firefly-linux-kernel-4.4.55.git
14 years agomm: flush dcache before writing into page to avoid alias
anfei zhou [Tue, 2 Feb 2010 21:44:02 +0000 (13:44 -0800)]
mm: flush dcache before writing into page to avoid alias

commit 931e80e4b3263db75c8e34f078d22f11bbabd3a3 upstream.

The cache alias problem will happen if the changes of user shared mapping
is not flushed before copying, then user and kernel mapping may be mapped
into two different cache line, it is impossible to guarantee the coherence
after iov_iter_copy_from_user_atomic.  So the right steps should be:

flush_dcache_page(page);
kmap_atomic(page);
write to page;
kunmap_atomic(page);
flush_dcache_page(page);

More precisely, we might create two new APIs flush_dcache_user_page and
flush_dcache_kern_page to replace the two flush_dcache_page accordingly.

Here is a snippet tested on omap2430 with VIPT cache, and I think it is
not ARM-specific:

int val = 0x11111111;
fd = open("abc", O_RDWR);
addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
*(addr+0) = 0x44444444;
tmp = *(addr+0);
*(addr+1) = 0x77777777;
write(fd, &val, sizeof(int));
close(fd);

The results are not always 0x11111111 0x77777777 at the beginning as expected.  Sometimes we see 0x44444444 0x77777777.

Signed-off-by: Anfei <anfei.zhou@gmail.com>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: <linux-arch@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agobe2net: Fix memset() arg ordering.
David S. Miller [Fri, 29 Jan 2010 05:36:21 +0000 (21:36 -0800)]
be2net: Fix memset() arg ordering.

commit d291b9af1a1a12f59a464494900c6e0db26e2ec3 upstream.

Noticed by Ben Hutchings.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agobe2net: Bug fix to support newer generation of BE ASIC
Ajit Khaparde [Wed, 27 Jan 2010 21:56:44 +0000 (21:56 +0000)]
be2net: Bug fix to support newer generation of BE ASIC

commit 7b139c83c590d4965259aad8889cbb08104b2891 upstream.

Bug fix in be2net for newer generation of BladeEngine ASIC.

Signed-off-by: Ajit Khaparde <ajitk@serverengines.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoconnector: Delete buggy notification code.
Evgeniy Polyakov [Tue, 2 Feb 2010 23:58:48 +0000 (15:58 -0800)]
connector: Delete buggy notification code.

commit f98bfbd78c37c5946cc53089da32a5f741efdeb7 upstream.

On Tue, Feb 02, 2010 at 02:57:14PM -0800, Greg KH (gregkh@suse.de) wrote:
> > There are at least two ways to fix it: using a big cannon and a small
> > one. The former way is to disable notification registration, since it is
> > not used by anyone at all. Second way is to check whether calling
> > process is root and its destination group is -1 (kind of priveledged
> > one) before command is dispatched to workqueue.
>
> Well if no one is using it, removing it makes the most sense, right?
>
> No objection from me, care to make up a patch either way for this?

Getting it is not used, let's drop support for notifications about
(un)registered events from connector.
Another option was to check credentials on receiving, but we can always
restore it without bugs if needed, but genetlink has a wider code base
and none complained, that userspace can not get notification when some
other clients were (un)registered.

Kudos for Sebastian Krahmer <krahmer@suse.de>, who found a bug in the
code.

Signed-off-by: Evgeniy Polyakov <zbr@ioremap.net>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agousb: r8a66597-hdc disable interrupts fix
Magnus Damm [Wed, 27 Jan 2010 07:41:19 +0000 (07:41 +0000)]
usb: r8a66597-hdc disable interrupts fix

commit e5ff15bec96ba18698dae5de0bbf7e6a0653ca65 upstream.

This patch improves disable_controller() in the r8a66597-hdc
driver to disable all interrupts and clear status flags. It
also makes sure that disable_controller() is called during
probe(). This fixes the relatively rare case of unexpected
pending interrupts after kexec reboot.

Signed-off-by: Magnus Damm <damm@opensource.se>
Acked-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoblock: fix bugs in bio-integrity mempool usage
Chuck Ebbert [Sat, 30 Jan 2010 19:28:19 +0000 (20:28 +0100)]
block: fix bugs in bio-integrity mempool usage

commit 9e9432c267e4047db98b9d4fba95099c6effcef9 upstream.

Fix two bugs in the bio integrity code:

 use_bip_pool() always returns 0 because it checks against the wrong limit,
 causing the mempool to be used only when regular allocation fails.

 When the mempool is used as a fallback we don't free the data properly.

Signed-Off-By: Chuck Ebbert <cebbert@redhat.com>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agorandom: Remove unused inode variable
Herbert Xu [Mon, 1 Feb 2010 10:48:28 +0000 (21:48 +1100)]
random: Remove unused inode variable

commit cd1510cb5f892907fe1a662f90b41fb3a42954e0 upstream.

The previous changeset left behind an unused inode variable.
This patch removes it.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agorandom: drop weird m_time/a_time manipulation
Matt Mackall [Fri, 29 Jan 2010 08:50:36 +0000 (21:50 +1300)]
random: drop weird m_time/a_time manipulation

commit a996996dd75a9086b12d1cb4010f26e1748993f0 upstream.

No other driver does anything remotely like this that I know of except
for the tty drivers, and I can't see any reason for random/urandom to do
it. In fact, it's a (trivial, harmless) timing information leak. And
obviously, it generates power- and flash-cycle wasting I/O, especially
if combined with something like hwrngd. Also, it breaks ubifs's
expectations.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoFix 'flush_old_exec()/setup_new_exec()' split
Linus Torvalds [Tue, 2 Feb 2010 20:37:44 +0000 (12:37 -0800)]
Fix 'flush_old_exec()/setup_new_exec()' split

commit 7ab02af428c2d312c0cf8fb0b01cc1eb21131a3d upstream.

Commit 221af7f87b9 ("Split 'flush_old_exec' into two functions") split
the function at the point of no return - ie right where there were no
more error cases to check.  That made sense from a technical standpoint,
but when we then also combined it with the actual personality setting
going in between flush_old_exec() and setup_new_exec(), it needs to be a
bit more careful.

In particular, we need to make sure that we really flush the old
personality bits in the 'flush' stage, rather than later in the 'setup'
stage, since otherwise we might be flushing the _new_ personality state
that we're just setting up.

So this moves the flags and personality flushing (and 'flush_thread()',
which is the arch-specific function that generally resets lazy FP state
etc) of the old process into flush_old_exec(), so that it doesn't affect
any state that execve() is setting up for the new process environment.

This was reported by Michal Simek as breaking his Microblaze qemu
environment.

Reported-and-tested-by: Michal Simek <michal.simek@petalogix.com>
Cc: Peter Anvin <hpa@zytor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoblock: fix bio_add_page for non trivial merge_bvec_fn case
Dmitry Monakhov [Wed, 27 Jan 2010 19:44:36 +0000 (22:44 +0300)]
block: fix bio_add_page for non trivial merge_bvec_fn case

commit 1d6165851cd8e3f919d446cd6da35dee44e8837e upstream.

We have to properly decrease bi_size in order to merge_bvec_fn return
right result.  Otherwise this result in false merge rejects for two
absolutely valid bio_vecs.  This may cause significant performance
penalty for example fs_block_size == 1k and block device is raid0 with
small chunk_size = 8k. Then it is impossible to merge 7-th fs-block in
to bio which already has 6 fs-blocks.

Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomm: purge fragmented percpu vmap blocks
Nick Piggin [Mon, 1 Feb 2010 11:25:57 +0000 (22:25 +1100)]
mm: purge fragmented percpu vmap blocks

commit 02b709df817c0db174f249cc59e5f7fd01b64d92 upstream.

Improve handling of fragmented per-CPU vmaps.  We previously don't free
up per-CPU maps until all its addresses have been used and freed.  So
fragmented blocks could fill up vmalloc space even if they actually had
no active vmap regions within them.

Add some logic to allow all CPUs to have these blocks purged in the case
of failure to allocate a new vm area, and also put some logic to trim
such blocks of a current CPU if we hit them in the allocation path (so
as to avoid a large build up of them).

Christoph reported some vmap allocation failures when using the per CPU
vmap APIs in XFS, which cannot be reproduced after this patch and the
previous bug fix.

Cc: linux-mm@kvack.org
Tested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomm: percpu-vmap fix RCU list walking
Nick Piggin [Mon, 1 Feb 2010 11:24:18 +0000 (22:24 +1100)]
mm: percpu-vmap fix RCU list walking

commit de5604231ce4bc8db1bc1dcd27d8540cbedf1518 upstream.

RCU list walking of the per-cpu vmap cache was broken.  It did not use
RCU primitives, and also the union of free_list and rcu_head is
obviously wrong (because free_list is indeed the list we are RCU
walking).

While we are there, remove a couple of unused fields from an earlier
iteration.

These APIs aren't actually used anywhere, because of problems with the
XFS conversion.  Christoph has now verified that the problems are solved
with these patches.  Also it is an exported interface, so I think it
will be good to be merged now (and Christoph wants to get the XFS
changes into their local tree).

Cc: linux-mm@kvack.org
Tested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agolibata: retry link resume if necessary
Tejun Heo [Mon, 11 Jan 2010 02:14:44 +0000 (11:14 +0900)]
libata: retry link resume if necessary

commit 5040ab67a2c6d5710ba497dc52a8f7035729d7b0 upstream.

Interestingly, when SIDPR is used in ata_piix, writes to DET in
SControl sometimes get ignored leading to detection failure.  Update
sata_link_resume() such that it reads back SControl after clearing DET
and retry if it's not clear.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: fengxiangjun <fengxiangjun@neusoft.com>
Reported-by: Jim Faulkner <jfaulkne@ccs.neu.edu>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agooprofile/x86: fix crash when profiling more than 28 events
Suravee Suthikulpanit [Mon, 18 Jan 2010 17:25:36 +0000 (11:25 -0600)]
oprofile/x86: fix crash when profiling more than 28 events

commit d8cc108f4fab42b380c6b3f3356f99e8dd5372e2 upstream.

With multiplexing enabled oprofile crashs when profiling more than 28
events. This patch fixes this.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agooprofile/x86: add Xeon 7500 series support
Andi Kleen [Thu, 21 Jan 2010 22:26:27 +0000 (23:26 +0100)]
oprofile/x86: add Xeon 7500 series support

commit e83e452b0692c9c13372540deb88a77d4ae2553d upstream.

Add Xeon 7500 series support to oprofile.

Straight forward: it's the same as Core i7, so just detect
the model number. No user space changes needed.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: allow userspace to adjust kvmclock offset
Glauber Costa [Mon, 1 Feb 2010 18:54:05 +0000 (16:54 -0200)]
KVM: allow userspace to adjust kvmclock offset

(cherry picked from afbcf7ab8d1bc8c2d04792f6d9e786e0adeb328d)

When we migrate a kvm guest that uses pvclock between two hosts, we may
suffer a large skew. This is because there can be significant differences
between the monotonic clock of the hosts involved. When a new host with
a much larger monotonic time starts running the guest, the view of time
will be significantly impacted.

Situation is much worse when we do the opposite, and migrate to a host with
a smaller monotonic clock.

This proposed ioctl will allow userspace to inform us what is the monotonic
clock value in the source host, so we can keep the time skew short, and
more importantly, never goes backwards. Userspace may also need to trigger
the current data, since from the first migration onwards, it won't be
reflected by a simple call to clock_gettime() anymore.

[marcelo: future-proof abi with a flags field]
[jan: fix KVM_GET_CLOCK by clearing flags field instead of checking it]

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoax25: netrom: rose: Fix timer oopses
Jarek Poplawski [Sat, 16 Jan 2010 09:04:04 +0000 (01:04 -0800)]
ax25: netrom: rose: Fix timer oopses

[ Upstream commit d00c362f1b0ff54161e0a42b4554ac621a9ef92d ]

Wrong ax25_cb refcounting in ax25_send_frame() and by its callers can
cause timer oopses (first reported with 2.6.29.6 kernel).

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=14905
Reported-by: Bernard Pidoux <bpidoux@free.fr>
Tested-by: Bernard Pidoux <bpidoux@free.fr>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoaf_packet: Don't use skb after dev_queue_xmit()
Jarek Poplawski [Sun, 10 Jan 2010 22:04:19 +0000 (22:04 +0000)]
af_packet: Don't use skb after dev_queue_xmit()

[ Upstream commit eb70df13ee52dbc0f2c0ffd8ed34a8cd27440baf ]

tpacket_snd() can change and kfree an skb after dev_queue_xmit(),
which is illegal.

With debugging by: Stephen Hemminger <shemminger@vyatta.com>

Reported-by: Michael Breuer <mbreuer@majjas.com>
With help from: David S. Miller <davem@davemloft.net>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Tested-by: Michael Breuer<mbreuer@majjas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonet: restore ip source validation
Jamal Hadi Salim [Sat, 26 Dec 2009 01:30:22 +0000 (17:30 -0800)]
net: restore ip source validation

[ Upstream commit 28f6aeea3f12d37bd258b2c0d5ba891bff4ec479 ]

when using policy routing and the skb mark:
there are cases where a back path validation requires us
to use a different routing table for src ip validation than
the one used for mapping ingress dst ip.
One such a case is transparent proxying where we pretend to be
the destination system and therefore the local table
is used for incoming packets but possibly a main table would
be used on outbound.
Make the default behavior to allow the above and if users
need to turn on the symmetry via sysctl src_valid_mark

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosky2: Fix oops in sky2_xmit_frame() after TX timeout
Jarek Poplawski [Mon, 4 Jan 2010 08:48:41 +0000 (08:48 +0000)]
sky2: Fix oops in sky2_xmit_frame() after TX timeout

[ Upstream commit 9db2f1bec36805e57a003f7bb90e003815d96de8 ]

During TX timeout procedure dev could be awoken too early, e.g. by
sky2_complete_tx() called from sky2_down(). Then sky2_xmit_frame()
can run while buffers are freed causing an oops. This patch fixes it
by adding netif_device_present() test in sky2_tx_complete().

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=14925
With debugging by: Mike McCormack <mikem@ring3k.org>

Reported-by: Berck E. Nash <flyboy@gmail.com>
Tested-by: Berck E. Nash <flyboy@gmail.com>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotcp: update the netstamp_needed counter when cloning sockets
Octavian Purdila [Fri, 8 Jan 2010 08:00:09 +0000 (00:00 -0800)]
tcp: update the netstamp_needed counter when cloning sockets

[ Upstream commit 704da560c0a0120d8869187f511491a00951a1d3 ]

This fixes a netstamp_needed accounting issue when the listen socket
has SO_TIMESTAMP set:

    s = socket(AF_INET, SOCK_STREAM, 0);
    setsockopt(s, SOL_SOCKET, SO_TIMESTAMP, 1); -> netstamp_needed = 1
    bind(s, ...);
    listen(s, ...);
    s2 = accept(s, ...); -> netstamp_needed = 1
    close(s2); -> netstamp_needed = 0
    close(s); -> netstamp_needed = -1

Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoclocksource: fix compilation if no GENERIC_TIME
Aaro Koskinen [Mon, 1 Feb 2010 16:24:58 +0000 (18:24 +0200)]
clocksource: fix compilation if no GENERIC_TIME

commit a362c638bdf052bf424bce7645d39b101090f6ba upstream

Commit a9238ce3bb0fda6e760780b702c6cbd3793087d3 broke compilation on
platforms that do not implement GENERIC_TIME (e.g. iop32x):

  kernel/time/clocksource.c: In function 'clocksource_register':
  kernel/time/clocksource.c:556: error: implicit declaration of function 'clocksource_max_deferment'

Provide the implementation of clocksource_max_deferment() also for
such platforms.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86/amd-iommu: Fix possible integer overflow
Joerg Roedel [Fri, 22 Jan 2010 15:40:20 +0000 (16:40 +0100)]
x86/amd-iommu: Fix possible integer overflow

commit d91afd15b041f27d34859c79afa9e172018a86f4 upstream.

The variable i in this function could be increased to over
2**32 which would result in an integer overflow when using
int. Fix it by changing i to unsigned long.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Add quirk for Intel DG45FC board to avoid low memory corruption
David Härdeman [Thu, 28 Jan 2010 20:02:54 +0000 (21:02 +0100)]
x86: Add quirk for Intel DG45FC board to avoid low memory corruption

commit 7c099ce1575126395f186ecf58b51a60d5c3be7d upstream.

Commit 6aa542a694dc9ea4344a8a590d2628c33d1b9431 added a quirk for the
Intel DG45ID board due to low memory corruption. The Intel DG45FC
shares the same BIOS (and the same bug) as noted in:

  http://bugzilla.kernel.org/show_bug.cgi?id=13736

Signed-off-by: David Härdeman <david@hardeman.nu>
LKML-Reference: <20100128200254.GA9134@hardeman.nu>
Cc: Alexey Fisher <bug-track@fisher-privat.net>
Cc: ykzhao <yakui.zhao@intel.com>
Cc: Tony Bones <aabonesml@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Add Dell OptiPlex 760 reboot quirk
Leann Ogasawara [Wed, 27 Jan 2010 23:29:18 +0000 (15:29 -0800)]
x86: Add Dell OptiPlex 760 reboot quirk

commit 35ea63d70f827a26c150993b4b940925bb02b03f upstream.

Dell OptiPlex 760 hangs on reboot unless reboot=bios is used.  Add quirk
to reboot through the BIOS.

BugLink: https://bugs.launchpad.net/bugs/488319
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
LKML-Reference: <1264634958.27335.1091.camel@emiko>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoregulator: Specify REGULATOR_CHANGE_STATUS for WM835x LED constraints
Mark Brown [Mon, 4 Jan 2010 15:30:54 +0000 (15:30 +0000)]
regulator: Specify REGULATOR_CHANGE_STATUS for WM835x LED constraints

commit a2fad9bf26a1d44a8d31a5c4528108a2b9f468ab upstream.

The WM8350 LED driver needs to be able to enable and disable the
regulators it is using. Previously the core wasn't properly enforcing
status change constraints so the driver was able to function but this
has always been intended to be required.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSECURITY: selinux, fix update_rlimit_cpu parameter
Jiri Slaby [Fri, 28 Aug 2009 08:47:16 +0000 (10:47 +0200)]
SECURITY: selinux, fix update_rlimit_cpu parameter

commit 17740d89785aeb4143770923d67c293849414710 upstream.

Don't pass current RLIMIT_RTTIME to update_rlimit_cpu() in
selinux_bprm_committing_creds, since update_rlimit_cpu expects
RLIMIT_CPU limit.

Use proper rlim[RLIMIT_CPU].rlim_cur instead to fix that.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofirewire: core: add_descriptor size check
Stefan Richter [Fri, 29 Jan 2010 20:25:46 +0000 (21:25 +0100)]
firewire: core: add_descriptor size check

Backport of commit e300839da40e99581581c5d053a95a172651fec8 upstream.

Presently, firewire-core only checks whether descriptors that are to be
added by userspace drivers to the local node's config ROM do not exceed
a size of 256 quadlets.  However, the sum of the bare minimum ROM plus
all descriptors (from firewire-core, from firewire-net, from userspace)
must not exceed 256 quadlets.

Otherwise, the bounds of a statically allocated buffer will be
overwritten.  If the kernel survives that, firewire-core will
subsequently be unable to parse the local node's config ROM.

(Note, userspace drivers can add descriptors only through device files
of local nodes.  These are usually only accessible by root, unlike
device files of remote nodes which may be accessible to lesser
privileged users.)

Therefore add a test which takes the actual present and required ROM
size into account for all descriptors of kernelspace and userspace
drivers.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/i915: only enable hotplug for detected outputs
Jesse Barnes [Fri, 11 Dec 2009 19:07:17 +0000 (11:07 -0800)]
drm/i915: only enable hotplug for detected outputs

commit b01f2c3a4a37d09a47ad73ccbb46d554d21cfeb0 upstream.

This patch changes around our hotplug enable code a bit to only enable
it for ports we actually detect and initialize.  This prevents problems
with stuck or spurious interrupts on outputs that aren't actually wired
up, and is generally more correct.

Fixes FDO bug #23183.

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: set default aggregation frame count limit to 31
Wey-Yi Guy [Fri, 2 Oct 2009 20:44:01 +0000 (13:44 -0700)]
iwlwifi: set default aggregation frame count limit to 31

commit 4d80d7210bb5a36a18978d1305b44375ecb857d9 upstream.

Multiple MPDUs can be aggregated, transmitted, and finally acknowledged
together using a single BA frame. Block ACK (BA) contains
bitmap size of 64*16 bits so the maximum frame count is 64.
The default value of aggregation frame count suggested by uCode is 31 to
achieve best performance.

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Disable HPET MSI on ATI SB700/SB800
Venkatesh Pallipadi [Fri, 29 Jan 2010 19:27:31 +0000 (11:27 -0800)]
x86: Disable HPET MSI on ATI SB700/SB800

commit 73472a46b5b28116b145fb5fc05242c1aa8e1461 upstream

HPET MSI on platforms with ATI SB700/SB800 as they seem to have some
side-effects on floppy DMA. Do not use HPET MSI on such platforms.

Original problem report from Mark Hounschell
http://lkml.indiana.edu/hypermail/linux/kernel/0912.2/01118.html

Tested-by: Mark Hounschell <markh@compro.net>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Cc: <stable@kernel.org>
LKML-Reference: <20100121190952.GA32523@linux-os.sc.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
14 years agoInput: winbond-cir - remove dmesg spam
David Härdeman [Fri, 29 Jan 2010 06:28:27 +0000 (22:28 -0800)]
Input: winbond-cir - remove dmesg spam

commit 93fb84b50fe03aabca8d9dea5d3ba521a07e8571 upstream.

I missed converting one dev_info call to deb_dbg before submitting the driver.
Without this change, a message will be printed to dmesg for each button press
if a RC6 remote is used.

Signed-off-by: David Härdeman <david@hardeman.nu>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: get rid of the insane TIF_ABI_PENDING bit
H. Peter Anvin [Fri, 29 Jan 2010 06:14:43 +0000 (22:14 -0800)]
x86: get rid of the insane TIF_ABI_PENDING bit

commit 05d43ed8a89c159ff641d472f970e3f1baa66318 upstream.

Now that the previous commit made it possible to do the personality
setting at the point of no return, we do just that for ELF binaries.
And suddenly all the reasons for that insane TIF_ABI_PENDING bit go
away, and we can just make SET_PERSONALITY() just do the obvious thing
for a 32-bit compat process.

Everything becomes much more straightforward this way.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosparc: TIF_ABI_PENDING bit removal
David Miller [Fri, 29 Jan 2010 05:42:02 +0000 (21:42 -0800)]
sparc: TIF_ABI_PENDING bit removal

commit 94673e968cbcce07fa78dac4b0ae05d24b5816e1 upstream.

Here are the sparc bits to remove TIF_ABI_PENDING now that
set_personality() is called at the appropriate place in exec.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSplit 'flush_old_exec' into two functions
Linus Torvalds [Fri, 29 Jan 2010 06:14:42 +0000 (22:14 -0800)]
Split 'flush_old_exec' into two functions

commit 221af7f87b97431e3ee21ce4b0e77d5411cf1549 upstream.

'flush_old_exec()' is the point of no return when doing an execve(), and
it is pretty badly misnamed.  It doesn't just flush the old executable
environment, it also starts up the new one.

Which is very inconvenient for things like setting up the new
personality, because we want the new personality to affect the starting
of the new environment, but at the same time we do _not_ want the new
personality to take effect if flushing the old one fails.

As a result, the x86-64 '32-bit' personality is actually done using this
insane "I'm going to change the ABI, but I haven't done it yet" bit
(TIF_ABI_PENDING), with SET_PERSONALITY() not actually setting the
personality, but just the "pending" bit, so that "flush_thread()" can do
the actual personality magic.

This patch in no way changes any of that insanity, but it does split the
'flush_old_exec()' function up into a preparatory part that can fail
(still called flush_old_exec()), and a new part that will actually set
up the new exec environment (setup_new_exec()).  All callers are changed
to trivially comply with the new world order.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoFDPIC: Respect PT_GNU_STACK exec protection markings when creating NOMMU stack
Mike Frysinger [Wed, 6 Jan 2010 17:23:17 +0000 (17:23 +0000)]
FDPIC: Respect PT_GNU_STACK exec protection markings when creating NOMMU stack

commit 04e4f2b18c8de1389d1e00fef0f42a8099910daf upstream.

The current code will load the stack size and protection markings, but
then only use the markings in the MMU code path.  The NOMMU code path
always passes PROT_EXEC to the mmap() call.  While this doesn't matter
to most people whilst the code is running, it will cause a pointless
icache flush when starting every FDPIC application.  Typically this
icache flush will be of a region on the order of 128KB in size, or may
be the entire icache, depending on the facilities available on the CPU.

In the case where the arch default behaviour seems to be desired
(EXSTACK_DEFAULT), we probe VM_STACK_FLAGS for VM_EXEC to determine
whether we should be setting PROT_EXEC or not.

For arches that support an MPU (Memory Protection Unit - an MMU without
the virtual mapping capability), setting PROT_EXEC or not will make an
important difference.

It should be noted that this change also affects the executability of
the brk region, since ELF-FDPIC has that share with the stack.  However,
this is probably irrelevant as NOMMU programs aren't likely to use the
brk region, preferring instead allocation via mmap().

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomm: fix migratetype bug which slowed swapping
Hugh Dickins [Fri, 29 Jan 2010 17:46:34 +0000 (17:46 +0000)]
mm: fix migratetype bug which slowed swapping

commit a7016235a61d520e6806f38129001d935c4b6661 upstream.

After memory pressure has forced it to dip into the reserves, 2.6.32's
5f8dcc21211a3d4e3a7a5ca366b469fb88117f61 "page-allocator: split per-cpu
list into one-list-per-migrate-type" has been returning MIGRATE_RESERVE
pages to the MIGRATE_MOVABLE free_list: in some sense depleting reserves.

Fix that in the most straightforward way (which, considering the overheads
of alternative approaches, is Mel's preference): the right migratetype is
already in page_private(page), but free_pcppages_bulk() wasn't using it.

How did this bug show up?  As a 20% slowdown in my tmpfs loop kbuild
swapping tests, on PowerMac G5 with SLUB allocator.  Bisecting to that
commit was easy, but explaining the magnitude of the slowdown not easy.

The same effect appears, but much less markedly, with SLAB, and even
less markedly on other machines (the PowerMac divides into fewer zones
than x86, I think that may be a factor).  We guess that lumpy reclaim
of short-lived high-order pages is implicated in some way, and probably
this bug has been tickling a poor decision somewhere in page reclaim.

But instrumentation hasn't told me much, I've run out of time and
imagination to determine exactly what's going on, and shouldn't hold up
the fix any longer: it's valid, and might even fix other misbehaviours.

Signed-off-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoFix failure exit in ipathfs
Al Viro [Mon, 25 Jan 2010 23:44:58 +0000 (18:44 -0500)]
Fix failure exit in ipathfs

commit 12e9a45609054fb83d4a8b716a5265cc1a393e10 upstream.

deactivate_locked_super() will be done by caller of fill_super, doing
it there as well is b0rken.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofix affs parse_options()
Al Viro [Sun, 24 Jan 2010 05:06:22 +0000 (00:06 -0500)]
fix affs parse_options()

commit 217686e98321a4ff4c1a6cc535e511e37c5d2dbf upstream.

Error handling in that sucker got broken back in 2003.  If function
returns 0 on failure, it's not nice to add return -EINVAL into it.
Adding return 1 on other failure exits is also not a good thing (and
yes, original success exits with 1 and some of failure exits with 0
are still there; so's the original logics in callers).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoFix remount races with symlink handling in affs
Al Viro [Sun, 24 Jan 2010 05:04:07 +0000 (00:04 -0500)]
Fix remount races with symlink handling in affs

commit 29333920a5a46edcc9b728e2cf0134d5a9b516ee upstream.

A couple of fields in affs_sb_info is used in follow_link() and
symlink() for handling AFFS "absolute" symlinks.  Need locking
against affs_remount() updates.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofix leak in romfs_fill_super()
Al Viro [Mon, 25 Jan 2010 11:05:54 +0000 (06:05 -0500)]
fix leak in romfs_fill_super()

commit 7e32b7bb734047c5e3cecf2e896b9cf8fc35d1e8 upstream.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofix oops in fs/9p late mount failure
Al Viro [Mon, 25 Jan 2010 11:16:19 +0000 (06:16 -0500)]
fix oops in fs/9p late mount failure

commit 083c73c253c23c20359a344dfe1198ea628e6259 upstream.

if 9P ->get_sb() fails late (at root inode or root dentry
allocation), we'll hit its ->kill_sb() with NULL ->s_root

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoFix failure exits in bfs_fill_super()
Al Viro [Sun, 24 Jan 2010 05:52:22 +0000 (00:52 -0500)]
Fix failure exits in bfs_fill_super()

commit 5998649f779b7148a8a0c10c46cfa99e27d34dfe upstream.

double iput(), leaks...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoFix a leak in affs_fill_super()
Al Viro [Sun, 24 Jan 2010 04:38:27 +0000 (23:38 -0500)]
Fix a leak in affs_fill_super()

commit afc70ed05a07bfe171f7a5b8fdc80bdb073d314f upstream.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/i915: Reload hangcheck timer too for Ironlake
Zhenyu Wang [Thu, 17 Dec 2009 08:12:56 +0000 (16:12 +0800)]
drm/i915: Reload hangcheck timer too for Ironlake

commit c566ec49159b806db95a90fd8f37448376cd0ad2 upstream.

Make sure hangcheck timer won't beat us unexpectedly on Ironlake.

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoe1000/e1000e: don't use small hardware rx buffers
Jesse Brandeburg [Fri, 22 Jan 2010 22:56:16 +0000 (22:56 +0000)]
e1000/e1000e: don't use small hardware rx buffers

commit 9926146b15fd96d78a4f7c32e7a26d50639369f4 upstream.

When testing the "e1000: enhance frame fragment detection" (and e1000e)
patches we found some bugs with reducing the MTU size.  The 1024 byte
descriptor used with the 1000 mtu test also (re) introduced the
(originally) reported bug, and causes us to need the e1000_clean_tx_irq
"enhance frame fragment detection" fix.

So what has occured here is that 2.6.32 is only vulnerable for mtu <
1500 due to the jumbo specific routines in both e1000 and e1000e.
So, 2.6.32 needs the 2kB buffer len fix for those smaller MTUs, but
is not vulnerable to the original issue reported.  It has been pointed
out that this vulnerability needs to be patched in older kernels that
don't have the e1000 jumbo routine.  Without the jumbo routines, we
need the "enhance frame fragment detection" fix the e1000, old
e1000e is only vulnerable for < 1500 mtu, and needs a similar
fix.  We split the patches up to provide easy backport paths.

There is only a slight bit of extra code when this fix and the
original "enhance frame fragment detection" fixes are applied, so
please apply both, even though it is a bit of overkill.

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoe1000e: enhance frame fragment detection
Jesse Brandeburg [Tue, 19 Jan 2010 14:15:59 +0000 (14:15 +0000)]
e1000e: enhance frame fragment detection

commit b94b50289622e816adc9f94111cfc2679c80177c upstream.

Originally patched by Neil Horman <nhorman@tuxdriver.com>

e1000e could with a jumbo frame enabled interface, and packet split disabled,
receive a packet that would overflow a single rx buffer.  While in practice
very hard to craft a packet that could abuse this, it is possible.

this is related to CVE-2009-4538

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoe1000: enhance frame fragment detection
Jesse Brandeburg [Tue, 19 Jan 2010 14:15:38 +0000 (14:15 +0000)]
e1000: enhance frame fragment detection

commit 40a14deaf411592b57cb0720f0e8004293ab9865 upstream.

Originally From: Neil Horman <nhorman@tuxdriver.com>
Modified by: Jesse Brandeburg <jesse.brandeburg@intel.com>

Hey all-
A security discussion was recently given:
http://events.ccc.de/congress/2009/Fahrplan//events/3596.en.html
And a patch that I submitted awhile back was brought up.  Apparently some of
their testing revealed that they were able to force a buffer fragment in e1000
in which the trailing fragment was greater than 4 bytes.  As a result the
fragment check I introduced failed to detect the fragement and a partial
invalid frame was passed up into the network stack.  I've written this patch
to correct it.  I'm in the process of testing it now, but it makes good
logical sense to me.  Effectively it maintains a per-adapter state variable
which detects a non-EOP frame, and discards it and subsequent non-EOP frames
leading up to _and_ _including_ the next positive-EOP frame (as it is by
definition the last fragment).  This should prevent any and all partial frames
from entering the network stack from e1000.

Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUBI: fix volume creation input checking
Mika Westerberg [Tue, 26 Jan 2010 15:47:05 +0000 (17:47 +0200)]
UBI: fix volume creation input checking

commit c5ce5b46af76f52dea21f467397d24c4ae6cb3ff upstream.

Do not use an unchecked variable UBI_IOCMKVOL ioctl.

Signed-off-by: Mika Westerberg <ext-mika.1.westerberg@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: Advertise to BIOS in _OSC: _OST on _PPC changes
Zhao Yakui [Fri, 8 Jan 2010 13:29:58 +0000 (21:29 +0800)]
ACPI: Advertise to BIOS in _OSC: _OST on _PPC changes

commit 6a4e2b7503d1f630bface040cf0f5a7aac1fabdb upstream.

If the BIOS pokes the system-wide OSC bits to see if Linux
supports evaluating _OST after a _PPC change notification,
answer yes.

Also, fix an oversight where we neglected to set the OSC
bit advertising processor aggregator device support
when acpi-pad is compiled as a module.

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: fix OSC regression that caused aer and pciehp not to load
Shaohua Li [Wed, 23 Dec 2009 09:04:11 +0000 (17:04 +0800)]
ACPI: fix OSC regression that caused aer and pciehp not to load

commit 9dc130fccb874f2959ef313d7922d306dc6d4f75 upstream.

Executing _OSC returns a buffer, which has an acpi object in it.
Don't directly returns the buffer, instead, we return the acpi object's
buffer. This fixes a regression since caller of acpi_run_osc expects
an acpi object's buffer returned.

Tested-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: Add platform-wide _OSC support.
Shaohua Li [Thu, 29 Oct 2009 03:05:05 +0000 (11:05 +0800)]
ACPI: Add platform-wide _OSC support.

commit 3563ff964fdc36358cef0330936fdac28e65142a upstream.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: Add a generic API for _OSC -v2
Shaohua Li [Thu, 29 Oct 2009 03:04:28 +0000 (11:04 +0800)]
ACPI: Add a generic API for _OSC -v2

commit 70023de88c58a81a730ab4d13c51a30e537ec76e upstream.

v2->v1:
.improve debug info as suggedted by Bjorn,Kenji
.API is using uuid string as suggested by Alexey

Add an API to execute _OSC. A lot of devices can have this method, so add a
generic API.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodasd: fix possible NULL pointer errors
Stefan Haberland [Wed, 27 Jan 2010 09:12:35 +0000 (10:12 +0100)]
dasd: fix possible NULL pointer errors

commit 294001a80c9810e2fe27aaaad7df8be12a103065 upstream.

Fix possible NULL pointer in DASD messages and correct discipline
checking.

Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agozcrypt: Do not remove coprocessor for error 8/72
Felix Beck [Wed, 27 Jan 2010 09:12:39 +0000 (10:12 +0100)]
zcrypt: Do not remove coprocessor for error 8/72

commit 19b123ebacacdce5e75045bfe82122b01c821a5b upstream.

In a case where the number of the input data is bigger than the
modulus of the key, the coprocessor adapters will report an 8/72
error. This case is not caught yet, thus the adapter will be taken
offline. To prevent this, we return an -EINVAL instead.

Signed-off-by: Felix Beck <felix.beck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agolibata: retry FS IOs even if it has failed with AC_ERR_INVALID
Tejun Heo [Thu, 14 Jan 2010 07:18:09 +0000 (16:18 +0900)]
libata: retry FS IOs even if it has failed with AC_ERR_INVALID

commit 534ead709235b967b659947c55d9130873a432c4 upstream.

libata currently doesn't retry if a command fails with AC_ERR_INVALID
assuming that retrying won't get it any further even if retried.
However, a failure may be classified as invalid through hardware
glitch (incorrect reading of the error register or firmware bug) and
there isn't whole lot to gain by not retrying as actually invalid
commands will be failed immediately.  Also, commands serving FS IOs
are extremely unlikely to be invalid.  Retry FS IOs even if it's
marked invalid.

Transient and incorrect invalid failure was seen while debugging
firmware related issue on Samsung n130 on bko#14314.

  http://bugzilla.kernel.org/show_bug.cgi?id=14314

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Johannes Stezenbach <js@sig21.net>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Remove "x86 CPU features in debugfs" (CONFIG_X86_CPU_DEBUG)
H. Peter Anvin [Sun, 24 Jan 2010 02:27:47 +0000 (18:27 -0800)]
x86: Remove "x86 CPU features in debugfs" (CONFIG_X86_CPU_DEBUG)

commit b160091802d4a76dd063facb09fcf10bf5d5d747 upstream.

CONFIG_X86_CPU_DEBUG, which provides some parsed versions of the x86
CPU configuration via debugfs, has caused boot failures on real
hardware.  The value of this feature has been marginal at best, as all
this information is already available to userspace via generic
interfaces.

Causes crashes that have not been fixed + minimal utility -> remove.

See the referenced LKML thread for more information.

Reported-by: Ozan Çağlayan <ozan@pardus.org.tr>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
LKML-Reference: <alpine.LFD.2.00.1001221755320.13231@localhost.localdomain>
Cc: Jaswinder Singh Rajput <jaswinder@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Set hotpluggable nodes in nodes_possible_map
David Rientjes [Wed, 20 Jan 2010 20:10:47 +0000 (12:10 -0800)]
x86: Set hotpluggable nodes in nodes_possible_map

commit 3a5fc0e40cb467e692737bc798bc99773c81e1e2 upstream.

nodes_possible_map does not currently include nodes that have SRAT
entries that are all ACPI_SRAT_MEM_HOT_PLUGGABLE since the bit is
cleared in nodes_parsed if it does not have an online address range.

Unequivocally setting the bit in nodes_parsed is insufficient since
existing code, such as acpi_get_nodes(), assumes all nodes in the map
have online address ranges.  In fact, all code using nodes_parsed
assumes such nodes represent an address range of online memory.

nodes_possible_map is created by unioning nodes_parsed and
cpu_nodes_parsed; the former represents nodes with online memory and
the latter represents memoryless nodes.  We now set the bit for
hotpluggable nodes in cpu_nodes_parsed so that it also gets set in
nodes_possible_map.

[ hpa: Haicheng Li points out that this makes the naming of the
  variable cpu_nodes_parsed somewhat counterintuitive.  However, leave
  it as is in the interest of keeping the pure bug fix patch small. ]

Signed-off-by: David Rientjes <rientjes@google.com>
Tested-by: Haicheng Li <haicheng.li@linux.intel.com>
LKML-Reference: <alpine.DEB.2.00.1001201152040.30528@chino.kir.corp.google.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoS390: fix single stepped svcs with TRACE_IRQFLAGS=y
Martin Schwidefsky [Wed, 27 Jan 2010 09:12:40 +0000 (10:12 +0100)]
S390: fix single stepped svcs with TRACE_IRQFLAGS=y

commit 21ec7f6dbf10492ce9a21718040677d3e68bd57d upstream.

If irq flags tracing is enabled the TRACE_IRQS_ON macros expands to
a function call which clobbers registers %r0-%r5. The macro is used
in the code path for single stepped system calls. The argument
registers %r2-%r6 need to be restored from the stack before the system
call function is called.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofirewire: ohci: fix crashes with TSB43AB23 on 64bit systems
Stefan Richter [Tue, 26 Jan 2010 20:39:07 +0000 (21:39 +0100)]
firewire: ohci: fix crashes with TSB43AB23 on 64bit systems

commit 7a481436787cbc932af6c407b317ac603969a242 upstream.

Unsurprisingly, Texas Instruments TSB43AB23 exhibits the same behaviour
as TSB43AB22/A in dual buffer IR DMA mode:  If descriptors are located
at physical addresses above the 31 bit address range (2 GB), the
controller will overwrite random memory.  With luck, this merely
prevents video reception.  With only a little less luck, the machine
crashes.

We use the same workaround here as with TSB43AB22/A:  Switch off the
dual buffer capability flag and use packet-per-buffer IR DMA instead.
Another possible workaround would be to limit the coherent DMA mask to
31 bits.

In Linux 2.6.33, this change serves effectively only as documentation
since dual buffer mode is not used for any controller anymore.  But
somebody might want to re-enable it in the future to make use of
features of dual buffer DMA that are not available in packet-per-buffer
mode.

In Linux 2.6.32 and older, this update is vital for anyone with this
controller, more than 2 GB RAM, a 64 bit kernel, and FireWire video or
audio applications.

We have at least four reports:
http://bugzilla.kernel.org/show_bug.cgi?id=13808
http://marc.info/?l=linux1394-user&m=126154279004083
https://bugzilla.redhat.com/show_bug.cgi?id=552142
http://marc.info/?l=linux1394-user&m=126432246128386

Reported-by: Paul Johnson
Reported-by: Ronneil Camara
Reported-by: G Zornetzer
Reported-by: Mark Thompson
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/i915: Selectively enable self-reclaim
Chris Wilson [Wed, 27 Jan 2010 13:36:32 +0000 (13:36 +0000)]
drm/i915: Selectively enable self-reclaim

commit 4bdadb9785696439c6e2b3efe34aa76df1149c83 upstream.

Having missed the ENOMEM return via i915_gem_fault(), there are probably
other paths that I also missed. By not enabling NORETRY by default these
paths can run the shrinker and take memory from the system (but not from
our own inactive lists because our shrinker can not run whilst we hold
the struct mutex) and this may allow the system to survive a little longer
whilst our drivers consume all available memory.

References:
  OOM killer unexpectedly called with kernel 2.6.32
  http://bugzilla.kernel.org/show_bug.cgi?id=14933

v2: Pass gfp into page mapping.
v3: Use new read_cache_page_gfp() instead of open-coding.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomm: add new 'read_cache_page_gfp()' helper function
Linus Torvalds [Wed, 27 Jan 2010 17:20:03 +0000 (09:20 -0800)]
mm: add new 'read_cache_page_gfp()' helper function

commit 0531b2aac59c2296570ac52bfc032ef2ace7d5e1 upstream.

It's a simplified 'read_cache_page()' which takes a page allocation
flag, so that different paths can control how aggressive the memory
allocations are that populate a address space.

In particular, the intel GPU object mapping code wants to be able to do
a certain amount of own internal memory management by automatically
shrinking the address space when memory starts getting tight.  This
allows it to dynamically use different memory allocation policies on a
per-allocation basis, rather than depend on the (static) address space
gfp policy.

The actual new function is a one-liner, but re-organizing the helper
functions to the point where you can do this with a single line of code
is what most of the patch is all about.

Tested-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomptsas: Fix issue with chain pools allocation on katmai
Anatolij Gustschin [Sat, 12 Dec 2009 13:52:21 +0000 (14:52 +0100)]
mptsas: Fix issue with chain pools allocation on katmai

commit f1053a7ca9ce095d95bcc1cf41684c5e4f3e7751 upstream.

Since commit 9d2e9d66a3f032667934144cd61c396ba49f090d
mptsas driver fails to allocate memory for the MPT chain buffers
for second LSI adapter on PPC440SPe Katmai platform:
...
ioc1: LSISAS1068E B3: Capabilities={Initiator}
mptbase: ioc1: ERROR - Unable to allocate Reply, Request, Chain Buffers!
mptbase: ioc1: ERROR - didn't initialize properly! (-3)
mptsas: probe of 0002:31:00.0 failed with error -3

This commit increased MPT_FC_CAN_QUEUE value but initChainBuffers()
doesn't differentiate between SAS and FC causing increased allocation
for SAS case, too. Later pci_alloc_consistent() fails to allocate
increased chain buffer pool size for SAS case.

Provide a fix by looking at the bus type and using appropriate
MPT_SAS_CAN_QUEUE value while calculation of the number of chain
buffers.

Signed-off-by: Anatolij Gustschin <agust@denx.de>
Acked-by: Kashyap Desai <kashyap.desai@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoscsi_lib: Fix bug in completion of bidi commands
Boaz Harrosh [Tue, 15 Dec 2009 15:25:43 +0000 (17:25 +0200)]
scsi_lib: Fix bug in completion of bidi commands

commit 63c43b0ec1765b74c734d465ba6345ef4f434df8 upstream.

Because of the terrible structuring of scsi-bidi-commands
it breaks some of the life time rules of a scsi-command.
It is now not allowed to free up the block-request before
cleanup and partial deallocation of the scsi-command. (Which
is not so for none bidi commands)

The right fix to this problem would be to make bidi command
a first citizen by allocating a scsi_sdb pointer at scsi command
just like cmd->prot_sdb. The bidi sdb should be allocated/deallocated
as part of the get/put_command (Again like the prot_sdb) and the
current decoupling of scsi_cmnd and blk-request should be kept.

For now make sure scsi_release_buffers() is called before the
call to blk_end_request_all() which might cause the suicide of
the block requests. At best the leak of bidi buffers, at worse
a crash, as there is a race between the existence of the bidi_request
and the free of the associated bidi_sdb.

The reason this was never hit before is because only OSD has the potential
of doing asynchronous bidi commands. (So does bsg but it is never used)
And OSD clients just happen to do all their bidi commands synchronously, up
until recently.

Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoLinux 2.6.32.7
Greg Kroah-Hartman [Thu, 28 Jan 2010 23:06:20 +0000 (15:06 -0800)]
Linux 2.6.32.7

14 years agox86, msr/cpuid: Pass the number of minors when unregistering MSR and CPUID drivers.
Russ Anderson [Wed, 27 Jan 2010 02:37:22 +0000 (20:37 -0600)]
x86, msr/cpuid: Pass the number of minors when unregistering MSR and CPUID drivers.

commit da482474b8396e1a099c37ffc6541b78775aedb4 upstream.

Pass the number of minors when unregistering MSR and CPUID drivers.

Reported-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Dean Nelson <dnelson@redhat.com>
LKML-Reference: <20100127023722.GA22305@sgi.com>
Signed-off-by: Russ Anderson <rja@sgi.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofnctl: f_modown should call write_lock_irqsave/restore
Greg Kroah-Hartman [Tue, 26 Jan 2010 23:04:02 +0000 (15:04 -0800)]
fnctl: f_modown should call write_lock_irqsave/restore

commit b04da8bfdfbbd79544cab2fadfdc12e87eb01600 upstream.

Commit 703625118069f9f8960d356676662d3db5a9d116 exposed that f_modown()
should call write_lock_irqsave instead of just write_lock_irq so that
because a caller could have a spinlock held and it would not be good to
renable interrupts.

Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Tavis Ormandy <taviso@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoiwlwifi: Fix throughput stall issue in HT mode for 5000
Wey-Yi Guy [Tue, 26 Jan 2010 20:00:43 +0000 (12:00 -0800)]
iwlwifi: Fix throughput stall issue in HT mode for 5000

commit 1152dcc28c66a74b5b3f1a3ede0aa6729bfd48e4 upstream

Similar to 6000 and 1000 series, RTS/CTS is the recommended protection
mechanism for 5000 series in HT mode based on the HW design.

Using RTS/CTS will better protect the inner exchange from interference,
especially in highly-congested environment, it also prevent uCode encounter
TX FIFO underrun and other HT mode related performance issues.

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: enable C2 and Turbo-mode on Nehalem notebooks on A/C
Len Brown [Tue, 26 Jan 2010 21:15:28 +0000 (16:15 -0500)]
ACPI: enable C2 and Turbo-mode on Nehalem notebooks on A/C

upstream in 2.6.33-rc:  5d76b6f6c17572e662f5c99c2023adae92100855

Refreshed here for 2.6.32.y, applies w/ offset back to 2.6.29.y.

Linux has always ignored ACPI BIOS C2 with exit latency > 100 usec,
and the ACPI spec is clear that is correct FADT-supplied C2.

However, the ACPI spec explicitly states that _CST-supplied C-states
have no latency limits.

So move the 100usec C2 test out of the code shared
by FADT and _CST code-paths, and into the FADT-specific path.

This bug has not been visible until Nehalem, which advertises
a CPU-C2 worst case exit latency on servers of 205usec.
That (incorrect) figure is being used by BIOS writers
on mobile Nehalem systems for the AC configuration.
Thus, Linux ignores C2 leaving just C1, which is
saves less power, and also impacts performance
by preventing the use of turbo mode.

http://bugzilla.kernel.org/show_bug.cgi?id=15064

Tested-by: Alex Chiang <achiang@hp.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Reenable TSC sync check at boot, even with NONSTOP_TSC
Pallipadi, Venkatesh [Thu, 17 Dec 2009 20:27:02 +0000 (12:27 -0800)]
x86: Reenable TSC sync check at boot, even with NONSTOP_TSC

commit 6c56ccecf05fafe100ab4ea94f6fccbf5ff00db7 upstream.

Commit 83ce4009 did the following change
If the TSC is constant and non-stop, also set it reliable.

But, there seems to be few systems that will end up with TSC warp across
sockets, depending on how the cpus come out of reset. Skipping TSC sync
test on such systems may result in time inconsistency later.

So, reenable TSC sync test even on constant and non-stop TSC systems.
Set, sched_clock_stable to 1 by default and reset it in
mark_tsc_unstable, if TSC sync fails.

This change still gives perf benefit mentioned in 83ce4009 for systems
where TSC is reliable.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Acked-by: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <20091217202702.GA18015@linux-os.sc.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoIPoIB: Clear ipoib_neigh.dgid in ipoib_neigh_alloc()
David J. Wilder [Wed, 9 Dec 2009 18:03:00 +0000 (10:03 -0800)]
IPoIB: Clear ipoib_neigh.dgid in ipoib_neigh_alloc()

commit 0cd4d0fd9b0a4e10c091fc6316d1bf92885dcd9c upstream.

IPoIB can miss a change in destination GID under some conditions.  The
problem is caused when ipoib_neigh->dgid contains a stale address.
The fix is to set ipoib_neigh->dgid to zero in ipoib_neigh_alloc().

This can happen when a system using bonding on its IPoIB interfaces
has switched its active interface from interface A to B and back to A.
The system that fails over will not correctly processes the 2nd
address change, as described below.

When an address has changed neighbor->ha is updated with the new
address.  Each neighbor has an associated ipoib_neigh.
ipoib_neigh->dgid also holds a copy of the remote node's hardware
address.  When an address changes neighbor->ha is updated by the
network layer (arp code) with the new address.  IPoIB detects this
change in ipoib_start_xmit() by comparing neighbor->ha with
ipoib_neigh->dgid.  The bug is that ipoib_neigh->dgid may already
contain the new address (A) thus the change from B to A is missed by
ipoib.  Here is the sequence of events:

    ipoib_neigh->dgid = A  and  neighbor->ha = A

The address is switched to B (the first switch)

    neighbor->ha = B

The change is seen in ipoib_start_xmit() -- neighbor->ha !=
ipoib_neigh->dgid so ipoib_neigh is released, and a new one is
allocated.

The allocator may return the same chunk of memory that was just
released, therefore ipoib_neigh->dgid still contains A at this point.

ipoib_neigh->dgid should be updated in neigh_add_path(), but if the
following conditions are true dgid is not updated:

        1) __path_find() returns a path
        2) path->ah is NULL

The remote system now switches from address B to A, neighbor->ha is
updated to A.

Now we have again : ipoib_neigh->dgid = A  and  neighbor->ha = A

Since the addresses are the same ipoib won't process the change in
address.  Fix this by zeroing out the dgid field when allocating a new
struct ipoib_neigh.

Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: only clear irq_source_id if irqchip is present
Marcelo Tosatti [Thu, 29 Oct 2009 15:44:17 +0000 (13:44 -0200)]
KVM: only clear irq_source_id if irqchip is present

commit e50212bb51356f0df48d6cce0aae5acf41df336d upstream.

Otherwise kvm might attempt to dereference a NULL pointer.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: fix lock imbalance in kvm_*_irq_source_id()
Jiri Slaby [Fri, 25 Sep 2009 07:33:38 +0000 (09:33 +0200)]
KVM: fix lock imbalance in kvm_*_irq_source_id()

commit 0c6ddcebd8303ada6faefa6f72ac18b6230320c4 upstream.

Stanse found 2 lock imbalances in kvm_request_irq_source_id and
kvm_free_irq_source_id. They omit to unlock kvm->irq_lock on fail paths.

Fix that by adding unlock labels at the end of the functions and jump
there from the fail paths.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86: Fix leak of free lapic date in kvm_arch_vcpu_init()
Wei Yongjun [Fri, 22 Jan 2010 06:21:29 +0000 (14:21 +0800)]
KVM: x86: Fix leak of free lapic date in kvm_arch_vcpu_init()

commit 443c39bc9ef7d8f648408d74c97e943f3bb3f48a upstream.

In function kvm_arch_vcpu_init(), if the memory malloc for
vcpu->arch.mce_banks is fail, it does not free the memory
of lapic date. This patch fixed it.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86: Fix probable memory leak of vcpu->arch.mce_banks
Wei Yongjun [Fri, 22 Jan 2010 06:18:47 +0000 (14:18 +0800)]
KVM: x86: Fix probable memory leak of vcpu->arch.mce_banks

commit 36cb93fd6b6bf7e9163a69a8bf20207aed5fea44 upstream.

vcpu->arch.mce_banks is malloc in kvm_arch_vcpu_init(), but
never free in any place, this may cause memory leak. So this
patch fixed to free it in kvm_arch_vcpu_uninit().

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86: Fix host_mapping_level()
Sheng Yang [Tue, 5 Jan 2010 11:02:28 +0000 (19:02 +0800)]
KVM: x86: Fix host_mapping_level()

commit 82b7005f0e72d8d1a8226e4c192cbb0850d10b3f upstream.

When found a error hva, should not return PAGE_SIZE but the level...

Also clean up the coding style of the following loop.

Signed-off-by: Sheng Yang <sheng@linux.intel.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: MMU: bail out pagewalk on kvm_read_guest error
Marcelo Tosatti [Thu, 14 Jan 2010 19:41:27 +0000 (17:41 -0200)]
KVM: MMU: bail out pagewalk on kvm_read_guest error

commit a6085fbaf65ab09bfb5ec8d902d6d21680fe1895 upstream.

Exit the guest pagetable walk loop if reading gpte failed. Otherwise its
possible to enter an endless loop processing the previous present pte.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: Fix race between APIC TMR and IRR
Avi Kivity [Tue, 29 Dec 2009 10:42:16 +0000 (12:42 +0200)]
KVM: Fix race between APIC TMR and IRR

commit a5d36f82c4f3e852b61fdf1fee13463c8aa91b90 upstream.

When we queue an interrupt to the local apic, we set the IRR before the TMR.
The vcpu can pick up the IRR and inject the interrupt before setting the TMR,
and perhaps even EOI it, causing incorrect behaviour.

The race is really insignificant since it can only occur on the first
interrupt (usually following interrupts will not change TMR), but it's better
closed than open.

Fixed by reordering setting the TMR vs IRR.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: only allow one gsi per fd
Michael S. Tsirkin [Wed, 13 Jan 2010 16:58:09 +0000 (18:58 +0200)]
KVM: only allow one gsi per fd

commit f1d1c309f35e9b0fb961cffd70fbd04f450ec47c upstream.

Looks like repeatedly binding same fd to multiple gsi's with irqfd can
use up a ton of kernel memory for irqfd structures.

A simple fix is to allow each fd to only trigger one gsi: triggering a
storm of interrupts in guest is likely useless anyway, and we can do it
by binding a single gsi to many interrupts if we really want to.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Acked-by: Gregory Haskins <ghaskins@novell.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: S390: fix potential array overrun in intercept handling
Christian Borntraeger [Thu, 21 Jan 2010 11:19:07 +0000 (12:19 +0100)]
KVM: S390: fix potential array overrun in intercept handling

commit 062d5e9b0d714f449b261bb522eadaaf6f00f438 upstream.

kvm_handle_sie_intercept uses a jump table to get the intercept handler
for a SIE intercept. Static code analysis revealed a potential problem:
the intercept_funcs jump table was defined to contain (0x48 >> 2) entries,
but we only checked for code > 0x48 which would cause an off-by-one
array overflow if code == 0x48.

Use the compiler and ARRAY_SIZE to automatically set the limits.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agocfg80211: fix channel setting for wext
Abhijeet Kolekar [Wed, 13 Jan 2010 21:23:14 +0000 (13:23 -0800)]
cfg80211: fix channel setting for wext

commit 5f6120335c701ba07d5151206071f4d6ccaa684f upstream.

Patch fixes the bug at
http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2139

Currently we cannot set the channel using wext extension
if we have already associated and disconnected. As
cfg80211_mgd_wext_siwfreq will not switch the channel if ssid is set.
This fixes it by clearing the ssid.
Following is the sequence which it tries to fix.
modprobe iwlagn
iwconfig wlan0 essid ""
ifconfig wlan0 down
iwconfig wlan0 chan X

wext is marked as deprecate.If we use nl80211 we can easily play with
setting the channel.

Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com>
Acked-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: check that ieee80211_set_power_mgmt only handles STA interfaces.
Benoit Papillault [Fri, 15 Jan 2010 11:21:37 +0000 (12:21 +0100)]
mac80211: check that ieee80211_set_power_mgmt only handles STA interfaces.

commit e5de30c9bf4a39db9f54c4a373470ce65881ade0 upstream.

ieee80211_set_power_mgmt is meant for STA interfaces only. Moreover,
since sdata->u.mgd.mtx is only initialized for STA interfaces, using
this code for any other type of interface (like creating a monitor
interface) will result in a oops.

Signed-off-by: Benoit Papillault <benoit.papillault@free.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoASoC: fix a memory-leak in wm8903
Guennadi Liakhovetski [Fri, 22 Jan 2010 17:00:03 +0000 (18:00 +0100)]
ASoC: fix a memory-leak in wm8903

commit 40aa7030e5213a43e9e0554fd7f95534ea310bf3 upstream.

Remember to free the temporary register-cache.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUBI: initialise update marker
Peter Horton [Tue, 5 Jan 2010 11:14:36 +0000 (11:14 +0000)]
UBI: initialise update marker

commit ff998793288b49a3b22d929bf8e56362320905ff upstream.

The in kernel copy of a volume's update marker is not initialised from the
volume table. This means that volumes where an update was unfinnished will
not be treated as "forbidden to use". This is basically that the update
functionality was broken.

Signed-off-by: Peter Horton <zero@colonel-panic.org>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUBI: fix memory leak in update path
Artem Bityutskiy [Mon, 18 Jan 2010 14:43:44 +0000 (16:43 +0200)]
UBI: fix memory leak in update path

commit ebddd63b74dcf1cb676d14328d5852f1fee19a8a upstream.

When truncating an UBI volume, UBI should allocates a PEB-sized
buffer but does not release it, which leads to memory leaks.
This patch fixes the issue.

Reported-by: Marek Skuczynski <mareksk7@gmail.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Tested-by: Marek Skuczynski <mareksk7@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agohwmon: (fschmd) Fix a memleak on multiple opens of /dev/watchdog
Hans de Goede [Mon, 25 Jan 2010 14:00:50 +0000 (15:00 +0100)]
hwmon: (fschmd) Fix a memleak on multiple opens of /dev/watchdog

commit c453615f77aa51593c1c9c9031b4278797d3fd19 upstream.

When /dev/watchdog gets opened a second time we return -EBUSY, but
we already have got a kref then, so we end up leaking our data struct.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Fix HP T5735 automute
Takashi Iwai [Wed, 20 Jan 2010 07:35:06 +0000 (08:35 +0100)]
ALSA: hda - Fix HP T5735 automute

commit dc99be47667c56046555e89e62f1ac17fa06329a upstream.

This patch fixes the aut-mute setup on HP T5735 with ALC262 codec.
Instead of wrong amp, use pin control toggling for muting the speaker now.

Tested-by: Lee Trager <lee.trager@hp.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoipc ns: fix memory leak (idr)
Serge E. Hallyn [Wed, 16 Dec 2009 00:47:27 +0000 (16:47 -0800)]
ipc ns: fix memory leak (idr)

commit 7d6feeb287c61aafa88f06345387b1188edf4b86 upstream.

We have apparently had a memory leak since
7ca7e564e049d8b350ec9d958ff25eaa24226352 "ipc: store ipcs into IDRs" in
2007.  The idr of which 3 exist for each ipc namespace is never freed.

This patch simply frees them when the ipcns is freed.  I don't believe any
idr_remove() are done from rcu (and could therefore be delayed until after
this idr_destroy()), so the patch should be safe.  Some quick testing
showed no harm, and the memory leak fixed.

Caught by kmemleak.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetiucv: displayed TX bytes value much too high
Ursula Braun [Thu, 12 Nov 2009 21:46:30 +0000 (21:46 +0000)]
netiucv: displayed TX bytes value much too high

commit 998221c26b86a7edd621e66b437628c5ec0f8e9b upstream.

tx_bytes value must be updated by skb length before skb is freed.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: John Jolly <jjolly@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agocio: dont panic in non-fatal conditions
Peter Oberparleiter [Mon, 7 Dec 2009 11:51:24 +0000 (12:51 +0100)]
cio: dont panic in non-fatal conditions

commit 16b9a0571da4ee5cd15ca75e871722b0b5aee64d upstream.

Remove the call to BUG() for situations which are unexpected
but do not cause actual problems.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agocio: fix double free in case of probe failure
Peter Oberparleiter [Mon, 7 Dec 2009 11:51:15 +0000 (12:51 +0100)]
cio: fix double free in case of probe failure

commit 48e4c385c5f54626651cca027afe242439281899 upstream.

io_subchannel_probe() frees memory for sch->private which is later
freed again when io_subchannel_remove() is called. Fix this problem
by removing the cleanup in io_subchannel_probe().

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoV4L/DVB (13826): uvcvideo: Fix controls blacklisting
Laurent Pinchart [Thu, 10 Dec 2009 01:31:21 +0000 (22:31 -0300)]
V4L/DVB (13826): uvcvideo: Fix controls blacklisting

commit 385097e08b9c24655626ed760bc67eb7e50115a0 upstream.

The control blacklisting code erroneously used usb_match_id() by passing
a pointer to a usb_device_id structure instead of an array of such
structures.

Replace the usb_match_id() call by usb_match_id_one().

Thanks to Paulo Assis for diagnosing the bug and providing an initial
fix.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomd: fix small irregularity with start_ro module parameter
NeilBrown [Wed, 30 Dec 2009 01:08:50 +0000 (12:08 +1100)]
md: fix small irregularity with start_ro module parameter

commit 0f9552b5dc4fe10da37fa3f4a4ca185d90fa41c9 upstream.

The start_ro modules parameter can be used to force arrays to be
started in 'auto-readonly' in which they are read-only until the first
write.  This ensures that no resync/recovery happens until something
else writes to the device.  This is important for resume-from-disk
off an md array.

However if an array is started 'readonly' (by writing 'readonly' to
the 'array_state' sysfs attribute) we want it to be really 'readonly',
not 'auto-readonly'.

So strengthen the condition to only set auto-readonly if the
array is not already read-only.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoata_piix: fix MWDMA handling on PIIX3
Bartlomiej Zolnierkiewicz [Thu, 3 Dec 2009 19:32:08 +0000 (20:32 +0100)]
ata_piix: fix MWDMA handling on PIIX3

commit 6938594374ee506e91a4c03117a034ea0ed66783 upstream.

Fix erroneous check for ap->udma_mask in do_pata_set_dmamode()
resulting in controller not being programmed properly for MWDMA.

Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoahci: disable SNotification capability for ich8
Shaohua Li [Mon, 16 Nov 2009 01:56:05 +0000 (09:56 +0800)]
ahci: disable SNotification capability for ich8

commit 1b677afda44f7882b7e257d6f025d006ec5d14f9 upstream.

I obseved there is a sata_async_notification() for every ahci
interrupt. But the async notification does nothing (this is hard
disk drive and no pmp). This cause cpu wastes some time on sntf
register access.

It appears ICH AHCI doesn't support SNotification register, but the
controller reports it does. After quirking it, the async notification
disappears.

PS. it appears all ICH don't support SNotification register from ICH
manual, don't know if we need quirk all ICH. I don't have machines
with all kinds of ICH.

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiTCO_wdt: Add Intel Cougar Point and PCH DeviceIDs
Seth Heasley [Thu, 14 Jan 2010 20:58:05 +0000 (20:58 +0000)]
iTCO_wdt: Add Intel Cougar Point and PCH DeviceIDs

commit 3c9d8eccd8687f0e770e4d89fd0d73d4f81a985a upstream.

This patch adds the Intel Cougar Point and PCH DeviceIDs for iTCO Watchdog.

Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiTCO_wdt: add PCI ID for the Intel EP80579 (Tolapai) SoC
Imre Kaloz [Mon, 7 Dec 2009 19:42:26 +0000 (20:42 +0100)]
iTCO_wdt: add PCI ID for the Intel EP80579 (Tolapai) SoC

commit 4946f8353da9d3038e2a9d0295d5dfeee4cee5c5 upstream.

add PCI ID for the Intel EP80579 (Tolapai) SoC

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiTCO_wdt.c - cleanup chipset documentation
Wim Van Sebroeck [Sun, 15 Nov 2009 13:44:54 +0000 (13:44 +0000)]
iTCO_wdt.c - cleanup chipset documentation

commit cb711a1931363b8ad4dc98df4a92c262ced8eeb4 upstream.

Cleanup the documentation about the supported chipsets.

[needed for further device ids to add to this driver - gkh]

Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Add missing Line-Out and PCM switches as slave
Takashi Iwai [Tue, 8 Dec 2009 11:36:52 +0000 (12:36 +0100)]
ALSA: hda - Add missing Line-Out and PCM switches as slave

commit 23033b2bce4361f2859ee0331f97c9056dae7091 upstream.

Realtek codecs may have "PCM" and "Line-Out" playback switches, and
they can be slaves for vmaster.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Fix quirk for Maxdata obook4-1
Takashi Iwai [Fri, 18 Dec 2009 07:48:42 +0000 (08:48 +0100)]
ALSA: hda - Fix quirk for Maxdata obook4-1

commit 2fef62c825f09e29d2f52dc187ddf6f99e28c7f1 upstream.

Works fine with the auto-parser.

Reference: Novell bnc#564940
https://bugzilla.novell.com/show_bug.cgi?id=564940

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>