu on which a timer gets enqueued. If
printk_needs_cpu() returns 1 then the nohz_load_balancer cpu doesn't get
updated when a cpu gets offlined. It may contain the cpu number of an offline
cpu. In turn timers get enqueued on an offline cpu and not very surprisingly
they never expire and cause system hangs.
This has been observed 2.6.32 kernels. On current kernels __mod_timer() uses
get_nohz_timer_target() which doesn't have that problem. However there might be
other problems because of the too early exit tick_nohz_stop_sched_tick() in
case a cpu goes offline.
Easiest way to fix this is just to test if the current cpu is offline and call
printk_tick() directly which clears the condition.
Alternatively I tried a cpu hotplug notifier which would clear the condition,
however between calling the notifier function and printk_needs_cpu() something
could have called printk() again and the problem is back again. This seems to
be the safest fix.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <
20101126120235.
406766476@de.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Anholt [Thu, 18 Nov 2010 01:32:58 +0000 (09:32 +0800)]
drm/i915: Always set the DP transcoder config to 8BPC.
commit
220cad3cbf553f893432919b458da36489373fc6 upstream.
The pipe is always set to 8BPC, but here we were leaving whatever
previous bits were set by the BIOS in place.
Signed-off-by: Eric Anholt <eric@anholt.net>
Tested-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Fri, 3 Dec 2010 19:37:22 +0000 (14:37 -0500)]
drm/radeon/kms: fix vram base calculation on rs780/rs880
commit
8961d52d4cc52edf5672f8f2712c57162b736793 upstream.
Avoid overflowing a 32 bit value.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Thu, 9 Dec 2010 00:09:42 +0000 (19:09 -0500)]
drm/kms: remove spaces from connector names (v2)
commit
e76116ca9671e2e5239054a40303b94feab585ad upstream.
Grub doesn't parse spaces in parameters correctly, so
this makes it impossible to force video= parameters
for kms on the grub kernel command line.
v2: shorten the names to make them easier to type.
Reported-by: Sergej Pupykin <ml@sergej.pp.ru>
Cc: Sergej Pupykin <ml@sergej.pp.ru>
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Wed, 8 Dec 2010 15:05:34 +0000 (10:05 -0500)]
drm/radeon/kms: don't apply 7xx HDP flush workaround on AGP
commit
f3886f85cfde578f1d0ba6e40ac5f9d70043923b upstream.
It should be required for all 7xx asics, but seems to cause
problems on some AGP 7xx chips.
Fixes:
https://bugzilla.kernel.org/show_bug.cgi?id=19002
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Reported-and-Tested-by: Duncan <1i5t5.duncan@cox.net>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel T Chen [Fri, 3 Dec 2010 03:45:45 +0000 (22:45 -0500)]
ALSA: hda: Use model=lg quirk for LG P1 Express to enable playback and capture
commit
77c4d5cdb81d25a45fbdfb84dd3348121219a072 upstream.
BugLink: https://launchpad.net/bugs/595482
The original reporter states that audible playback from the internal
speaker is inaudible despite the hardware being properly detected. To
work around this symptom, he uses the model=lg quirk to properly enable
both playback, capture, and jack sense. Another user corroborates this
workaround on separate hardware. Add this PCI SSID to the quirk table
to enable it for further LG P1 Expresses.
Reported-and-tested-by: Philip Peitsch <philip.peitsch@gmail.com>
Tested-by: nikhov
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel T Chen [Sun, 5 Dec 2010 13:43:14 +0000 (08:43 -0500)]
ALSA: hda: Use position_fix=1 for Acer Aspire 5538 to enable capture on internal mic
commit
dd5a089edfa51a74692604b4b427953d8e16bc35 upstream.
BugLink: https://launchpad.net/bugs/685161
The reporter of the bug states that he must use position_fix=1 to enable
capture for the internal microphone, so set it for his machine's PCI
SSID. Verified using 2.6.35 and the 2010-12-04 alsa-driver build.
Reported-and-tested-by: Ralph Wabel <rwabel@gmx.net>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Anssi Hannula [Tue, 7 Dec 2010 18:56:19 +0000 (20:56 +0200)]
ALSA: hda - Always allow basic audio irrespective of ELD info
commit
3dc86429032910bdf762adeb2969112bb303924c upstream.
Commit
bbbe33900d1f3c added functionality to restrict PCM parameters
based on ELD info (derived from EDID data) of the audio sink.
However, according to CEA-861-D no SAD is needed for basic audio
(32/44.1/48kHz stereo 16-bit audio), which is instead indicated with a
basic audio flag in the CEA EDID Extension.
The flag is not present in ELD. However, as all audio capable sinks are
required to support basic audio, we can assume it to be always
available.
Fix allowed audio formats with sinks that have SADs (Short Audio
Descriptors) which do not completely overlap with the basic audio
formats (there are no reports of affected devices so far) by always
assuming that basic audio is supported.
Reported-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Anssi Hannula [Tue, 7 Dec 2010 16:41:35 +0000 (18:41 +0200)]
ALSA: hda - Do not wrongly restrict min_channels based on ELD
commit
4b0dbdb17f846a8887e5f7fbeea2deb0703236bd upstream.
Commit
bbbe33900d1f3c added functionality to restrict PCM parameters
based on ELD info (derived from EDID data) of the audio sink.
However, it wrongly assumes that the bits 0-2 of the first byte of
CEA Short Audio Descriptors mean a supported number of channels. In
reality, they mean the maximum number of channels (as per CEA-861-D
7.5.2). This means that the channel count can only be used to restrict
max_channels, not min_channels.
Restricting min_channels causes us to deny opening the device in stereo
mode if the sink only has SADs that declare larger numbers of channels
(like Primare SP32 AV Processor does).
Fix that by not restricting min_channels based on ELD information.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Reported-by: Jean-Yves Avenard <jyavenard@gmail.com>
Tested-by: Jean-Yves Avenard <jyavenard@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Henningsson [Thu, 9 Dec 2010 06:17:27 +0000 (07:17 +0100)]
ALSA: HDA: Quirk for Dell Vostro 320 to make microphone work
commit
8a96b1e02029aa512199b1b6d281dcede9ed81f1 upstream.
BugLink: http://launchpad.net/497546
Confirmed that the ideapad model works better than the current
quirk for Dell Vostro 320.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Miklos Szeredi [Tue, 30 Nov 2010 15:39:27 +0000 (16:39 +0100)]
fuse: fix ioctl when server is 32bit
commit
d9d318d39dd5cb686660504a3565aac453709ccc upstream.
If a 32bit CUSE server is run on 64bit this results in EIO being
returned to the caller.
The reason is that FUSE_IOCTL_RETRY reply was defined to use 'struct
iovec', which is different on 32bit and 64bit archs.
Work around this by looking at the size of the reply to determine
which struct was used. This is only needed if CONFIG_COMPAT is
defined.
A more permanent fix for the interface will be to use the same struct
on both 32bit and 64bit.
Reported-by: "ccmail111" <ccmail111@yahoo.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Miklos Szeredi [Tue, 30 Nov 2010 15:39:27 +0000 (16:39 +0100)]
fuse: verify ioctl retries
commit
7572777eef78ebdee1ecb7c258c0ef94d35bad16 upstream.
Verify that the total length of the iovec returned in FUSE_IOCTL_RETRY
doesn't overflow iov_length().
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
H. Peter Anvin [Sat, 11 Dec 2010 04:55:22 +0000 (23:55 -0500)]
x86, hotplug: Use mwait to offline a processor, fix the legacy case
upstream
ea53069231f9317062910d6e772cca4ce93de8c8
x86, hotplug: Use mwait to offline a processor, fix the legacy case
Here included also some small follow-on patches to the same code:
upstream
a68e5c94f7d3dd64fef34dd5d97e365cae4bb42a
x86, hotplug: Move WBINVD back outside the play_dead loop
upstream
ce5f68246bf2385d6174856708d0b746dc378f20
x86, hotplug: In the MWAIT case of play_dead, CLFLUSH the cache line
https://bugzilla.kernel.org/show_bug.cgi?id=5471
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-Hartman [Thu, 9 Dec 2010 22:17:27 +0000 (14:17 -0800)]
Linux 2.6.36.2
Linus Torvalds [Mon, 29 Nov 2010 00:27:19 +0000 (16:27 -0800)]
Un-inline get_pipe_info() helper function
commit
72083646528d4887b920deb71b37e09bc7d227bb upstream.
This avoids some include-file hell, and the function isn't really
important enough to be inlined anyway.
Reported-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Torvalds [Sun, 28 Nov 2010 22:09:57 +0000 (14:09 -0800)]
Export 'get_pipe_info()' to other users
commit
c66fb347946ebdd5b10908866ecc9fa05ee2cf3d upstream.
And in particular, use it in 'pipe_fcntl()'.
The other pipe functions do not need to use the 'careful' version, since
they are only ever called for things that are already known to be pipes.
The normal read/write/ioctl functions are called through the file
operations structures, so if a file isn't a pipe, they'd never get
called. But pipe_fcntl() is special, and called directly from the
generic fcntl code, and needs to use the same careful function that the
splice code is using.
Cc: Jens Axboe <jaxboe@fusionio.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Torvalds [Sun, 28 Nov 2010 21:56:09 +0000 (13:56 -0800)]
Rename 'pipe_info()' to 'get_pipe_info()'
commit
71993e62a47dabddf10302807d6aa260455503f4 upstream.
.. and change it to take the 'file' pointer instead of an inode, since
that's what all users want anyway.
The renaming is preparatory to exporting it to other users. The old
'pipe_info()' name was too generic and is already used elsewhere, so
before making the function public we need to use a more specific name.
Cc: Jens Axboe <jaxboe@fusionio.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Heiko Carstens [Thu, 25 Nov 2010 08:52:45 +0000 (09:52 +0100)]
nmi: fix clock comparator revalidation
commit
e8129c642155616d9e2160a75f103e127c8c3708 upstream.
On each machine check all registers are revalidated. The save area for
the clock comparator however only contains the upper most seven bytes
of the former contents, if valid.
Therefore the machine check handler uses a store clock instruction to
get the current time and writes that to the clock comparator register
which in turn will generate an immediate timer interrupt.
However within the lowcore the expected time of the next timer
interrupt is stored. If the interrupt happens before that time the
handler won't be called. In turn the clock comparator won't be
reprogrammed and therefore the interrupt condition stays pending which
causes an interrupt loop until the expected time is reached.
On NOHZ machines this can result in unresponsive machines since the
time of the next expected interrupted can be a couple of days in the
future.
To fix this just revalidate the clock comparator register with the
expected value.
In addition the special handling for udelay must be changed as well.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>