firefly-linux-kernel-4.4.55.git
14 years agodrm/i915: fix get_core_clock_speed for G33 class desktop chips
Daniel Vetter [Tue, 3 Nov 2009 09:03:34 +0000 (09:03 +0000)]
drm/i915: fix get_core_clock_speed for G33 class desktop chips

commit 43bcd61fae05fc6062b4f117c5adb1a72c9f8c57 upstream.

Somehow the case for G33 got dropped while porting from ums code.
This made a 400MHz chip into a 133MHz one which resulted in the
unnecessary enabling of double wide pipe mode which in turn
screwed up the overlay code.

Nothing else (than the overlay code) seems to be affected.

This fixes fdo.org bug #24835

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agortc-core: fix memory leak
Aaro Koskinen [Fri, 5 Mar 2010 21:44:24 +0000 (13:44 -0800)]
rtc-core: fix memory leak

commit 2a7a06a0cdd86d572e91657603180da5992be6d3 upstream.

The idr should be destroyed when the module is unloaded. Found with
kmemleak.

Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSCSI: qla2xxx: Obtain proper host structure during response-queue processing.
Anirban Chakraborty [Thu, 4 Feb 2010 22:17:59 +0000 (14:17 -0800)]
SCSI: qla2xxx: Obtain proper host structure during response-queue processing.

commit a67093d46e3caed1a42d694a7de452b61db30562 upstream.

Original code incorrectly assumed only status-type-0
IOCBs would be queued to the response-queue, and thus all
entries would safely reference a VHA from the IOCB
'handle.'

Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/radeon: r6xx/r7xx possible security issue, system ram access
Jerome Glisse [Sun, 14 Feb 2010 19:33:18 +0000 (19:33 +0000)]
drm/radeon: r6xx/r7xx possible security issue, system ram access

commit c8c15ff1e90bfc4a2db1ba77a01b3b2783e723fc upstream

This patch workaround a possible security issue which can allow
user to abuse drm on r6xx/r7xx hw to access any system ram memory.
This patch doesn't break userspace, it detect "valid" old use of
CB_COLOR[0-7]_FRAG & CB_COLOR[0-7]_TILE registers and overwritte
the address these registers are pointing to with the one of the
last color buffer. This workaround will work for old mesa &
xf86-video-ati and any old user which did use similar register
programming pattern as those (we expect that there is no others
user of those ioctl except possibly a malicious one). This patch
add a warning if it detects such usage, warning encourage people
to update their mesa & xf86-video-ati. New userspace will submit
proper relocation.

Fix for xf86-video-ati / mesa (this kernel patch is enough to
prevent abuse, fix for userspace are to set proper cs stream and
avoid kernel warning) :
http://cgit.freedesktop.org/xorg/driver/xf86-video-ati/commit/?id=95d63e408cc88b6934bec84a0b1ef94dfe8bee7b
http://cgit.freedesktop.org/mesa/mesa/commit/?id=46dc6fd3ed5ef96cda53641a97bc68c3bc104a9f

Abusing this register to perform system ram memory is not easy,
here is outline on how it could be achieve. First attacker must
have access to the drm device and be able to submit command stream
throught cs ioctl. Then attacker must build a proper command stream
for r6xx/r7xx hw which will abuse the FRAG or TILE buffer to
overwrite the GPU GART which is in VRAM. To achieve so attacker
as to setup CB_COLOR[0-7]_FRAG or CB_COLOR[0-7]_TILE to point
to the GPU GART, then it has to find a way to write predictable
value into those buffer (with little cleverness i believe this
can be done but this is an hard task). Once attacker have such
program it can overwritte GPU GART to program GPU gart to point
anywhere in system memory. It then can reusse same method as he
used to reprogram GART to overwritte the system ram through the
GART mapping. In the process the attacker has to be carefull to
not overwritte any sensitive area of the GART table, like ring
or IB gart entry as it will more then likely lead to GPU lockup.
Bottom line is that i think it's very hard to use this flaw
to get system ram access but in theory one can achieve so.

Side note: I am not aware of anyone ever using the GPU as an
attack vector, nevertheless we take great care in the opensource
driver to try to detect and forbid malicious use of GPU. I don't
think the closed source driver are as cautious as we are.

[bwh: Adjusted context for 2.6.32]
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/radeon/kms: r600/r700 don't test ib if ib initialization fails
Jerome Glisse [Sun, 14 Feb 2010 19:31:58 +0000 (19:31 +0000)]
drm/radeon/kms: r600/r700 don't test ib if ib initialization fails

commit db96380ea26fcc31ab37189aedeabd12894b1431 upstream

If ib initialization failed don't try to test ib as it will result
in an oops (accessing NULL ib buffer ptr).

[bwh: Adjusted context for 2.6.32]
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/radeon/kms: Forbid creation of framebuffer with no valid GEM object
Jerome Glisse [Sun, 17 Jan 2010 20:21:41 +0000 (21:21 +0100)]
drm/radeon/kms: Forbid creation of framebuffer with no valid GEM object

commit 7e71c9e2e7704ebf044d4a964e02fbd2098a173f upstream.

This will avoid oops if at later point the fb is use. Trying to create
a framebuffer with no valid GEM object is bogus and should be forbidden
as this patch does.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosky2: fix transmit DMA map leakage
stephen hemminger [Mon, 1 Feb 2010 13:41:47 +0000 (13:41 +0000)]
sky2: fix transmit DMA map leakage

[ Upstream commit f6815077e75c5b7f55b56fc3788e328514d4e72a ]

The book keeping structure for transmit always had the flags value
cleared so transmit DMA maps were never released correctly.
Based on patch by Jarek Poplawski, problem observed by Michael Breuer.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrivers/net: ks8851_mll ethernet network driver
Choi, David [Wed, 27 Jan 2010 06:03:16 +0000 (06:03 +0000)]
drivers/net: ks8851_mll ethernet network driver

[ Upstream commit aeedba8bd2cf2f6f7b45bc7853754a03bc926797 ]

Hello David Miller,

I fix a bug in ks8851_mll driver, which has existed since 2.6.32-rc6.

>From : David J. Choi <david.choi@micrel.com>

Fix a bug that the data pointers in the interrupt handler are set wrong, which is related with the 5th parameter of request_irq().

Signed-off-by: David J. Choi <david.choi@micrel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoipv6: conntrack: Add member of user to nf_ct_frag6_queue structure
Shan Wei [Tue, 26 Jan 2010 02:40:38 +0000 (02:40 +0000)]
ipv6: conntrack: Add member of user to nf_ct_frag6_queue structure

[ Upstream commit c92b544bd5d8e7ed7d81c77bbecab6df2a95aa53 ]

The commit 0b5ccb2(title:ipv6: reassembly: use seperate reassembly queues for
conntrack and local delivery) has broken the saddr&&daddr member of
nf_ct_frag6_queue when creating new queue.  And then hash value
generated by nf_hashfn() was not equal with that generated by fq_find().
So, a new received fragment can't be inserted to right queue.

The patch fixes the bug with adding member of user to nf_ct_frag6_queue structure.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoinet: Remove bogus IGMPv3 report handling
Herbert Xu [Sun, 7 Feb 2010 17:26:30 +0000 (17:26 +0000)]
inet: Remove bogus IGMPv3 report handling

[ Upstream commit c6b471e6454c0e1c6d756672841cbaeae7c949f8 ]

Currently we treat IGMPv3 reports as if it were an IGMPv2/v1 report.
This is broken as IGMPv3 reports are formatted differently.  So we
end up suppressing a bogus multicast group (which should be harmless
as long as the leading reserved field is zero).

In fact, IGMPv3 does not allow membership report suppression so
we should simply ignore IGMPv3 membership reports as a host.

This patch does exactly that.  I kept the case statement for it
so people won't accidentally add it back thinking that we overlooked
this case.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonet: bug fix for vlan + gro issue
Ajit Khaparde [Mon, 22 Feb 2010 02:43:37 +0000 (18:43 -0800)]
net: bug fix for vlan + gro issue

[ Upstream commit e76b69cc0133952c98aa1ad6330cacacd269fd64 ]

Traffic (tcp) doesnot start on a vlan interface when gro is enabled.
Even the tcp handshake was not taking place.
This is because, the eth_type_trans call before the netif_receive_skb
in napi_gro_finish() resets the skb->dev to napi->dev from the previously
set vlan netdev interface. This causes the ip_route_input to drop the
incoming packet considering it as a packet coming from a martian source.

I could repro this on 2.6.32.7 (stable) and 2.6.33-rc7.
With this fix, the traffic starts and the test runs fine on both vlan
and non-vlan interfaces.

CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: Ajit Khaparde <ajitk@serverengines.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonet-sysfs: Use rtnl_trylock in wireless sysfs methods.
Eric W. Biederman [Fri, 19 Feb 2010 13:23:47 +0000 (13:23 +0000)]
net-sysfs: Use rtnl_trylock in wireless sysfs methods.

[ Upstream commit b8afe6416101549e877f8470f2a160df69676166 ]

The wireless sysfs methods like the rest of the networking sysfs
methods are removed with the rtnl_lock held and block until
the existing methods stop executing.  So use rtnl_trylock
and restart_syscall so that the code continues to work.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonet: Fix sysctl restarts...
Eric W. Biederman [Fri, 19 Feb 2010 13:22:59 +0000 (13:22 +0000)]
net: Fix sysctl restarts...

[ Upstream commit 88af182e389097997c5e2a0b42285b3522796759 ]

Yuck.  It turns out that when we restart sysctls we were restarting
with the values already changed.  Which unfortunately meant that
the second time through we thought there was no change and skipped
all kinds of work, despite the fact that there was indeed a change.

I have fixed this the simplest way possible by restoring the changed
values when we restart the sysctl write.

One of my coworkers spotted this bug when after disabling forwarding
on an interface pings were still forwarded.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosparc64: Fix sun4u execute bit check in TSB I-TLB load.
David S. Miller [Fri, 19 Feb 2010 23:19:52 +0000 (15:19 -0800)]
sparc64: Fix sun4u execute bit check in TSB I-TLB load.

[ Upstream commit 1f474646fdc36b457606bbcd6a3592e6cbd31ac4 ]

Thanks to testcase and report from Brad Spengler:

--------------------
#include <stdio.h>

typedef int (* _wee)(void);

int main(void)
{
        char buf[8] = { '\x81', '\xc7', '\xe0', '\x08', '\x81', '\xe8',
                        '\x00', '\x00' };
        _wee wee;
        printf("%p\n", &buf);
        wee = (_wee)&buf;
        wee();

        return 0;
}
--------------------

TSB I-tlb load code tries to use andcc to check the _PAGE_EXEC_4U bit,
but that's bit 12 so it gets sign extended all the way up to bit 63
and the test nearly always passes as a result.

Use sethi to fix the bug.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosparc: leds_resource.end assigned to itself in clock_board_probe()
Roel Kluin [Fri, 15 Jan 2010 09:27:49 +0000 (01:27 -0800)]
sparc: leds_resource.end assigned to itself in clock_board_probe()

[ Upstream commit 093171465235a8482fbf08a9a2e365247e1f7dd5 ]

It should be a 1 byte region.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosparc32: Fix struct stat uid/gid types.
David S. Miller [Mon, 22 Feb 2010 02:03:16 +0000 (18:03 -0800)]
sparc32: Fix struct stat uid/gid types.

[ Upstream commit 2531be413b3f2f64c0282073de89fe52bbcbbab5 ]

Commit 085219f79cad89291699bd2bfb21c9fdabafe65f
("sparc32: use proper types in struct stat")

Accidently changed the struct stat uid/gid members
to uid_t and gid_t, but those get set to
__kernel_uid32_t and __kernel_gid32_t respectively.
Those are of type 'int' but the structure is meant
to have 'short'.  So use uid16_t and gid16_t to
correct this.

Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosparc32: Fix page_to_phys().
David S. Miller [Thu, 14 Jan 2010 11:14:53 +0000 (03:14 -0800)]
sparc32: Fix page_to_phys().

[ Upstream commit 8654164f54bd02787ae91db8526dcae8e7e34eeb ]

It doesn't account for phys_base like it should, fix by using
page_to_pfn().

While we're here, make virt_to_page() use pfn_to_page() as well, so we
consistently use the asm/memory-model.h abstractions instead of
open-coding memory model assumptions.

Tested-by: Kristoffer Glembo <kristoffer@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosparc: Align clone and signal stacks to 16 bytes.
David S. Miller [Mon, 22 Feb 2010 03:14:37 +0000 (19:14 -0800)]
sparc: Align clone and signal stacks to 16 bytes.

[ Upstream commits f036d9f3985a529a81e582f68aa984eb7b20d54d
  and 440ab7ac2d6b735fb278a1ff1674f6716314c6bb ]

This is mandatory for 64-bit processes, and doing it also for 32-bit
processes saves a conditional in the compat case.

This fixes the glibc/nptl/tst-stdio1 test case, as well
as many others, on 64-bit.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSwitch proc/self to nd_set_link()
Al Viro [Thu, 14 Jan 2010 06:03:28 +0000 (01:03 -0500)]
Switch proc/self to nd_set_link()

commit 7fee4868be91e71a3ee8e57289ebf5e10a12297e upstream.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoidr: fix a critical misallocation bug, take#2
Tejun Heo [Mon, 22 Feb 2010 20:44:19 +0000 (12:44 -0800)]
idr: fix a critical misallocation bug, take#2

commit d2e7276b6b5e4bc2148891a056d5862c5314342d upstream.

This is retry of reverted 859ddf09743a8cc680af33f7259ccd0fd36bfe9d
("idr: fix a critical misallocation bug") which contained two bugs.

* pa[idp->layers] should be cleared even if it's not used by
  sub_alloc() because it's used by mark idr_mark_full().

* The original condition check also assigned pa[l] to p which the new
  code didn't do thus leaving p pointing at the wrong layer.

Both problems have been fixed and the idr code has received good amount
testing using userland testing setup where simple bitmap allocator is
run parallel to verify the result of idr allocation.

The bug this patch fixes is caused by sub_alloc() optimization path
bypassing out-of-room condition check and restarting allocation loop
with starting value higher than maximum allowed value.  For detailed
description, please read commit message of 859ddf09.

Signed-off-by: Tejun Heo <tj@kernel.org>
Based-on-patch-from: Eric Paris <eparis@redhat.com>
Reported-by: Eric Paris <eparis@redhat.com>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Tested-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoairo: fix setting zero length WEP key
Stanislaw Gruszka [Tue, 2 Feb 2010 14:34:50 +0000 (15:34 +0100)]
airo: fix setting zero length WEP key

commit f09c256375c7cf1e112b8ef6306cdd313490d7c0 upstream.

Patch prevents call set_wep_key() with zero key length. That fix long
standing regression since commit c0380693520b1a1e4f756799a0edc379378b462a
"airo: clean up WEP key operations". Additionally print call trace when
someone will try to use improper parameters, and remove key.len = 0
assignment, because it is in not possible code path.

Reported-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
Bisected-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
Tested-by: Chris Siebenmann <cks@cs.toronto.edu>
Cc: Dan Williams <dcbw@redhat.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoHID: usbhid: introduce timeout for stuck ctrl/out URBs
Oliver Neukum [Fri, 12 Feb 2010 12:02:28 +0000 (13:02 +0100)]
HID: usbhid: introduce timeout for stuck ctrl/out URBs

commit 858155fbcc0cd713f6382c527bb1c3abc0ed6d00 upstream.

Some devices do not react to a control request (seen on APC UPS's) resulting in
a slow stream of messages, "generic-usb ... control queue full".  Therefore
request needs a timeout.

Signed-off-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: David Fries <david@fries.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoHID: add multi-input quirk for NextWindow Touchscreen.
Peter Hutterer [Thu, 3 Dec 2009 05:08:10 +0000 (15:08 +1000)]
HID: add multi-input quirk for NextWindow Touchscreen.

commit 9db630b48a99adb4156e205b812fba8959644280 upstream.

These touchscreens are mounted onto HP TouchSmart and the Dell Studio One
19. Without a quirk they report a wrong button set and the x/y coordinates
through ABS_Z/ABS_RX, confusing the higher levels (most notably X.Org's
evdev driver).

Device id 0x003 covers models 1900, 2150, and 2700 [1] though testing could
only be performed on a model 1900.

[1] http://www.nextwindow.com/nextwindow_support/latest_tech_info.html

Signed-off-by: Peter Hutterer <peter.hutterer@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Cc: maximilian attems <max@stro.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoHID: remove TENX iBuddy from blacklist
Jiri Kosina [Wed, 23 Dec 2009 13:13:46 +0000 (14:13 +0100)]
HID: remove TENX iBuddy from blacklist

commit 4bb9508bbbb06f10bc3e249dd34375b4a4d6bfc0 upstream.

There were multiple reports which indicate that vendor messed up horribly
and the same VID/PID combination is used for completely different devices,
some of them requiring the blacklist entry and other not.

Remove the blacklist entry for this combination of VID/PID completely, and let
the user decide and unbind the driver via sysfs eventually, if needed. Proper
fix would be fixing the vendor.

References:

http://lkml.org/lkml/2009/2/10/434
http://bugzilla.kernel.org/show_bug.cgi?id=13411

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoreadahead: introduce FMODE_RANDOM for POSIX_FADV_RANDOM
Wu Fengguang [Fri, 5 Mar 2010 21:42:03 +0000 (13:42 -0800)]
readahead: introduce FMODE_RANDOM for POSIX_FADV_RANDOM

commit 0141450f66c3c12a3aaa869748caa64241885cdf upstream.

This fixes inefficient page-by-page reads on POSIX_FADV_RANDOM.

POSIX_FADV_RANDOM used to set ra_pages=0, which leads to poor performance:
a 16K read will be carried out in 4 _sync_ 1-page reads.

In other places, ra_pages==0 means
- it's ramfs/tmpfs/hugetlbfs/sysfs/configfs
- some IO error happened
where multi-page read IO won't help or should be avoided.

POSIX_FADV_RANDOM actually want a different semantics: to disable the
*heuristic* readahead algorithm, and to use a dumb one which faithfully
submit read IO for whatever application requests.

So introduce a flag FMODE_RANDOM for POSIX_FADV_RANDOM.

Note that the random hint is not likely to help random reads performance
noticeably.  And it may be too permissive on huge request size (its IO
size is not limited by read_ahead_kb).

In Quentin's report (http://lkml.org/lkml/2009/12/24/145), the overall
(NFS read) performance of the application increased by 313%!

Tested-by: Quentin Barnes <qbarnes+nfs@yahoo-inc.com>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: <qbarnes+nfs@yahoo-inc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agovfs: take f_lock on modifying f_mode after open time
Wu Fengguang [Fri, 5 Mar 2010 21:42:01 +0000 (13:42 -0800)]
vfs: take f_lock on modifying f_mode after open time

commit 42e49608683ab25fbbbf9c40edb944601e543882 upstream.

We'll introduce FMODE_RANDOM which will be runtime modified.  So protect
all runtime modification to f_mode with f_lock to avoid races.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoV4L/DVB (13991): gspca_mr973010a: Fix cif type 1 cameras not streaming on UHCI contro...
Theodore Kilgore [Fri, 25 Dec 2009 08:15:10 +0000 (05:15 -0300)]
V4L/DVB (13991): gspca_mr973010a: Fix cif type 1 cameras not streaming on UHCI controllers

commit 70136081fc67ea77d849f86fa323e5773c8e40ea upstream.

If you read the mail to Oliver Neukum on the linux-usb list, then you know
that I found a cure for the mysterious problem that the MR97310a CIF "type
1" cameras have been freezing up and refusing to stream if hooked up to a
machine with a UHCI controller.

Namely, the cure is that if the camera is an mr97310a CIF type 1 camera, you
have to send it 0xa0, 0x00. Somehow, this is a timing reset command, or
such. It un-blocks whatever was previously stopping the CIF type 1 cameras
from working on the UHCI-based machines.

Signed-off-by: Theodore Kilgore <kilgota@auburn.edu>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: quit addba_resp_timer if Tx BA session is torn down
Zhu Yi [Mon, 28 Dec 2009 08:57:15 +0000 (16:57 +0800)]
mac80211: quit addba_resp_timer if Tx BA session is torn down

commit 3dc1de0bf23816ed557ac8addf680cd5ee57e805 upstream.

Make addba_resp_timer aware the HT_AGG_STATE_REQ_STOP_BA_MSK mask
so that when ___ieee80211_stop_tx_ba_session() is issued the timer
will quit. Otherwise when suspend happens before the timer expired,
the timer handler will be called immediately after resume and
messes up driver status.

Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoslab: initialize unused alien cache entry as NULL at alloc_alien_cache().
Haicheng Li [Wed, 6 Jan 2010 07:25:23 +0000 (15:25 +0800)]
slab: initialize unused alien cache entry as NULL at alloc_alien_cache().

commit f3186a9c51eabe75b2780153ed7f07778d78b16e upstream.

Comparing with existing code, it's a simpler way to use kzalloc_node()
to ensure that each unused alien cache entry is NULL.

CC: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Andi Kleen <ak@linux.intel.com>
Acked-by: Christoph Lameter <cl@linux-foundation.org>
Acked-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Haicheng Li <haicheng.li@linux.intel.com>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agompt2sas: Delete volume before HBA detach.
Kashyap, Desai [Wed, 16 Dec 2009 13:20:06 +0000 (18:50 +0530)]
mpt2sas: Delete volume before HBA detach.

commit d7384b28afb2bf2b7be835ddc8c852bdc5e0ce1c upstream.

The driver hangs when doing `rmmod mpt2sas` if there are any
IR volumes present.The hang is due the scsi midlayer trying to access the
IR volumes after the driver releases controller resources.  Perhaps when
scsi_remove_host is called,the scsi mid layer is sending some request.
This doesn't occur for bare drives becuase the driver is already reporting
those drives deleted prior to calling mpt2sas_base_detach.
To solve this issue, we need to delete the volumes as well.

Signed-off-by: Kashyap Desai <kashyap.desai@lsi.com>
Reviewed-by: Eric Moore <eric.moore@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: Be in TS_POLLING state during mwait based C-state entry
Pallipadi, Venkatesh [Wed, 10 Feb 2010 18:35:31 +0000 (10:35 -0800)]
ACPI: Be in TS_POLLING state during mwait based C-state entry

commit d306ebc28649b89877a22158fe0076f06cc46f60 upstream.

ACPI deep C-state entry had a long standing bug/missing feature, wherein we were sending
resched IPIs when an idle CPU is in mwait based deep C-state. Only mwait based C1 was using
the write to the monitored address to wake up mwait'ing CPU.

This patch changes the code to retain TS_POLLING bit if we are entering an mwait based
deep C-state.

The patch has been verified to reduce the number of resched IPIs in general and also
improves the performance/power on workloads with low system utilization (i.e., when mwait based
deep C-states are being used).

Fixes "netperf ~50% regression with 2.6.33-rc1, bisect to 1b9508f"
http://marc.info/?l=linux-kernel&m=126441481427331&w=4

Reported-by: Lin Ming <ming.m.lin@intel.com>
Tested-by: Alex Shi <alex.shi@intel.com>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI, i915: blacklist Clevo M5x0N bad_lid state
Zhang Rui [Tue, 16 Feb 2010 09:16:55 +0000 (04:16 -0500)]
ACPI, i915: blacklist Clevo M5x0N bad_lid state

commit 1379d2fef0ec07c7027a5e89036025ce761470c8 upstream.

Wrong Lid state reported.
Need to blacklist this machine for LVDS detection.

Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agothinkpad-acpi: wrong thermal attribute_group removed in thermal_exit()
Roel Kluin [Tue, 2 Feb 2010 22:37:58 +0000 (14:37 -0800)]
thinkpad-acpi: wrong thermal attribute_group removed in thermal_exit()

commit f04d5e012d73ea441bd39804ace39fd6d1ce5611 upstream.

sysfs_remove_group() removed the wrong attribute_group for
thermal_read_mode TPEC_8, ACPI_TMP07 and ACPI_UPDT

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Acked-by: Henrique de Moraes Holschuh <ibm-acpi@hmh.eng.br>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: fix "acpi=ht" boot option
Len Brown [Tue, 16 Feb 2010 08:45:45 +0000 (03:45 -0500)]
ACPI: fix "acpi=ht" boot option

commit 49bf83a45fc677db1ed44d0e072e6aaeabe4e124 upstream.

We broke "acpi=ht" in 2.6.32 by disabling MADT parsing
for acpi=disabled.  e5b8fc6ac158f65598f58dba2c0d52ba3b412f52
This also broke systems which invoked acpi=ht via DMI blacklist.

acpi=ht is a really ugly hack,
but restore it for those that still use it.

http://bugzilla.kernel.org/show_bug.cgi?id=14886

Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: remove Asus P2B-DS from acpi=ht blacklist
Len Brown [Tue, 16 Feb 2010 08:30:06 +0000 (03:30 -0500)]
ACPI: remove Asus P2B-DS from acpi=ht blacklist

commit 97c169d39b6846a564dc8d883832e7fef9bdb77d upstream.

We realized when we broke acpi=ht
http://bugzilla.kernel.org/show_bug.cgi?id=14886
that acpi=ht is not needed on this box
and folks have been using acpi=force on it anyway.

Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoPCI hotplug: check ioremap() return value in ibmphp_ebda.c
Andrew Morton [Tue, 2 Feb 2010 22:45:54 +0000 (14:45 -0800)]
PCI hotplug: check ioremap() return value in ibmphp_ebda.c

commit ba02b242bbf8e4e1bc63d62e8ccec33b4e5ea132 upstream.

check ioremap() return value.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoPCI hotplug: ibmphp: read the length of ebda and map entire ebda region
Chandru [Mon, 11 Jan 2010 06:19:21 +0000 (11:49 +0530)]
PCI hotplug: ibmphp: read the length of ebda and map entire ebda region

commit b0fc889c4311835ae7d02f433154bc20cad9ee11 upstream.

ibmphp driver currently maps only 1KB of ebda memory area into kernel address
space during driver initialization. This causes kernel oops when the driver is
modprobe'd and it accesses memory beyond 1KB within ebda segment. The first
byte of ebda segment actually stores the length of the ebda region in
Kilobytes. Hence make use of the length parameter and map the entire ebda
region.

Signed-off-by: Chandru Siddalingappa <chandru@linux.vnet.ibm.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoahci: disable FPDMA auto-activate optimization on NVIDIA AHCI
Robert Hancock [Wed, 27 Jan 2010 04:33:23 +0000 (22:33 -0600)]
ahci: disable FPDMA auto-activate optimization on NVIDIA AHCI

commit 453d3131ec7aab82eaaa8401a50522a337092aa8 upstream.

Mike Cui reported that his system with an NVIDIA MCP79 (aka MCP7A)
chipset stopped working with 2.6.32. The problem appears to be that
2.6.32 now enables the FPDMA auto-activate optimization in the ahci
driver. The drive works fine with this enabled on an Intel AHCI so
this appears to be a chipset bug.  Since MCP79 is a fairly recent
NVIDIA chipset and we don't have any info on whether any other NVIDIA
chipsets have this issue, disable FPDMA AA optimization on all NVIDIA
AHCI controllers for now.

Should address http://bugzilla.kernel.org/show_bug.cgi?id=14922

Signed-off-by: Robert Hancock <hancockrwd@gmail.com>
While-we-investigate-issue-this-patch-looks-good-to-me-by:
Prajakta Gudadhe <pgudadhe@nvidia.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetlabel: fix export of SELinux categories > 127
Joshua Roys [Wed, 24 Feb 2010 23:52:44 +0000 (18:52 -0500)]
netlabel: fix export of SELinux categories > 127

commit c36f74e67fa12202dbcb4ad92c5ac844f9d36b98 upstream.

This fixes corrupted CIPSO packets when SELinux categories greater than 127
are used.  The bug occured on the second (and later) loops through the
while; the inner for loop through the ebitmap->maps array used the same
index as the NetLabel catmap->bitmap array, even though the NetLabel bitmap
is twice as long as the SELinux bitmap.

Signed-off-by: Joshua Roys <joshua.roys@gtri.gatech.edu>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: sanity check before counting number of tfds can be free
Stanislaw Gruszka [Fri, 19 Feb 2010 23:47:33 +0000 (15:47 -0800)]
iwlwifi: sanity check before counting number of tfds can be free

commit a120e912eb51e347f36c71b60a1d13af74d30e83 upstream.

Check the frame control for ieee80211_is_data_qos() is true before
counting the number of tfds can be free, the tfds_in_queue only
increment when ieee80211_is_data_qos() is true before transmit; so it
should only decrement if the type match.

Remove ieee80211_is_data_qos check for frame_ctrl in tx_resp to avoid
invalid information pass from uCode.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: set HT flags after channel in rxon
Dan Halperin [Fri, 19 Feb 2010 06:01:39 +0000 (22:01 -0800)]
iwlwifi: set HT flags after channel in rxon

commit 5e2f75b8993a0d83d469388b50716dd5551f2eb4 upstream.

The HT extension channel settings require priv->staging_rxon.channel to be
accurate. However, iwl_set_rxon_ht was being called before iwl_set_rxon_channel
and thus HT40 could be broken unless another call to iwl_mac_config came in.

This problem was recently introduced by "iwlwifi: Fix to set correct ht
configuration"

The particular setting in which I noticed this was monitor mode:

iwconfig wlan0 mode monitor
ifconfig wlan0 up
./iw wlan0 set channel 64 HT40-
#./iw wlan0 set channel 64 HT40-
tcpdump -i wlan0 -y IEEE802_11_RADIO

would only catch HT40 packets if I issued the IW command twice.

From visual inspection, iwl_set_rxon_channel does not depend on
iwl_set_rxon_ht, so simply swapping them should be safe and fixes this problem.

Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: error checking for number of tfds in queue
Wey-Yi Guy [Fri, 19 Feb 2010 23:47:32 +0000 (15:47 -0800)]
iwlwifi: error checking for number of tfds in queue

commit a239a8b47cc0e5e6d7416a89f340beac06d5edaa upstream.

When receive reply_tx and ready to decrement the count for number of
tfds in queue, do error checking to prevent error condition and
tfds_in_queue become negative number.

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofs/exec.c: fix initial stack reservation
Michael Neuling [Mon, 22 Feb 2010 20:44:24 +0000 (12:44 -0800)]
fs/exec.c: fix initial stack reservation

commit a17e18790a8c47113a73139d54a375dc9ccd8f08 upstream.

803bf5ec259941936262d10ecc84511b76a20921 ("fs/exec.c: restrict initial
stack space expansion to rlimit") attempts to limit the initial stack to
20*PAGE_SIZE.  Unfortunately, in attempting ensure the stack is not
reduced in size, we ended up not changing the stack at all.

This size reduction check is not necessary as the expand_stack call does
this already.

This caused a regression in UML resulting in most guest processes being
killed.

Signed-off-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: WANG Cong <xiyou.wangcong@gmail.com>
Cc: Anton Blanchard <anton@samba.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Serge Hallyn <serue@us.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Jouni Malinen <j@w1.fi>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomemcg: fix oom killing a child process in an other cgroup
KAMEZAWA Hiroyuki [Mon, 22 Feb 2010 20:44:14 +0000 (12:44 -0800)]
memcg: fix oom killing a child process in an other cgroup

commit 5a2d41961dd6815b874b5c0afec0ac96cd90eea4 upstream.

Presently the oom-killer is memcg aware and it finds the worst process
from processes under memcg(s) in oom.  Then, it kills victim's child
first.

It may kill a child in another cgroup and may not be any help for
recovery.  And it will break the assumption users have.

This patch fixes it.

Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
Cc: Balbir Singh <balbir@linux.vnet.ibm.com>
Reviewed-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoV4L/DVB: cxusb: Select all required frontend and tuner modules
Ben Hutchings [Thu, 11 Feb 2010 02:57:17 +0000 (23:57 -0300)]
V4L/DVB: cxusb: Select all required frontend and tuner modules

commit fc4a7f93087a48619005111895dcaa115f807399 upstream.

cxusb uses the atbm8830 and lgs8gxx (not lgs8gl5) frontends and the
max2165 tuner, so it needs to select them.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoV4L/DVB: bttv: Move I2C IR initialization
Jean Delvare [Fri, 19 Feb 2010 03:18:41 +0000 (00:18 -0300)]
V4L/DVB: bttv: Move I2C IR initialization

commit 2434466432464110b5307757e0285dd41f15512e upstream.

Move I2C IR initialization from just after I2C bus setup to right
before non-I2C IR initialization. This avoids the case where an I2C IR
device is blocking audio support (at least the PV951 suffers from
this). It is also more logical to group IR support together,
regardless of the connectivity.

This fixes bug #15184:
http://bugzilla.kernel.org/show_bug.cgi?id=15184

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoV4L/DVB: Video : pwc : Fix regression in pwc_set_shutter_speed caused by bad constant...
Martin Fuzzey [Thu, 11 Feb 2010 13:50:31 +0000 (10:50 -0300)]
V4L/DVB: Video : pwc : Fix regression in pwc_set_shutter_speed caused by bad constant => sizeof conversion.

commit 53f68607caba85db9a73846ccd289e4b7fa96295 upstream.

Regression was caused by my commit 6b35ca0d3d586b8ecb8396821af21186e20afaf0
which determined message size using sizeof rather than hardcoded constants.

Unfortunately pwc_set_shutter_speed reuses a 2 byte buffer for a one byte
message too so the sizeof was bogus in this case.

All other uses of sizeof checked and are ok.

Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Martin Fuzzey <mfuzzey@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agobfin: fix max timeout calculation
Mike Frysinger [Tue, 16 Feb 2010 00:32:25 +0000 (19:32 -0500)]
bfin: fix max timeout calculation

commit 3dae93ec3ee1fceec69f40ef9b97892ce62ba7a5 upstream.

Relying on overflow/wrap around isn't exact because if you wrap far
enough, you get back to "valid" values.

Reported-by: Thorsten Pohlmann <pohlmann@tetronik.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoV4L/DVB: dvb: l64781.ko broken with gcc 4.5
Richard Guenther [Tue, 9 Feb 2010 23:16:03 +0000 (20:16 -0300)]
V4L/DVB: dvb: l64781.ko broken with gcc 4.5

commit c1db53b36633e6a7511dbec7c372f01a31528f0c upstream.

I'm trying to fix it on the GCC side (PR43007), but the module is
quite stupid in using ULL constants to operate on u32 values:

static int apply_frontend_param (struct dvb_frontend* fe, struct
dvb_frontend_parameters *param)
{
...
 static const u32 ppm = 8000;
 u32 spi_bias;
...

 spi_bias *= 1000ULL;
 spi_bias /= 1000ULL + ppm/1000;

which causes current GCC 4.5 to emit calls to __udivdi3 for i?86 again.

This patch fixes this issue.

Signed-off-by: Richard Guenther <rguenther@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
14 years agoARM: 5944/1: scsi: fix timer setup in fas216.c
Guennadi Liakhovetski [Thu, 18 Feb 2010 17:07:18 +0000 (18:07 +0100)]
ARM: 5944/1: scsi: fix timer setup in fas216.c

commit b857df1acc634b18db1db2a40864af985100266e upstream.

mod_timer() takes an absolute time and not a delay as its argument.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofix LOOKUP_FOLLOW on automount "symlinks"
Al Viro [Tue, 16 Feb 2010 18:09:36 +0000 (18:09 +0000)]
fix LOOKUP_FOLLOW on automount "symlinks"

commit ac278a9c505092dd82077a2446af8f9fc0d9c095 upstream.

Make sure that automount "symlinks" are followed regardless of LOOKUP_FOLLOW;
it should have no effect on them.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoLinux 2.6.32.9
Greg Kroah-Hartman [Tue, 23 Feb 2010 15:38:51 +0000 (07:38 -0800)]
Linux 2.6.32.9

14 years agodm log: userspace fix overhead_size calcuations
Jonathan Brassow [Tue, 16 Feb 2010 18:42:53 +0000 (18:42 +0000)]
dm log: userspace fix overhead_size calcuations

commit ebfd32bba9b518d684009d9d21a56742337ca1b3 upstream.

This patch fixes two bugs that revolve around the miscalculation and
misuse of the variable 'overhead_size'.  'overhead_size' is the size of
the various header structures used during communication.

The first bug is the use of 'sizeof' with the pointer of a structure
instead of the structure itself - resulting in the wrong size being
computed.  This is then used in a check to see if the payload
(data_size) would be to large for the preallocated structure.  Since the
bug produces a smaller value for the overhead, it was possible for the
structure to be breached.  (Although the current users of the code do
not currently send enough data to trigger this bug.)

The second bug is that the 'overhead_size' value is used to compute how
much of the preallocated space should be cleared before populating it
with fresh data.  This should have simply been 'sizeof(struct cn_msg)'
not overhead_size.  The fact that 'overhead_size' was computed
incorrectly made this problem "less bad" - leaving only a pointer's
worth of space at the end uncleared.  Thus, this bug was never producing
a bad result, but still needs to be fixed - especially now that the
value is computed correctly.

Signed-off-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodm stripe: avoid divide by zero with invalid stripe count
Nikanth Karthikesan [Tue, 16 Feb 2010 18:42:47 +0000 (18:42 +0000)]
dm stripe: avoid divide by zero with invalid stripe count

commit 781248c1b50c776a9ef4be1130f84ced1cba42fe upstream.

If a table containing zero as stripe count is passed into stripe_ctr
the code attempts to divide by zero.

This patch changes DM_TABLE_LOAD to return -EINVAL if the stripe count
is zero.

We now get the following error messages:
  device-mapper: table: 253:0: striped: Invalid stripe count
  device-mapper: ioctl: error adding target to table

Signed-off-by: Nikanth Karthikesan <knikanth@suse.de>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: Fix to set correct ht configuration
Wey-Yi Guy [Fri, 5 Feb 2010 19:40:00 +0000 (11:40 -0800)]
iwlwifi: Fix to set correct ht configuration

commit 098dfded5b1b09927995e89c6d689f85a0f53384 upstream.

iwl_set_rxon_ht() only get called in iwl_post_associate(); which cause
possible incorrect ht configuration. Adding the call in iwl_mac_config() if
IEEE80211_CONF_CHANGE_CHANNEL flag is set to re-configure and send rxon
command.

Fixes
http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2146

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: Fix probe request filtering in IBSS mode
Benoit Papillault [Fri, 5 Feb 2010 00:21:03 +0000 (01:21 +0100)]
mac80211: Fix probe request filtering in IBSS mode

commit 0da780c269957783d341fc3559e6b4c9912af7b4 upstream.

We only reply to probe request if either the requested SSID is the
broadcast SSID or if the requested SSID matches our own SSID. This
latter case was not properly handled since we were replying to different
SSID with the same length as our own SSID.

Signed-off-by: Benoit Papillault <benoit.papillault@free.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath9k: Fix sequence numbers for PAE frames
Sujith [Tue, 9 Feb 2010 04:37:00 +0000 (10:07 +0530)]
ath9k: Fix sequence numbers for PAE frames

commit 6c8afef551fef87a3bf24f8a74c69a7f2f72fc82 upstream.

Currently, PAE frames are not assigned proper sequence numbers.
Since sending PAE frames as part of aggregates breaks
crupto with several APs, they are sent as normal MPDUs.
Fix the seqeuence number issue by updating the frame with the
internal sequence number.

Tested-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Sujith <Sujith.Manoharan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agob43: Fix throughput regression
Larry Finger [Tue, 2 Feb 2010 16:08:19 +0000 (10:08 -0600)]
b43: Fix throughput regression

commit b6c3f5be7c6ac3375f44de4545c1ffe216b34022 upstream.

Commit c7ab5ef9bcd281135c21b4732c9be779585181be entitled "b43: implement
short slot and basic rate handling" reduced the transmit throughput for
my BCM4311 device from 18 Mb/s to 0.7 Mb/s. The basic rate handling
portion is OK, the problem is in the short slot handling.

Prior to this change, the short slot enable/disable routines were never
called. Experimentation showed that the critical part was changing the
value at offset 0x0010 in the shared memory. This is supposed to contain
the 802.11 Slot Time in usec, but if it is changed from its initial value
of zero, performance is destroyed. On the other hand, changing the value
in the MMIO register corresponding to the Interframe Slot Time increased
performance from 18 to 22 Mb/s. A BCM4306/3 also shows dramatic
improvement of the transmit rate from 5.3 to 19.0 Mb/s.

Other changes in the patch include removal of the magic number for the
MMIO register, and allowing the slot time to be set for any PHY operating
in the 2.4 GHz band. Previously, the routine was executed only for G PHYs.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoeCryptfs: Add getattr function
Tyler Hicks [Wed, 4 Nov 2009 08:48:01 +0000 (02:48 -0600)]
eCryptfs: Add getattr function

commit f8f484d1b6677dd5cd5e7e605db747e8c30bbd47 upstream.

The i_blocks field of an eCryptfs inode cannot be trusted, but
generic_fillattr() uses it to instantiate the blocks field of a stat()
syscall when a filesystem doesn't implement its own getattr().  Users
have noticed that the output of du is incorrect on newly created files.

This patch creates ecryptfs_getattr() which calls into the lower
filesystem's getattr() so that eCryptfs can use its kstat.blocks value
after calling generic_fillattr().  It is important to note that the
block count includes the eCryptfs metadata stored in the beginning of
the lower file plus any padding used to fill an extent before
encryption.

https://bugs.launchpad.net/ecryptfs/+bug/390833

Reported-by: Dominic Sacré <dominic.sacre@gmx.de>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Cc: Tim Gardner <timg@tpi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoNFS: Too many GETATTR and ACCESS calls after direct I/O
Chuck Lever [Mon, 15 Feb 2010 17:19:53 +0000 (12:19 -0500)]
NFS: Too many GETATTR and ACCESS calls after direct I/O

commit 65d269538a1129495ac45a14a777cd11cfe881d8 upstream.

The cached read and write paths initialize fattr->time_start in their
setup procedures.  The value of fattr->time_start is propagated to
read_cache_jiffies by nfs_update_inode().  Subsequent calls to
nfs_attribute_timeout() will then use a good time stamp when
computing the attribute cache timeout, and squelch unneeded GETATTR
calls.

Since the direct I/O paths erroneously leave the inode's
fattr->time_start field set to zero, read_cache_jiffies for that inode
is set to zero after any direct read or write operation.  This
triggers an otw GETATTR or ACCESS call to update the file's attribute
and access caches properly, even when the NFS READ or WRITE replies
have usable post-op attributes.

Make sure the direct read and write setup code performs the same fattr
initialization as the cached I/O paths to prevent unnecessary GETATTR
calls.

This was likely introduced by commit 0e574af1 in 2.6.15, which appears
to add new nfs_fattr_init() call sites in the cached read and write
paths, but not in the equivalent places in fs/nfs/direct.c.  A
subsequent commit in the same series, 33801147, introduces the
fattr->time_start field.

Interestingly, the direct write reschedule path already has a call to
nfs_fattr_init() in the right place.

Reported-by: Quentin Barnes <qbarnes@yahoo-inc.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/radeon/kms: use udelay for short delays
Dave Airlie [Sat, 30 Jan 2010 21:07:14 +0000 (07:07 +1000)]
drm/radeon/kms: use udelay for short delays

commit 01d4503968f471f876fb44335800d2cf8dc5a2ce upstream.

For usec delays use udelay instead of scheduling, this should
allow reclocking to happen faster. This also was the cause
of reported 33s delays at bootup on certain systems.

fixes: freedesktop.org bug 25506

Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: fix High cpu temperature with 2.6.32
Arjan van de Ven [Wed, 27 Jan 2010 23:25:39 +0000 (15:25 -0800)]
ACPI: fix High cpu temperature with 2.6.32

commit 370d5cd88509b93b76eb2f5f97efbd71c25061cb upstream.

Since the rewrite of the CPU idle governor in 2.6.32, two laptops have
surfaced where the BIOS advertises a C2 power state, but for some reason
this state is not functioning (as verified in both cases by powertop
before the patch in .32).

The old governor had the accidental behavior that if a non-working state
was chosen too many times, it would end up falling back to C1.  The new
governor works differently and this accidental behavior is no longer
there; the result is a high temperature on these two machines.

This patch adds these 2 machines to the DMI table for C state anomalies;
by just not using C2 both these machines are better off (the TSC can be
used instead of the pm timer, giving a performance boost for example).

Addresses http://bugzilla.kernel.org/show_bug.cgi?id=14742

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Reported-by: <akwatts@ymail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoACPI: Add NULL pointer check in acpi_bus_start
Thomas Renninger [Fri, 29 Jan 2010 16:48:51 +0000 (17:48 +0100)]
ACPI: Add NULL pointer check in acpi_bus_start

commit d2f6650a950dadd20667a04a9dc785f240d43695 upstream.

If acpi_bus_add does not return a device and it's passed
to acpi_bus_start, bad things will happen:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff8128402d>] acpi_bus_start+0x14/0x24
...
[<ffffffffa008977a>] acpiphp_bus_add+0xba/0x130 [acpiphp]
[<ffffffffa008aa72>] enable_device+0x132/0x2ff [acpiphp]
[<ffffffffa0089b68>] acpiphp_enable_slot+0xb8/0x130 [acpiphp]
[<ffffffffa0089df7>] handle_hotplug_event_func+0x87/0x190 [acpiphp]

Next patch would make this NULL pointer check obsolete, but
better having one more than one missing...

Signed-off-by: Thomas Renninger <trenn@suse.de>
Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agortl8187: Add new device ID
Jelle Martijn Kok [Wed, 10 Feb 2010 15:34:09 +0000 (09:34 -0600)]
rtl8187: Add new device ID

commit 174b24963eaf96dc5e093502ee09639aed13eb2f upstream.

Add new RTL8187B device.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: usbfs: properly clean up the as structure on error paths
Linus Torvalds [Tue, 16 Feb 2010 20:35:07 +0000 (12:35 -0800)]
USB: usbfs: properly clean up the as structure on error paths

commit ddeee0b2eec2a51b0712b04de4b39e7bec892a53 upstream.

I notice that the processcompl_compat() function seems to be leaking the
'struct async *as' in the error paths.

I think that the calling convention is fundamentally buggered. The
caller is the one that did the "reap_as()" to get the as thing, the
caller should be the one to free it too.

Freeing it in the caller also means that it very clearly always gets
freed, and avoids the need for any "free in the error case too".

From: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Marcus Meissner <meissner@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoUSB: usbfs: only copy the actual data received
Greg KH [Mon, 15 Feb 2010 17:37:46 +0000 (09:37 -0800)]
USB: usbfs: only copy the actual data received

commit d4a4683ca054ed9917dfc9e3ff0f7ecf74ad90d6 upstream.

We need to only copy the data received by the device to userspace, not
the whole kernel buffer, which can contain "stale" data.

Thanks to Marcus Meissner for pointing this out and testing the fix.

Reported-by: Marcus Meissner <meissner@suse.de>
Tested-by: Marcus Meissner <meissner@suse.de>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoclass: Free the class private data in class_release
Laurent Pinchart [Wed, 10 Feb 2010 12:32:49 +0000 (13:32 +0100)]
class: Free the class private data in class_release

commit 18d19c96457d172d913510c083bc7411ed40cb10 upstream.

Fix a memory leak by freeing the memory allocated in __class_register
for the class private data.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosysfs: sysfs_sd_setattr set iattrs unconditionally
Eric W. Biederman [Thu, 4 Feb 2010 07:13:24 +0000 (23:13 -0800)]
sysfs: sysfs_sd_setattr set iattrs unconditionally

commit 7c0ff870d1ed287504a61ed865f3d728c757436b upstream.

There is currently a bug in sysfs_sd_setattr inherited from
sysfs_setattr in 2.6.32 where the first time we set the attributes
on a sysfs file we allocate backing store but do not set the
backing store attributes.  Resulting in overly restrictive
permissions on sysfs files.

The fix is to simply modify the code so that it always executes
when we update the sysfs attributes, as we did in 2.6.31 and earlier.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Tested-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoserial: 8250: add serial transmitter fully empty test
Dick Hollenbeck [Wed, 9 Dec 2009 20:31:34 +0000 (12:31 -0800)]
serial: 8250: add serial transmitter fully empty test

commit bca476139d2ded86be146dae09b06e22548b67f3 upstream.

When controlling an industrial radio modem it can be necessary to
manipulate the handshake lines in order to control the radio modem's
transmitter, from userspace.

The transmitter should not be turned off before all characters have been
transmitted.  serial8250_tx_empty() was reporting that all characters were
transmitted before they actually were.

===

Discovered in parallel with more testing and analysis by Kees Schoenmakers
as follows:

I ran into an NetMos 9835 serial pci board which behaves a little
different than the standard.  This type of expansion board is very common.

"Standard" 8250 compatible devices clear the 'UART_LST_TEMT" bit together
with the "UART_LSR_THRE" bit when writing data to the device.

The NetMos device does it slightly different

I believe that the TEMT bit is coupled to the shift register.  The problem
is that after writing data to the device and very quickly after that one
does call serial8250_tx_empty, it returns the wrong information.

My patch makes the test more robust (and solves the problem) and it does
not affect the already correct devices.

Alan:

  We may yet need to quirk this but now we know which chips we have a
  way to do that should we find this breaks some other 8250 clone with
  dodgy THRE.

Signed-off-by: Dick Hollenbeck <dick@softplc.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
Cc: Kees Schoenmakers <k.schoenmakers@sigmae.nl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: usb-audio - Avoid Oops after disconnect
Takashi Iwai [Mon, 28 Dec 2009 11:24:22 +0000 (12:24 +0100)]
ALSA: usb-audio - Avoid Oops after disconnect

commit 78b8d5d2ee280c463908fd75f3bdf246bcb6ac8d upstream.

As the release of substreams may be done asynchronously from the
disconnection, close callback needs to check the shutdown flag before
actually accessing the usb interface.

Reference: Novell bnc#505027
http://bugzilla.novell.com/show_bug.cgi?id=565027

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoStaging: fix rtl8187se compilation errors with mac80211
George Kadianakis [Wed, 16 Dec 2009 23:16:00 +0000 (01:16 +0200)]
Staging: fix rtl8187se compilation errors with mac80211

commit df574b8ecfb3a84af96229f336a6be88ca4a7055 upstream.

This patch fixes compilation problems that were caused by function
naming conflicts between the rtl8187se driver and the mac80211 stack.

Signed-off-by: George Kadianakis <desnacked@gmail.com>
Cc: maximilian attems <max@stro.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Re-get cfg_new in case reuse/move irq_desc
Yinghai Lu [Sat, 21 Nov 2009 08:23:37 +0000 (00:23 -0800)]
x86: Re-get cfg_new in case reuse/move irq_desc

commit 37ef2a3029fde884808ff1b369677abc7dd9a79a upstream.

When irq_desc is moved, we need to make sure to use the right cfg_new.

Signed-off-by: Yinghai Lu <yinghai@kernel.org>
LKML-Reference: <4B07A739.3030104@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86/amd-iommu: Fix deassignment of a device from the pt_domain
Joerg Roedel [Wed, 3 Feb 2010 15:13:41 +0000 (16:13 +0100)]
x86/amd-iommu: Fix deassignment of a device from the pt_domain

commit d3ad9373b7c29b63d5e8460a69453718d200cc3b upstream.

Deassigning a device from the passthrough domain does not
work and breaks device assignment to kvm guests. This patch
fixes the issue.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86/amd-iommu: Fix IOMMU-API initialization for iommu=pt
Joerg Roedel [Wed, 3 Feb 2010 15:13:08 +0000 (16:13 +0100)]
x86/amd-iommu: Fix IOMMU-API initialization for iommu=pt

commit f5325094379158e6b876ea0010c807bf7890ec8f upstream

This patch moves the initialization of the iommu-api out of
the dma-ops initialization code. This ensures that the
iommu-api is initialized even with iommu=pt.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agopktgen: Fix freezing problem
Rafael J. Wysocki [Thu, 4 Feb 2010 22:00:41 +0000 (14:00 -0800)]
pktgen: Fix freezing problem

commit 1b3f720bf033fde1fbb6231f9b156b918c5f68d8 upstream.

Add missing try_to_freeze() to one of the pktgen_thread_worker() code
paths so that it doesn't block suspend/hibernation.

Fixes http://bugzilla.kernel.org/show_bug.cgi?id=15006

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Reported-and-tested-by: Ciprian Dorin Craciun <ciprian.craciun@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoahci: add Acer G725 to broken suspend list
Tejun Heo [Thu, 28 Jan 2010 07:04:15 +0000 (16:04 +0900)]
ahci: add Acer G725 to broken suspend list

commit cedc9bf906dae044443d403371c887affdb44168 upstream.

Acer G725 shares the same suspend problem with the HP laptops which
lose ATA devices on resume.  New firmware which fixes the problem is
already available.  Add G725 with old firmwares to the broken suspend
list.

This problem has been reported in bko#15104.

  http://bugzilla.kernel.org/show_bug.cgi?id=15104

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Jani-Matti Hätinen <jani-matti.hatinen@iki.fi>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoCall flush_dcache_page after PIO data transfers in libata-sff.c
Catalin Marinas [Thu, 4 Feb 2010 06:04:50 +0000 (01:04 -0500)]
Call flush_dcache_page after PIO data transfers in libata-sff.c

commit 2d68b7fe55d9e19a8a868224ed0dfd6526568521 upstream.

flush_dcache_page() must be called after (!ATA_TFLAG_WRITE) the
data copying to avoid D-cache aliasing with user space or I-D cache
coherency issues (when reading data from an ATA device using PIO,
the kernel dirties the D-cache but there is no flush_dcache_page()
required on Harvard architectures).

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agortc-fm3130: add missing braces
Sergey Matyukevich [Tue, 2 Feb 2010 21:43:59 +0000 (13:43 -0800)]
rtc-fm3130: add missing braces

commit f4b5162820de60204afa5c8639335f4931b7fb0c upstream.

Add missing braces for multiline 'if' statements in fm3130_probe.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Alessandro Zummo <a.zummo@towertech.it>
Cc: Sergey Lapin <slapin@ossfans.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agobefs: fix leak
Al Viro [Fri, 29 Jan 2010 03:11:38 +0000 (22:11 -0500)]
befs: fix leak

commit 8dd5ca532c2d2c2b85f16bc038ebfff05b8853e1 upstream.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - Improved MacBook (Pro) 5,1 / 5,2 support
Alex Murray [Wed, 13 Jan 2010 12:45:03 +0000 (23:15 +1030)]
ALSA: hda - Improved MacBook (Pro) 5,1 / 5,2 support

commit a76221d47ef2b73ff16c0fef00a784026308ea02 upstream.

This patch adds support for automatically muting the speakers when headphones
are inserted, as well as relabelling the headphone widgets from the
non-standard "HP" to the standard "Headphone" for the mb5 model.

Signed-off-by: Alex Murray <murray.alex@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodst: call cond_resched() in dst_gc_task()
Eric Dumazet [Mon, 8 Feb 2010 23:00:39 +0000 (15:00 -0800)]
dst: call cond_resched() in dst_gc_task()

commit 2fc1b5dd99f66d93ffc23fd8df82d384c1a354c8 upstream.

Kernel bugzilla #15239

On some workloads, it is quite possible to get a huge dst list to
process in dst_gc_task(), and trigger soft lockup detection.

Fix is to call cond_resched(), as we run in process context.

Reported-by: Pawel Staszewski <pstaszewski@itcare.pl>
Tested-by: Pawel Staszewski <pstaszewski@itcare.pl>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda - use WARN_ON_ONCE() for zero-division detection
Takashi Iwai [Fri, 12 Feb 2010 17:17:06 +0000 (18:17 +0100)]
ALSA: hda - use WARN_ON_ONCE() for zero-division detection

commit d6d8bf549393484e906913f02fa3c9518a2819b6 upstream.

Replace the zero-division warning message with WARN_ON_ONCE() per the
advice by Linus.  This shouldn't happen, but if it happens, it's
possible that the bug happens often due to buggy IRQs.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosh: Couple kernel and user write page perm bits for CONFIG_X2TLB
Matt Fleming [Fri, 11 Dec 2009 22:58:17 +0000 (22:58 +0000)]
sh: Couple kernel and user write page perm bits for CONFIG_X2TLB

commit fcb4ebd678858850e8b029909064175cb627868d upstream.

pte_write() should check whether the permissions include either the user
or kernel write permission bits. Likewise, pte_wrprotect() needs to
remove both the kernel and user write bits.

Without this patch handle_tlbmiss() doesn't handle faulting in pages
from the P3 area (our vmalloc space) because of a write. Mappings of the
P3 space have the _PAGE_EXT_KERN_WRITE bit but not _PAGE_EXT_USER_WRITE.

Signed-off-by: Matt Fleming <matt@console-pimps.org>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSCSI: mptfusion : mptscsih_abort return value should be SUCCESS instead of value 0.
Kashyap, Desai [Mon, 25 Jan 2010 10:50:52 +0000 (16:20 +0530)]
SCSI: mptfusion : mptscsih_abort return value should be SUCCESS instead of value 0.

commit 9858ae38011d699d4c2fa7f3493a47accf43a0f5 upstream.

retval should be SUCCESS/FAILED which is defined at scsi.h
retval = 0 is directing wrong return value. It must be retval = SUCCESS.

Signed-off-by: Kashyap Desai <kashyap.desai@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodevmem: fix kmem write bug on memory holes
Wu Fengguang [Fri, 5 Feb 2010 20:02:13 +0000 (15:02 -0500)]
devmem: fix kmem write bug on memory holes

commit c85e9a97c4102ce2e83112da850d838cfab5ab13 upstream

devmem: fix kmem write bug on memory holes

[ cebbert@redhat.com : backport to 2.6.32 ]

write_kmem() used to assume vwrite() always return the full buffer length.
However now vwrite() could return 0 to indicate memory hole.  This
creates a bug that "buf" is not advanced accordingly.

Fix it to simply ignore the return value, hence the memory hole.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Tejun Heo <tj@kernel.org>
Cc: Nick Piggin <npiggin@suse.de>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodevmem: check vmalloc address on kmem read/write
KAMEZAWA Hiroyuki [Fri, 5 Feb 2010 20:01:09 +0000 (15:01 -0500)]
devmem: check vmalloc address on kmem read/write

commit 325fda71d0badc1073dc59f12a948f24ff05796a

[ cebbert@redhat.com : backport to 2.6.32 ]

devmem: check vmalloc address on kmem read/write

Otherwise vmalloc_to_page() will BUG().

This also makes the kmem read/write implementation aligned with mem(4):
"References to nonexistent locations cause errors to be returned." Here we
return -ENXIO (inspired by Hugh) if no bytes have been transfered to/from
user space, otherwise return partial read/write results.

Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years ago/dev/mem: introduce size_inside_page()
Wu Fengguang [Fri, 5 Feb 2010 20:00:52 +0000 (15:00 -0500)]
/dev/mem: introduce size_inside_page()

commit f222318e9c3a315723e3524fb9d6566b2430db44 upstream

/dev/mem: introduce size_inside_page()

[ cebbert@redhat.com : backport to 2.6.32 ]
[ subset of original patch, for just /dev/kmem ]

Introduce size_inside_page() to replace duplicate /dev/mem code.

Also apply it to /dev/kmem, whose alignment logic was buggy.

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Acked-by: Andi Kleen <ak@linux.intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Avi Kivity <avi@qumranet.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodell-wmi, hp-wmi, msi-wmi: check wmi_get_event_data() return value
Len Brown [Sat, 30 Jan 2010 23:01:42 +0000 (18:01 -0500)]
dell-wmi, hp-wmi, msi-wmi: check wmi_get_event_data() return value

commit fda11e61ff8a4e3a8ebbd434e46560b67cc0ca9d upstream

[ backport to 2.6.32 ]

When acpi_evaluate_object() is passed ACPI_ALLOCATE_BUFFER,
the caller must kfree the returned buffer if AE_OK is returned.

The callers of wmi_get_event_data() pass ACPI_ALLOCATE_BUFFER,
and thus must check its return value before accessing
or kfree() on the buffer.

Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agowmi: Free the allocated acpi objects through wmi_get_event_data
Anisse Astier [Sat, 30 Jan 2010 23:00:17 +0000 (18:00 -0500)]
wmi: Free the allocated acpi objects through wmi_get_event_data

commit 3e9b988e4edf065d39c1343937f717319b1c1065 upstream

[ backported to 2.6.32 ]

These function allocate an acpi object by calling wmi_get_event_data, which
then calls acpi_evaluate_object, and it is not freed afterwards.

And kernel doc is fixed for parameters of wmi_get_event_data.

Signed-off-by: Anisse Astier <anisse@astier.eu>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Acked-by: Carlos Corbacho <carlos@strangeworlds.co.uk>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agocrypto: padlock-sha - Add import/export support
Herbert Xu [Sun, 31 Jan 2010 22:17:56 +0000 (09:17 +1100)]
crypto: padlock-sha - Add import/export support

commit a8d7ac279743077965afeca0c9ed748507b68e89 upstream.

As the padlock driver for SHA uses a software fallback to perform
partial hashing, it must implement custom import/export functions.
Otherwise hmac which depends on import/export for prehashing will
not work with padlock-sha.

Reported-by: Wolfgang Walter <wolfgang.walter@stwm.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodasd: remove strings from s390dbf
Stefan Haberland [Mon, 7 Dec 2009 11:51:52 +0000 (12:51 +0100)]
dasd: remove strings from s390dbf

commit b8ed5dd54895647c2690575aad6f07748c2c618a upstream.

Remove strings from s390 debugfeature entries that could lead to a
crash when the data is read from dbf because the strings do not exist
any more.

Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/i915: Don't wait interruptible for possible plane buffer flush
Zhenyu Wang [Wed, 25 Nov 2009 05:09:39 +0000 (13:09 +0800)]
drm/i915: Don't wait interruptible for possible plane buffer flush

commit b9241ea31fae4887104e5d1b3b18f4009c25a0c4 upstream.

When we setup buffer for display plane, we'll check any pending
required GPU flush and possible make interruptible wait for flush
complete. But that wait would be most possibly to fail in case of
signals received for X process, which will then fail modeset process
and put display engine in unconsistent state. The result could be
blank screen or CPU hang, and DDX driver would always turn on outputs
DPMS after whatever modeset fails or not.

So this one creates new helper for setup display plane buffer, and
when needing flush using uninterruptible wait for that.

This one should fix bug like https://bugs.freedesktop.org/show_bug.cgi?id=24009.
Also fixing mode switch stress test on Ironlake.

Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/i915: add i915_lp_ring_sync helper
Daniel Vetter [Tue, 15 Sep 2009 20:57:32 +0000 (22:57 +0200)]
drm/i915: add i915_lp_ring_sync helper

commit 48764bf43f746113fc77877d7e80f2df23ca4cbb upstream.

This just waits until the hw passed the current ring position with
cmd execution. This slightly changes the existing i915_wait_request
function to make uninterruptible waiting possible - no point in
returning to userspace while mucking around with the overlay, that
piece of hw is just too fragile.

Also replace a magic 0 with the symbolic constant (and kill the then
superflous comment) while I was looking at the code.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/i915: remove full registers dump debug
Zhenyu Wang [Mon, 28 Dec 2009 05:23:36 +0000 (13:23 +0800)]
drm/i915: remove full registers dump debug

commit 823f68fd646da6a39a9c0d3eb4c60d69dab5aa13 upstream.

This one reverts 9e3a6d155ed0a7636b926a798dd7221ea107b274.
As reported by http://bugzilla.kernel.org/show_bug.cgi?id=14485,
this dump will cause hang problem on some machine. If something
really needs this kind of full registers dump, that could be done
within intel-gpu-tools.

Cc: Ben Gamari <bgamari.foss@gmail.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetfilter: nf_conntrack: fix hash resizing with namespaces
Patrick McHardy [Mon, 8 Feb 2010 19:18:07 +0000 (11:18 -0800)]
netfilter: nf_conntrack: fix hash resizing with namespaces

commit d696c7bdaa55e2208e56c6f98e6bc1599f34286d upstream.

As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
size is global and not per namespace, but modifiable at runtime through
/sys/module/nf_conntrack/hashsize. Changing the hash size will only
resize the hash in the current namespace however, so other namespaces
will use an invalid hash size. This can cause crashes when enlarging
the hashsize, or false negative lookups when shrinking it.

Move the hash size into the per-namespace data and only use the global
hash size to initialize the per-namespace value when instanciating a
new namespace. Additionally restrict hash resizing to init_net for
now as other namespaces are not handled currently.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetfilter: xtables: compat out of scope fix
Alexey Dobriyan [Mon, 8 Feb 2010 19:17:43 +0000 (11:17 -0800)]
netfilter: xtables: compat out of scope fix

commit 14c7dbe043d01a83a30633ab6b109ba2ac61d9f7 upstream.

As per C99 6.2.4(2) when temporary table data goes out of scope,
the behaviour is undefined:

if (compat) {
struct foo tmp;
...
private = &tmp;
}
[dereference private]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetfilter: nf_conntrack: restrict runtime expect hashsize modifications
Alexey Dobriyan [Mon, 8 Feb 2010 19:17:22 +0000 (11:17 -0800)]
netfilter: nf_conntrack: restrict runtime expect hashsize modifications

commit 13ccdfc2af03e09e60791f7d4bc4ccf53398af7c upstream.

Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetfilter: nf_conntrack: per netns nf_conntrack_cachep
Eric Dumazet [Mon, 8 Feb 2010 19:16:56 +0000 (11:16 -0800)]
netfilter: nf_conntrack: per netns nf_conntrack_cachep

commit 5b3501faa8741d50617ce4191c20061c6ef36cb3 upstream.

nf_conntrack_cachep is currently shared by all netns instances, but
because of SLAB_DESTROY_BY_RCU special semantics, this is wrong.

If we use a shared slab cache, one object can instantly flight between
one hash table (netns ONE) to another one (netns TWO), and concurrent
reader (doing a lookup in netns ONE, 'finding' an object of netns TWO)
can be fooled without notice, because no RCU grace period has to be
observed between object freeing and its reuse.

We dont have this problem with UDP/TCP slab caches because TCP/UDP
hashtables are global to the machine (and each object has a pointer to
its netns).

If we use per netns conntrack hash tables, we also *must* use per netns
conntrack slab caches, to guarantee an object can not escape from one
namespace to another one.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
[Patrick: added unique slab name allocation]
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetfilter: nf_conntrack: fix memory corruption with multiple namespaces
Patrick McHardy [Mon, 8 Feb 2010 19:16:26 +0000 (11:16 -0800)]
netfilter: nf_conntrack: fix memory corruption with multiple namespaces

commit 9edd7ca0a3e3999c260642c92fa008892d82ca6e upstream.

As discovered by Jon Masters <jonathan@jonmasters.org>, the "untracked"
conntrack, which is located in the data section, might be accidentally
freed when a new namespace is instantiated while the untracked conntrack
is attached to a skb because the reference count it re-initialized.

The best fix would be to use a seperate untracked conntrack per
namespace since it includes a namespace pointer. Unfortunately this is
not possible without larger changes since the namespace is not easily
available everywhere we need it. For now move the untracked conntrack
initialization to the init_net setup function to make sure the reference
count is not re-initialized and handle cleanup in the init_net cleanup
function to make sure namespaces can exit properly while the untracked
conntrack is in use in other namespaces.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoamd64_edac: Do not falsely trigger kerneloops
Borislav Petkov [Thu, 11 Feb 2010 16:15:57 +0000 (17:15 +0100)]
amd64_edac: Do not falsely trigger kerneloops

commit cab4d27764d5a8654212b3e96eb0ae793aec5b94 upstream.

An unfortunate "WARNING" in the message amd64_edac dumps when the system
doesn't support DRAM ECC or ECC checking is not enabled in the BIOS
used to trigger kerneloops which qualified the message as an OOPS thus
misleading the users. See, e.g.

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/422536
http://bugzilla.kernel.org/show_bug.cgi?id=15238

Downgrade the message level to KERN_NOTICE and fix the formulation.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Acked-by: Doug Thompson <dougthompson@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>