Jurgen Kramer [Sun, 4 Sep 2011 16:01:42 +0000 (18:01 +0200)]
Bluetooth: add support for 2011 mac mini
commit
f78b68261e80899f81a21dfdf91e2a1456ea8175 upstream.
Today I noticed that the usb bluetooth adapter (BCM2046B1) on my 2011
mac mini was not working. I've created a patch to get it going.
Signed-off-by: Jurgen Kramer <gtmkramer@xs4all.nl>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Steven.Li [Fri, 1 Jul 2011 06:02:36 +0000 (14:02 +0800)]
Bluetooth: Add Atheros AR3012 one PID/VID supported
commit
2d25f8b462f3b849d8913d02978657ef06e67dd8 upstream.
The new Ath3k needs to download patch and radio table,
and it keeps same PID/VID even after downloading the patch and radio
table. This patch is to use the bcdDevice (Device Release Number) to
judge whether the chip has been patched or not. The init bcdDevice
value of the chip is 0x0001, this value increases after patch and
radio table downloading.
Signed-off-by: Steven.Li <yongli@qca.qualcomm.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ricardo Mendoza [Wed, 13 Jul 2011 15:04:29 +0000 (16:04 +0100)]
Bluetooth: Add Toshiba laptops AR30XX device ID
commit
8e7c3d2e4ba18ee4cdcc1f89aec944fbff4ce735 upstream.
Blacklist Toshiba-branded AR3011 based AR5B195 [0930:0215] and add to
ath3k.c for firmware loading.
Signed-off-by: Ricardo Mendoza <ricmm@gentoo.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Pieter-Augustijn Van Malleghem [Wed, 7 Sep 2011 06:28:10 +0000 (02:28 -0400)]
Bluetooth: Add MacBookAir4,1 support
commit
a63b723d02531f7add0b2b8a0e6a77ee176f1626 upstream.
This patch against current git adds the hardware ID for the Apple
MacBookAir4,1, released in July 2011. The device features a BCM2046
USB chip. The patch was inspired by the previous modifications adding
support for the MacBookAir3,x.
Signed-off-by: Pieter-Augustijn Van Malleghem <p-a@scarlet.be>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Marek Vasut [Tue, 26 Jul 2011 16:44:47 +0000 (16:44 +0000)]
ASIX: Use only 11 bits of header for data size
commit
bca0beb9363f8487ac902931a50eb00180a2d14a upstream.
The AX88772B uses only 11 bits of the header for the actual size. The other bits
are used for something else. This causes dmesg full of messages:
asix_rx_fixup() Bad Header Length
This patch trims the check to only 11 bits. I believe on older chips, the
remaining 5 top bits are unused.
Signed-off-by: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Marek Vasut [Tue, 26 Jul 2011 16:44:46 +0000 (16:44 +0000)]
ASIX: Simplify condition in rx_fixup()
commit
bc466e678d0a98f445bf3f9c76fedf18e7dcc6b0 upstream.
Signed-off-by: Marek Vasut <marek.vasut@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andiry Xu [Mon, 19 Sep 2011 23:05:12 +0000 (16:05 -0700)]
USB: xHCI: prevent infinite loop when processing MSE event
commit
c2d7b49f42f50d7fc5cbfd195b785a128723fdf4 upstream.
When a xHC host is unable to handle isochronous transfer in the
interval, it reports a Missed Service Error event and skips some tds.
Currently xhci driver handles MSE event in the following ways:
1. When encounter a MSE event, set ep->skip flag, update event ring
dequeue pointer and return.
2. When encounter the next event on this ep, the driver will run the
do-while loop, fetch td from ep's td_list to find the td
corresponding to this event. All tds missed are marked as short
transfer(-EXDEV).
The do-while loop will end in two ways:
1. If the td pointed by the event trb is found;
2. If the ep ring's td_list is empty.
However, if a buggy HW reports some unpredicted event (for example, an
overrun event following a MSE event while the ep ring is actually not
empty), the driver will never find the td, and it will loop until the
td_list is empty.
Unfortunately, the spinlock is dropped when give back a urb in the
do-while loop. During the spinlock released period, the class driver
may still submit urbs and add tds to the td_list. This may cause
disaster, since the td_list will never be empty and the loop never ends,
and the system hangs.
To fix this, count the number of TDs on the ep ring before skipping TDs,
and quit the loop when skipped that number of tds. This guarantees the
do-while loop will end after certain number of cycles, and driver will
not be trapped in an infinite loop.
Signed-off-by: Andiry Xu <andiry.xu@amd.com>
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Kavan Smith [Wed, 31 Aug 2011 05:12:05 +0000 (05:12 +0000)]
ipheth: iPhone 4 Verizon CDMA USB Product ID add
commit
02009afc223aae43b8e18918fc816e4520791537 upstream.
Add USB product ID for iPhone 4 CDMA Verizon
Tested on at least 2 devices
Signed-off-by: Kavan Smith <kavansmith82@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sarah Sharp [Tue, 9 Aug 2011 23:31:54 +0000 (16:31 -0700)]
USB: Avoid NULL pointer deref in usb_hcd_alloc_bandwidth.
commit
8a9af4fdf6d5eeb3200a088354d266a87e8260b0 upstream.
usb_ifnum_to_if() can return NULL if the USB device does not have a
configuration installed (usb_device->actconfig == NULL), or if we can't
find the interface number in the installed configuration. Return an
error instead of crashing.
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Josh Boyer [Mon, 8 Aug 2011 02:34:07 +0000 (02:34 +0000)]
usbnet/cdc_ncm: Don't use stack variables for DMA
commit
75bc8ef528f7c4ea7e80384c5593487b6b3b535e upstream.
The cdc_ncm driver still has a few places where stack variables are
passed to the cdc_ncm_do_request function. This triggers a stack trace in
lib/dma-debug.c if the CONFIG_DEBUG_DMA_API option is set.
Adjust these calls to pass parameters that have been allocated with
kzalloc.
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Artur Zimmer [Wed, 10 Aug 2011 01:51:28 +0000 (03:51 +0200)]
USB: Serial: Add PID(0xF7C0) to FTDI SIO driver for a zeitcontrol-device
commit
ce7e9065958191e6b7ca49d7ed0e1099c486d198 upstream.
Here is a patch for a new PID (zeitcontrol-device mifare-reader FT232BL(like FT232BM but lead free)).
Signed-off-by: Artur Zimmer <artur128@3dzimmer.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Florian Echtler [Tue, 9 Aug 2011 11:37:49 +0000 (13:37 +0200)]
USB: Serial: Add device ID for Sierra Wireless MC8305
commit
2f1def2695c223b2aa325e5e47d0d64200a45d23 upstream.
A new device ID pair is added for Sierra Wireless MC8305.
Signed-off-by: Florian Echtler <floe@butterbrot.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Arvid Brodin [Wed, 20 Jul 2011 01:13:46 +0000 (03:13 +0200)]
usb/isp1760: Added missing call to usb_hcd_check_unlink_urb() during unlink
commit
17d3e145a4ad680b3d1b1c30d0696a5bbb2b65c4 upstream.
Signed-off-by: Arvid Brodin <arvid.brodin@enea.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Boris Todorov [Mon, 11 Jul 2011 09:03:33 +0000 (12:03 +0300)]
USB: EHCI: Fix test mode sequence
commit
77636c86a600b83de01719efad83567e46d7e8ce upstream.
The sequence to put port in test mode is not complete.
According EHCI specification all enabled ports must be
put in suspend.
Signed-off-by: Boris Todorov <boris.st.todorov@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
huajun li [Sun, 7 Aug 2011 03:03:31 +0000 (03:03 +0000)]
rtl8150: rtl8150_disconnect(...) does not need tasklet_disable(...)
commit
c2e2a313ff8fdc25cedef5e63da712a6a0d35dfe upstream.
Executing cmd 'rmmod rtl8150' does not return(if your device connects
to host), the root cause is tasklet_disable() causes tasklet_kill()
block, remove it from rtl8150_disconnect().
Signed-off-by: Huajun Li <huajun.li.lee@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasanthy Kolluri [Thu, 9 Jun 2011 10:37:07 +0000 (10:37 +0000)]
enic: Bug Fix: Fix hardware transmit queue indexing in enic_poll_controller
commit
b880a954b9e2585ce325aedd76e4741880cab180 upstream.
Signed-off-by: Christian Benvenuti <benve@cisco.com>
Signed-off-by: Danny Guo <dannguo@cisco.com>
Signed-off-by: Vasanthy Kolluri <vkolluri@cisco.com>
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
Signed-off-by: David Wang <dwang2@cisco.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Chun-Yi Lee <jlee@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Sandeen [Sat, 29 Oct 2011 14:15:35 +0000 (10:15 -0400)]
ext4: fix race in xattr block allocation path
commit
6d6a435190bdf2e04c9465cde5bdc3ac68cf11a4 upstream.
Ceph users reported that when using Ceph on ext4, the filesystem
would often become corrupted, containing inodes with incorrect
i_blocks counters.
I managed to reproduce this with a very hacked-up "streamtest"
binary from the Ceph tree.
Ceph is doing a lot of xattr writes, to out-of-inode blocks.
There is also another thread which does sync_file_range and close,
of the same files. The problem appears to happen due to this race:
sync/flush thread xattr-set thread
----------------- ----------------
do_writepages ext4_xattr_set
ext4_da_writepages ext4_xattr_set_handle
mpage_da_map_blocks ext4_xattr_block_set
set DELALLOC_RESERVE
ext4_new_meta_blocks
ext4_mb_new_blocks
if (!i_delalloc_reserved_flag)
vfs_dq_alloc_block
ext4_get_blocks
down_write(i_data_sem)
set i_delalloc_reserved_flag
...
up_write(i_data_sem)
if (i_delalloc_reserved_flag)
vfs_dq_alloc_block_nofail
In other words, the sync/flush thread pops in and sets
i_delalloc_reserved_flag on the inode, which makes the xattr thread
think that it's in a delalloc path in ext4_new_meta_blocks(),
and add the block for a second time, after already having added
it once in the !i_delalloc_reserved_flag case in ext4_mb_new_blocks
The real problem is that we shouldn't be using the DELALLOC_RESERVED
state flag, and instead we should be passing
EXT4_GET_BLOCKS_DELALLOC_RESERVE down to ext4_map_blocks() instead of
using an inode state flag. We'll fix this for now with using
i_data_sem to prevent this race, but this is really not the right way
to fix things.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Theodore Ts'o [Wed, 31 Aug 2011 16:02:51 +0000 (12:02 -0400)]
ext4: call ext4_handle_dirty_metadata with correct inode in ext4_dx_add_entry
commit
5930ea643805feb50a2f8383ae12eb6f10935e49 upstream.
ext4_dx_add_entry manipulates bh2 and frames[0].bh, which are two buffer_heads
that point to directory blocks assigned to the directory inode. However, the
function calls ext4_handle_dirty_metadata with the inode of the file that's
being added to the directory, not the directory inode itself. Therefore,
correct the code to dirty the directory buffers with the directory inode, not
the file inode.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Darrick J. Wong [Wed, 31 Aug 2011 16:00:51 +0000 (12:00 -0400)]
ext4: ext4_mkdir should dirty dir_block with newly created directory inode
commit
f9287c1f2d329f4d78a3bbc9cf0db0ebae6f146a upstream.
ext4_mkdir calls ext4_handle_dirty_metadata with dir_block and the inode "dir".
Unfortunately, dir_block belongs to the newly created directory (which is
"inode"), not the parent directory (which is "dir"). Fix the incorrect
association.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Darrick J. Wong [Wed, 31 Aug 2011 15:58:51 +0000 (11:58 -0400)]
ext4: ext4_rename should dirty dir_bh with the correct directory
commit
bcaa992975041e40449be8c010c26192b8c8b409 upstream.
When ext4_rename performs a directory rename (move), dir_bh is a
buffer that is modified to update the '..' link in the directory being
moved (old_inode). However, ext4_handle_dirty_metadata is called with
the old parent directory inode (old_dir) and dir_bh, which is
incorrect because dir_bh does not belong to the parent inode. Fix
this error.
Signed-off-by: Darrick J. Wong <djwong@us.ibm.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Theodore Ts'o [Wed, 31 Aug 2011 15:54:51 +0000 (11:54 -0400)]
ext2,ext3,ext4: don't inherit APPEND_FL or IMMUTABLE_FL for new inodes
commit
1cd9f0976aa4606db8d6e3dc3edd0aca8019372a upstream.
This doesn't make much sense, and it exposes a bug in the kernel where
attempts to create a new file in an append-only directory using
O_CREAT will fail (but still leave a zero-length file). This was
discovered when xfstests #79 was generalized so it could run on all
file systems.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clifton Barnes [Wed, 2 Nov 2011 20:39:55 +0000 (13:39 -0700)]
drivers/power/ds2780_battery.c: fix deadlock upon insertion and removal
commit
0e053fcbbbc4d945247cb32cad2767b483cb65f8 upstream.
Fixes the deadlock when inserting and removing the ds2780.
Signed-off-by: Clifton Barnes <cabarnes@indesign-llc.com>
Cc: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clifton Barnes [Wed, 2 Nov 2011 20:39:52 +0000 (13:39 -0700)]
drivers/power/ds2780_battery.c: add a nolock function to w1 interface
commit
9fe678fa2feb4aaac0b4220de63e1b7f8ccebae6 upstream.
Adds a nolock function to the w1 interface to avoid locking the
mutex if needed.
Signed-off-by: Clifton Barnes <cabarnes@indesign-llc.com>
Cc: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clifton Barnes [Wed, 2 Nov 2011 20:39:50 +0000 (13:39 -0700)]
drivers/power/ds2780_battery.c: create central point for calling w1 interface
commit
853eee72f74f449797f0500ea19fc1bf497428d8 upstream.
Simply creates one point to call the w1 interface.
Signed-off-by: Clifton Barnes <cabarnes@indesign-llc.com>
Cc: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Juan Gutierrez [Tue, 6 Sep 2011 06:30:16 +0000 (09:30 +0300)]
hwspinlock/core: use a mutex to protect the radix tree
commit
93b465c2e186d96fb90012ba0f9372eb9952e732 upstream.
Since we're using non-atomic radix tree allocations, we
should be protecting the tree using a mutex and not a
spinlock.
Non-atomic allocations and process context locking is good enough,
as the tree is manipulated only when locks are registered/
unregistered/requested/freed.
The locks themselves are still protected by spinlocks of course,
and mutexes are not involved in the locking/unlocking paths.
Signed-off-by: Juan Gutierrez <jgutierrez@ti.com>
[ohad@wizery.com: rewrite the commit log, #include mutex.h, add minor
commentary]
[ohad@wizery.com: update register/unregister parts in hwspinlock.txt]
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alexandre Bounine [Wed, 2 Nov 2011 20:39:15 +0000 (13:39 -0700)]
drivers/net/rionet.c: fix ethernet address macros for LE platforms
commit
e0c87bd95e8dad455c23bc56513af8dcb1737e55 upstream.
Modify Ethernet addess macros to be compatible with BE/LE platforms
Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com>
Cc: Chul Kim <chul.kim@idt.com>
Cc: Kumar Gala <galak@kernel.crashing.org>
Cc: Matt Porter <mporter@kernel.crashing.org>
Cc: Li Yang <leoli@freescale.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Johannes Berg [Thu, 3 Nov 2011 12:46:08 +0000 (13:46 +0100)]
iwlagn: do not use interruptible waits
Upstream commit
effd4d9aece9184f526e6556786a94d335e38b71.
Since the dawn of its time, iwlwifi has used
interruptible waits to wait for synchronous
commands and firmware loading.
This leads to "interesting" bugs, because it
can't actually handle the interruptions; for
example when a command sending is interrupted
it will assume the command completed fully,
and then leave it pending, which leads to all
kinds of trouble when the command finishes
later.
Since there's no easy way to gracefully deal
with interruptions, fix the driver to not use
interruptible waits.
This at least fixes the error
iwlagn 0000:02:00.0: Error: Response NULL in 'REPLY_SCAN_ABORT_CMD'
I have seen in P2P testing, but it is likely
that there are other errors caused by this.
Cc: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Torvalds [Sat, 6 Aug 2011 18:51:33 +0000 (11:51 -0700)]
vfs: show O_CLOEXE bit properly in /proc/<pid>/fdinfo/<fd> files
commit
1117f72ea0217ba0cc19f05adbbd8b9a397f5ab7 upstream.
The CLOEXE bit is magical, and for performance (and semantic) reasons we
don't actually maintain it in the file descriptor itself, but in a
separate bit array. Which means that when we show f_flags, the CLOEXE
status is shown incorrectly: we show the status not as it is now, but as
it was when the file was opened.
Fix that by looking up the bit properly in the 'fdt->close_on_exec' bit
array.
Uli needs this in order to re-implement the pfiles program:
"For normal file descriptors (not sockets) this was the last piece of
information which wasn't available. This is all part of my 'give
Solaris users no reason to not switch' effort. I intend to offer the
code to the util-linux-ng maintainers."
Requested-by: Ulrich Drepper <drepper@akkadia.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Kosina [Wed, 2 Nov 2011 20:37:41 +0000 (13:37 -0700)]
binfmt_elf: fix PIE execution with randomization disabled
commit
a3defbe5c337dbc6da911f8cc49ae3cc3b49b453 upstream.
The case of address space randomization being disabled in runtime through
randomize_va_space sysctl is not treated properly in load_elf_binary(),
resulting in SIGKILL coming at exec() time for certain PIE-linked binaries
in case the randomization has been disabled at runtime prior to calling
exec().
Handle the randomize_va_space == 0 case the same way as if we were not
supporting .text randomization at all.
Based on original patch by H.J. Lu and Josh Boyer.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: H.J. Lu <hongjiu.lu@intel.com>
Cc: <stable@kernel.org>
Tested-by: Josh Boyer <jwboyer@redhat.com>
Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andrea Arcangeli [Wed, 2 Nov 2011 20:36:59 +0000 (13:36 -0700)]
mm: thp: tail page refcounting fix
commit
70b50f94f1644e2aa7cb374819cfd93f3c28d725 upstream.
Michel while working on the working set estimation code, noticed that
calling get_page_unless_zero() on a random pfn_to_page(random_pfn)
wasn't safe, if the pfn ended up being a tail page of a transparent
hugepage under splitting by __split_huge_page_refcount().
He then found the problem could also theoretically materialize with
page_cache_get_speculative() during the speculative radix tree lookups
that uses get_page_unless_zero() in SMP if the radix tree page is freed
and reallocated and get_user_pages is called on it before
page_cache_get_speculative has a chance to call get_page_unless_zero().
So the best way to fix the problem is to keep page_tail->_count zero at
all times. This will guarantee that get_page_unless_zero() can never
succeed on any tail page. page_tail->_mapcount is guaranteed zero and
is unused for all tail pages of a compound page, so we can simply
account the tail page references there and transfer them to
tail_page->_count in __split_huge_page_refcount() (in addition to the
head_page->_mapcount).
While debugging this s/_count/_mapcount/ change I also noticed get_page is
called by direct-io.c on pages returned by get_user_pages. That wasn't
entirely safe because the two atomic_inc in get_page weren't atomic. As
opposed to other get_user_page users like secondary-MMU page fault to
establish the shadow pagetables would never call any superflous get_page
after get_user_page returns. It's safer to make get_page universally safe
for tail pages and to use get_page_foll() within follow_page (inside
get_user_pages()). get_page_foll() is safe to do the refcounting for tail
pages without taking any locks because it is run within PT lock protected
critical sections (PT lock for pte and page_table_lock for
pmd_trans_huge).
The standard get_page() as invoked by direct-io instead will now take
the compound_lock but still only for tail pages. The direct-io paths
are usually I/O bound and the compound_lock is per THP so very
finegrined, so there's no risk of scalability issues with it. A simple
direct-io benchmarks with all lockdep prove locking and spinlock
debugging infrastructure enabled shows identical performance and no
overhead. So it's worth it. Ideally direct-io should stop calling
get_page() on pages returned by get_user_pages(). The spinlock in
get_page() is already optimized away for no-THP builds but doing
get_page() on tail pages returned by GUP is generally a rare operation
and usually only run in I/O paths.
This new refcounting on page_tail->_mapcount in addition to avoiding new
RCU critical sections will also allow the working set estimation code to
work without any further complexity associated to the tail page
refcounting with THP.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reported-by: Michel Lespinasse <walken@google.com>
Reviewed-by: Michel Lespinasse <walken@google.com>
Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Hugh Dickins <hughd@google.com>
Cc: Johannes Weiner <jweiner@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Vrabel [Fri, 30 Sep 2011 06:37:51 +0000 (06:37 +0000)]
net: xen-netback: correctly restart Tx after a VM restore/migrate
[ Upstream commit
d0e5d83284dac15c015bb48115b6780f5a6413cd ]
If a VM is saved and restored (or migrated) the netback driver will no
longer process any Tx packets from the frontend. xenvif_up() does not
schedule the processing of any pending Tx requests from the front end
because the carrier is off. Without this initial kick the frontend
just adds Tx requests to the ring without raising an event (until the
ring is full).
This was caused by
47103041e91794acdbc6165da0ae288d844c820b (net:
xen-netback: convert to hw_features) which reordered the calls to
xenvif_up() and netif_carrier_on() in xenvif_connect().
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Willem de Bruijn [Fri, 30 Sep 2011 10:38:28 +0000 (10:38 +0000)]
make PACKET_STATISTICS getsockopt report consistently between ring and non-ring
[ Upstream commit
7091fbd82cd5686444ffe9935ed6a8190101fe9d ]
This is a minor change.
Up until kernel 2.6.32, getsockopt(fd, SOL_PACKET, PACKET_STATISTICS,
...) would return total and dropped packets since its last invocation. The
introduction of socket queue overflow reporting [1] changed drop
rate calculation in the normal packet socket path, but not when using a
packet ring. As a result, the getsockopt now returns different statistics
depending on the reception method used. With a ring, it still returns the
count since the last call, as counts are incremented in tpacket_rcv and
reset in getsockopt. Without a ring, it returns 0 if no drops occurred
since the last getsockopt and the total drops over the lifespan of
the socket otherwise. The culprit is this line in packet_rcv, executed
on a drop:
drop_n_acct:
po->stats.tp_drops = atomic_inc_return(&sk->sk_drops);
As it shows, the new drop number it taken from the socket drop counter,
which is not reset at getsockopt. I put together a small example
that demonstrates the issue [2]. It runs for 10 seconds and overflows
the queue/ring on every odd second. The reported drop rates are:
ring: 16, 0, 16, 0, 16, ...
non-ring: 0, 15, 0, 30, 0, 46, 0, 60, 0 , 74.
Note how the even ring counts monotonically increase. Because the
getsockopt adds tp_drops to tp_packets, total counts are similarly
reported cumulatively. Long story short, reinstating the original code, as
the below patch does, fixes the issue at the cost of additional per-packet
cycles. Another solution that does not introduce per-packet overhead
is be to keep the current data path, record the value of sk_drops at
getsockopt() at call N in a new field in struct packetsock and subtract
that when reporting at call N+1. I'll be happy to code that, instead,
it's just more messy.
[1] http://patchwork.ozlabs.org/patch/35665/
[2] http://kernel.googlecode.com/files/test-packetsock-getstatistics.c
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Yan, Zheng [Sun, 25 Sep 2011 02:21:30 +0000 (02:21 +0000)]
ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket
[ Upstream commit
676a1184e8afd4fed7948232df1ff91517400859 ]
ipv6_ac_list and ipv6_fl_list from listening socket are inadvertently
shared with new socket created for connection.
Signed-off-by: Zheng Yan <zheng.z.yan@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Pirko [Tue, 11 Oct 2011 23:00:41 +0000 (23:00 +0000)]
tg3: negate USE_PHYLIB flag check
[ Upstream commit
e730c82347b9dc75914da998c44c3f348965db41 ]
USE_PHYLIB flag in tg3_remove_one() is being checked incorrectly. This
results tg3_phy_fini->phy_disconnect is never called and when tg3 module
is removed.
In my case this resulted in panics in phy_state_machine calling function
phydev->adjust_link.
So correct this check.
Signed-off-by: Jiri Pirko <jpirko@redhat.com>
Acked-by: Matt Carlson <mcarlson@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Yan, Zheng [Sun, 2 Oct 2011 04:21:50 +0000 (04:21 +0000)]
tcp: properly update lost_cnt_hint during shifting
[ Upstream commit
1e5289e121372a3494402b1b131b41bfe1cf9b7f ]
lost_skb_hint is used by tcp_mark_head_lost() to mark the first unhandled skb.
lost_cnt_hint is the number of packets or sacked packets before the lost_skb_hint;
When shifting a skb that is before the lost_skb_hint, if tcp_is_fack() is ture,
the skb has already been counted in the lost_cnt_hint; if tcp_is_fack() is false,
tcp_sacktag_one() will increase the lost_cnt_hint. So tcp_shifted_skb() does not
need to adjust the lost_cnt_hint by itself. When shifting a skb that is equal to
lost_skb_hint, the shifted packets will not be counted by tcp_mark_head_lost().
So tcp_shifted_skb() should adjust the lost_cnt_hint even tcp_is_fack(tp) is true.
Signed-off-by: Zheng Yan <zheng.z.yan@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Yan, Zheng [Thu, 29 Sep 2011 17:10:10 +0000 (17:10 +0000)]
tcp: properly handle md5sig_pool references
[ Upstream commit
260fcbeb1ae9e768a44c9925338fbacb0d7e5ba9 ]
tcp_v4_clear_md5_list() assumes that multiple tcp md5sig peers
only hold one reference to md5sig_pool. but tcp_v4_md5_do_add()
increases use count of md5sig_pool for each peer. This patch
makes tcp_v4_md5_do_add() only increases use count for the first
tcp md5sig peer.
Signed-off-by: Zheng Yan <zheng.z.yan@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Gao feng [Tue, 11 Oct 2011 16:08:11 +0000 (16:08 +0000)]
netconsole: enable netconsole can make net_device refcnt incorrent
[ Upstream commit
d5123480b1d6f7d1a5fe1a13520cef88fb5d4c84 ]
There is no check if netconsole is enabled current.
so when exec echo 1 > enabled;
the reference of net_device will increment always.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Acked-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Ward [Sun, 18 Sep 2011 12:53:20 +0000 (12:53 +0000)]
macvlan/macvtap: Fix unicast between macvtap interfaces in bridge mode
[ Upstream commit
cb2d0f3e968bff7c6d262aca3e3ab8d4184e69b2 ]
Packets should always be forwarded to the lowerdev using dev_forward_skb.
vlan->forward is for packets being forwarded directly to another macvlan/
macvtap device (used for multicast in bridge mode).
Reported-and-tested-by: Shlomo Pongratz <shlomop@mellanox.com>
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Fri, 7 Oct 2011 05:35:46 +0000 (05:35 +0000)]
l2tp: fix a potential skb leak in l2tp_xmit_skb()
[ Upstream commit
835acf5da239b91edb9f7ebe36516999e156e6ee ]
l2tp_xmit_skb() can leak one skb if skb_cow_head() returns an error.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Yan, Zheng [Sat, 22 Oct 2011 21:58:20 +0000 (21:58 +0000)]
ipv4: fix ipsec forward performance regression
[ Upstream commit
b73233960a59ee66e09d642f13d0592b13651e94 ]
There is bug in commit
5e2b61f(ipv4: Remove flowi from struct rtable).
It makes xfrm4_fill_dst() modify wrong data structure.
Signed-off-by: Zheng Yan <zheng.z.yan@intel.com>
Reported-by: Kim Phillips <kim.phillips@freescale.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Oliver Hartkopp [Fri, 23 Sep 2011 08:23:47 +0000 (08:23 +0000)]
can bcm: fix tx_setup off-by-one errors
[ Upstream commit
aabdcb0b553b9c9547b1a506b34d55a764745870 ]
This patch fixes two off-by-one errors that canceled each other out.
Checking for the same condition two times in bcm_tx_timeout_tsklet() reduced
the count of frames to be sent by one. This did not show up the first time
tx_setup is invoked as an additional frame is sent due to TX_ANNONCE.
Invoking a second tx_setup on the same item led to a reduced (by 1) number of
sent frames.
Reported-by: Andre Naujoks <nautsch@gmail.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
stephen hemminger [Thu, 6 Oct 2011 11:19:41 +0000 (11:19 +0000)]
bridge: fix hang on removal of bridge via netlink
[ Upstream commit
1ce5cce895309862d2c35d922816adebe094fe4a ]
Need to cleanup bridge device timers and ports when being bridge
device is being removed via netlink.
This fixes the problem of observed when doing:
ip link add br0 type bridge
ip link set dev eth1 master br0
ip link set br0 up
ip link del br0
which would cause br0 to hang in unregister_netdev because
of leftover reference count.
Reported-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mitsuo Hayasaka [Wed, 12 Oct 2011 16:04:29 +0000 (16:04 +0000)]
bonding: use local function pointer of bond->recv_probe in bond_handle_frame
[ Upstream commit
4d97480b1806e883eb1c7889d4e7a87e936e06d9 ]
The bond->recv_probe is called in bond_handle_frame() when
a packet is received, but bond_close() sets it to NULL. So,
a panic occurs when both functions work in parallel.
Why this happen:
After null pointer check of bond->recv_probe, an sk_buff is
duplicated and bond->recv_probe is called in bond_handle_frame.
So, a panic occurs when bond_close() is called between the
check and call of bond->recv_probe.
Patch:
This patch uses a local function pointer of bond->recv_probe
in bond_handle_frame(). So, it can avoid the null pointer
dereference.
Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Jay Vosburgh <fubar@us.ibm.com>
Cc: Andy Gospodarek <andy@greyhouse.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: WANG Cong <xiyou.wangcong@gmail.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Thadeu Lima de Souza Cascardo [Wed, 24 Aug 2011 16:14:22 +0000 (13:14 -0300)]
jsm: remove buggy write queue
commit
9d898966c4a07e4a5092215b5a2829d0ef02baa2 upstream.
jsm uses a write queue that copies from uart_core circular buffer. This
copying however has some bugs, like not wrapping the head counter. Since
this write queue is also a circular buffer, the consumer function is
ready to use the uart_core circular buffer directly.
This buggy copying function was making some bytes be dropped when
transmitting to a raw tty, doing something like this.
[root@hostname ~]$ cat /dev/ttyn1 > cascardo/dump &
[1] 2658
[root@hostname ~]$ cat /proc/tty/drivers > /dev/ttyn0
[root@hostname ~]$ cat /proc/tty/drivers
/dev/tty /dev/tty 5 0 system:/dev/tty
/dev/console /dev/console 5 1 system:console
/dev/ptmx /dev/ptmx 5 2 system
/dev/vc/0 /dev/vc/0 4 0 system:vtmaster
jsm /dev/ttyn 250 0-31 serial
serial /dev/ttyS 4 64-95 serial
hvc /dev/hvc 229 0-7 system
pty_slave /dev/pts 136 0-
1048575 pty:slave
pty_master /dev/ptm 128 0-
1048575 pty:master
unknown /dev/tty 4 1-63 console
[root@hostname ~]$ cat cascardo/dump
/dev/tty /dev/tty 5 0 system:/dev/tty
/dev/console /dev/console 5 1 system:console
/dev/ptmx /dev/ptmx 5 2 system
/dev/vc/0 /dev/vc/0 4 0 system:vtmaste[root@hostname ~]$
This patch drops the driver write queue entirely, using the circular
buffer from uart_core only.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Oleg Nesterov [Mon, 26 Sep 2011 17:06:32 +0000 (19:06 +0200)]
ptrace: don't clear GROUP_STOP_SIGMASK on double-stop
[This does not correspond to any specific patch in the upstream tree as it was
fixed accidentally by rewriting the code in the 3.1 release]
https://bugzilla.redhat.com/show_bug.cgi?id=740121
1. Luke Macken triggered WARN_ON(!(group_stop & GROUP_STOP_SIGMASK))
in do_signal_stop().
This is because do_signal_stop() clears GROUP_STOP_SIGMASK part
unconditionally but doesn't update it if task_is_stopped().
2. Looking at this problem I noticed that WARN_ON_ONCE(!ptrace) is
not right, a stopped-but-resumed tracee can clone the untraced
thread in the SIGNAL_STOP_STOPPED group, the new thread can start
another group-stop.
Remove this warning, we need more fixes to make it true.
Reported-by: Luke Macken <lmacken@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Torvalds [Tue, 25 Oct 2011 11:59:48 +0000 (13:59 +0200)]
vfs pathname lookup: Add LOOKUP_AUTOMOUNT flag
Since we've now turned around and made LOOKUP_FOLLOW *not* force an
automount, we want to add the ability to force an automount event on
lookup even if we don't happen to have one of the other flags that force
it implicitly (LOOKUP_OPEN, LOOKUP_DIRECTORY, LOOKUP_PARENT..)
Most cases will never want to use this, since you'd normally want to
delay automounting as long as possible, which usually implies
LOOKUP_OPEN (when we open a file or directory, we really cannot avoid
the automount any more).
But Trond argued sufficiently forcefully that at a minimum bind mounting
a file and quotactl will want to force the automount lookup. Some other
cases (like nfs_follow_remote_path()) could use it too, although
LOOKUP_DIRECTORY would work there as well.
This commit just adds the flag and logic, no users yet, though. It also
doesn't actually touch the LOOKUP_NO_AUTOMOUNT flag that is related, and
was made irrelevant by the same change that made us not follow on
LOOKUP_FOLLOW.
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Ian Kent <raven@themaw.net>
Cc: Jeff Layton <jlayton@redhat.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Tue, 25 Oct 2011 11:59:47 +0000 (13:59 +0200)]
VFS: Fix the remaining automounter semantics regressions
commit
815d405ceff0d6964683f033e18b9b23a88fba87 upstream.
The concensus seems to be that system calls such as stat() etc should
not trigger an automount. Neither should the l* versions.
This patch therefore adds a LOOKUP_AUTOMOUNT flag to tag those lookups
that _should_ trigger an automount on the last path element.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
[ Edited to leave out the cases that are already covered by LOOKUP_OPEN,
LOOKUP_DIRECTORY and LOOKUP_CREATE - all of which also fundamentally
force automounting for their own reasons - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Miklos Szeredi [Tue, 25 Oct 2011 11:59:46 +0000 (13:59 +0200)]
vfs: automount should ignore LOOKUP_FOLLOW
commit
0ec26fd0698285b31248e34bf1abb022c00f23d6 upstream.
Prior to 2.6.38 automount would not trigger on either stat(2) or
lstat(2) on the automount point.
After 2.6.38, with the introduction of the ->d_automount()
infrastructure, stat(2) and others would start triggering automount
while lstat(2), etc. still would not. This is a regression and a
userspace ABI change.
Problem originally reported here:
http://thread.gmane.org/gmane.linux.kernel.autofs/6098
It appears that there was an attempt at fixing various userspace tools
to not trigger the automount. But since the stat system call is
rather common it is impossible to "fix" all userspace.
This patch reverts the original behavior, which is to not trigger on
stat(2) and other symlink following syscalls.
[ It's not really clear what the right behavior is. Apparently Solaris
does the "automount on stat, leave alone on lstat". And some programs
can get unhappy when "stat+open+fstat" ends up giving a different
result from the fstat than from the initial stat.
But the change in 2.6.38 resulted in problems for some people, so
we're going back to old behavior. Maybe we can re-visit this
discussion at some future date - Linus ]
Reported-by: Leonardo Chiquitto <leonardo.lists@gmail.com>
Acked-by: Ian Kent <raven@themaw.net>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Howells [Tue, 25 Oct 2011 11:59:45 +0000 (13:59 +0200)]
VFS: Fix automount for negative autofs dentries
commit
5a30d8a2b8ddd5102c440c7e5a7c8e1fd729c818 upstream.
[ backport for 3.0.x: LOOKUP_PARENT => LOOKUP_CONTINUE by Chuck Ebbert
<cebbert@redhat.com> ]
Autofs may set the DCACHE_NEED_AUTOMOUNT flag on negative dentries. These
need attention from the automounter daemon regardless of the LOOKUP_FOLLOW flag.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andy Whitcroft [Wed, 2 Nov 2011 08:44:39 +0000 (09:44 +0100)]
readlinkat: ensure we return ENOENT for the empty pathname for normal lookups
commit
1fa1e7f615f4d3ae436fa319af6e4eebdd4026a8 upstream.
Since the commit below which added O_PATH support to the *at() calls, the
error return for readlink/readlinkat for the empty pathname has switched
from ENOENT to EINVAL:
commit
65cfc6722361570bfe255698d9cd4dccaf47570d
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Sun Mar 13 15:56:26 2011 -0400
readlinkat(), fchownat() and fstatat() with empty relative pathnames
This is both unexpected for userspace and makes readlink/readlinkat
inconsistant with all other interfaces; and inconsistant with our stated
return for these pathnames.
As the readlinkat call does not have a flags parameter we cannot use the
AT_EMPTY_PATH approach used in the other calls. Therefore expose whether
the original path is infact entry via a new user_path_at_empty() path
lookup function. Use this to determine whether to default to EINVAL or
ENOENT for failures.
Addresses http://bugs.launchpad.net/bugs/817187
[akpm@linux-foundation.org: remove unused getname_flags()]
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard Weinberger [Wed, 2 Nov 2011 12:17:27 +0000 (13:17 +0100)]
um: fix ubd cow size
commit
8535639810e578960233ad39def3ac2157b0c3ec upstream.
ubd_file_size() cannot use ubd_dev->cow.file because at this time
ubd_dev->cow.file is not initialized.
Therefore, ubd_file_size() will always report a wrong disk size when
COW files are used.
Reading from /dev/ubd* would crash the kernel.
We have to read the correct disk size from the COW file's backing
file.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Takashi Iwai [Fri, 14 Oct 2011 13:26:20 +0000 (15:26 +0200)]
ALSA: hda - Fix ADC input-amp handling for Cx20549 codec
commit
6b45214277bec2193ad3ccb8d7aa6100b5a0f1a9 upstream.
It seems that Conexant CX20549 chip handle only a single input-amp even
though the audio-input widget has multiple sources. This has been never
clear, and I implemented in the current way based on the debug information
I got at the early time -- the device reacts individual input-amp values
for different sources. This is true for another Conexant codec, but it's
not applied to CX20549 actually.
This patch changes the auto-parser code to handle a single input-amp
per audio-in widget for CX20549. After applying this, you'll see only a
single "Capture" volume control instead of separate "Mic" or "Line"
captures when the device is set up to use a single ADC.
We haven't tested 20551 and 20561 codecs yet. If these show the similar
behavior like 20549, they need to set spec->single_adc_amp=1, too.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mitsuo Hayasaka [Tue, 1 Nov 2011 00:08:13 +0000 (17:08 -0700)]
mm: avoid null pointer access in vm_struct via /proc/vmallocinfo
commit
f5252e009d5b87071a919221e4f6624184005368 upstream.
The /proc/vmallocinfo shows information about vmalloc allocations in
vmlist that is a linklist of vm_struct. It, however, may access pages
field of vm_struct where a page was not allocated. This results in a null
pointer access and leads to a kernel panic.
Why this happens: In __vmalloc_node_range() called from vmalloc(), newly
allocated vm_struct is added to vmlist at __get_vm_area_node() and then,
some fields of vm_struct such as nr_pages and pages are set at
__vmalloc_area_node(). In other words, it is added to vmlist before it is
fully initialized. At the same time, when the /proc/vmallocinfo is read,
it accesses the pages field of vm_struct according to the nr_pages field
at show_numa_info(). Thus, a null pointer access happens.
The patch adds the newly allocated vm_struct to the vmlist *after* it is
fully initialized. So, it can avoid accessing the pages field with
unallocated page when show_numa_info() is called.
Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Namhyung Kim <namhyung@gmail.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Walleij [Fri, 12 Aug 2011 11:54:42 +0000 (13:54 +0200)]
ARM: mach-ux500: unlock I&D l2x0 caches before init
commit
1bf6d2c1bb23533af6930581cc39b74685bc29de upstream.
Apparently U8500 U-Boot versions may leave the l2x0 locked down
before executing the kernel. Make sure we unlock it before we
initialize the l2x0. This fixes a performance problem reported
by Jan Rinze.
The l2x0 core has been modified to unlock the l2x0 by default,
but it will not touch the locking registers if the l2x0 was
already enabled, as on the ux500, so we need this quirk to
make sure it is properly turned off.
Cc: Srinidhi Kasagar <srinidhi.kasagar@stericsson.com>
Cc: Rabin Vincent <rabin.vincent@stericsson.com>
Cc: Adrian Bunk <adrian.bunk@movial.com>
Reported-by: Jan Rinze <janrinze@gmail.com>
Tested-by: Robert Marklund <robert.marklund@stericsson.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Paul Fertser [Mon, 10 Oct 2011 07:19:23 +0000 (11:19 +0400)]
plat-mxc: iomux-v3.h: implicitly enable pull-up/down when that's desired
commit
6571534b600b8ca1936ff5630b9e0947f21faf16 upstream.
To configure pads during the initialisation a set of special constants
is used, e.g.
#define MX25_PAD_FEC_MDIO__FEC_MDIO IOMUX_PAD(0x3c4, 0x1cc, 0x10, 0, 0, PAD_CTL_HYS | PAD_CTL_PUS_22K_UP)
The problem is that no pull-up/down is getting activated unless both
PAD_CTL_PUE (pull-up enable) and PAD_CTL_PKE (pull/keeper module
enable) set. This is clearly stated in the i.MX25 datasheet and is
confirmed by the measurements on hardware. This leads to some rather
hard to understand bugs such as misdetecting an absent ethernet PHY (a
real bug i had), unstable data transfer etc. This might affect mx25,
mx35, mx50, mx51 and mx53 SoCs.
It's reasonable to expect that if the pullup value is specified, the
intention was to have it actually active, so we implicitly add the
needed bits.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andrew Morton [Tue, 1 Nov 2011 00:06:32 +0000 (17:06 -0700)]
/proc/self/numa_maps: restore "huge" tag for hugetlb vmas
commit
fc360bd9cdcf875639a77f07fafec26699c546f3 upstream.
The display of the "huge" tag was accidentally removed in
29ea2f698 ("mm:
use walk_page_range() instead of custom page table walking code").
Reported-by: Stephen Hemminger <shemminger@vyatta.com>
Tested-by: Stephen Hemminger <shemminger@vyatta.com>
Reviewed-by: Stephen Wilson <wilsons@start.ca>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Hugh Dickins <hughd@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mauro Carvalho Chehab [Thu, 28 Jul 2011 19:38:54 +0000 (16:38 -0300)]
tuner_xc2028: Allow selection of the frequency adjustment code for XC3028
commit
9bed77ee2fb46b74782d0d9d14b92e9d07f3df6e upstream.
This device is not using the proper demod IF. Instead of using the
IF macro, it is specifying a IF frequency. This doesn't work, as xc3028
needs to load an specific SCODE for the tuner. In this case, there's
no IF table for 5 MHz.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Olivier Grenie [Mon, 1 Aug 2011 15:45:58 +0000 (12:45 -0300)]
dib0700: protect the dib0700 buffer access
commit
bff469f4167fdabfe15294f375577d7eadbaa1bb upstream.
This patch protects the common buffer access inside the dib0700 in order
to manage concurrent access. This protection is done using mutex.
Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Cc: Florian Mickler <florian@mickler.org>
Signed-off-by: Javier Marcet <javier@marcet.info>
Signed-off-by: Olivier Grenie <olivier.grenie@dibcom.fr>
Signed-off-by: Patrick Boettcher <patrick.boettcher@dibcom.fr>
[mchehab@redhat.com: dprint requires 3 arguments. Replaced by dib_info]
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Patrick Boettcher [Wed, 3 Aug 2011 15:08:21 +0000 (12:08 -0300)]
DiBcom: protect the I2C bufer access
commit
79fcce3230b140f7675f8529ee53fe2f9644f902 upstream.
This patch protects the I2C buffer access in order to manage concurrent
access. This protection is done using mutex.
Furthermore, for the dib9000, if a pid filtering command is
received during the tuning, this pid filtering command is delayed to
avoid any concurrent access issue.
Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Cc: Florian Mickler <florian@mickler.org>
Signed-off-by: Olivier Grenie <olivier.grenie@dibcom.fr>
Signed-off-by: Patrick Boettcher <Patrick.Boettcher@dibcom.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ming Lei [Sat, 16 Jul 2011 03:51:00 +0000 (00:51 -0300)]
uvcvideo: Set alternate setting 0 on resume if the bus has been reset
commit
d59a7b1dbce8b972ec2dc9fcaaae0bfa23687423 upstream.
If the bus has been reset on resume, set the alternate setting to 0.
This should be the default value, but some devices crash or otherwise
misbehave if they don't receive a SET_INTERFACE request before any other
video control request.
Microdia's 0c45:6437 camera has been found to require this change or it
will stop sending video data after resume.
uvc_video.c]
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Florian Tobias Schandinat [Mon, 6 Jun 2011 01:27:34 +0000 (01:27 +0000)]
viafb: improve pitch handling
commit
936a3f770b8de7042d793272f008ef1bb08522e9 upstream.
This patch adds checks for minimum and maximum pitch size to prevent
invalid settings which could otherwise crash the machine. Also the
alignment is done in a slightly more readable way.
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Florian Tobias Schandinat [Mon, 23 May 2011 21:39:58 +0000 (21:39 +0000)]
viafb: use display information in info not in var for panning
commit
d933990c57b498c092ceef591c7c5d69dbfe9f30 upstream.
As Laurent pointed out we must not use any information in the passed
var besides xoffset, yoffset and vmode as otherwise applications
might abuse it. Also use the aligned fix.line_length and not the
(possible) unaligned xres_virtual.
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Reported-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Bruno Prémont [Fri, 2 Sep 2011 17:24:03 +0000 (19:24 +0200)]
fb: sh-mobile: Fix deadlock risk between lock_fb_info() and console_lock()
commit
4a47a0e09c504e3ce0ccdb405411aefc5b09deb8 upstream.
Following on Herton's patch "fb: avoid possible deadlock caused by
fb_set_suspend" which moves lock_fb_info() out of fb_set_suspend()
to its callers, correct sh-mobile's locking around call to
fb_set_suspend() and the same sort of deaklocks with console_lock()
due to order of taking the lock.
console_lock() must be taken while fb_info is already locked and fb_info
must be locked while calling fb_set_suspend().
Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Herton Ronaldo Krzesinski [Fri, 17 Jun 2011 19:02:39 +0000 (19:02 +0000)]
fb: avoid possible deadlock caused by fb_set_suspend
commit
9e769ff3f585db8f978f9113be83d36c7e3965dd upstream.
A lock ordering issue can cause deadlocks: in framebuffer/console code,
all needed struct fb_info locks are taken before acquire_console_sem(),
in places which need to take console semaphore.
But fb_set_suspend is always called with console semaphore held, and
inside it we call lock_fb_info which gets the fb_info lock, inverse
locking order of what the rest of the code does. This causes a real
deadlock issue, when we write to state fb sysfs attribute (which calls
fb_set_suspend) while a framebuffer is being unregistered by
remove_conflicting_framebuffers, as can be shown by following show
blocked state trace on a test program which loads i915 and runs another
forked processes writing to state attribute:
Test process with semaphore held and trying to get fb_info lock:
..
fb-test2 D
0000000000000000 0 237 228 0x00000000
ffff8800774f3d68 0000000000000082 00000000000135c0 00000000000135c0
ffff880000000000 ffff8800774f3fd8 ffff8800774f3fd8 ffff880076ee4530
00000000000135c0 ffff8800774f3fd8 ffff8800774f2000 00000000000135c0
Call Trace:
[<
ffffffff8141287a>] __mutex_lock_slowpath+0x11a/0x1e0
[<
ffffffff814142f2>] ? _raw_spin_lock_irq+0x22/0x40
[<
ffffffff814123d3>] mutex_lock+0x23/0x50
[<
ffffffff8125dfc5>] lock_fb_info+0x25/0x60
[<
ffffffff8125e3f0>] fb_set_suspend+0x20/0x80
[<
ffffffff81263e2f>] store_fbstate+0x4f/0x70
[<
ffffffff812e7f70>] dev_attr_store+0x20/0x30
[<
ffffffff811c46b4>] sysfs_write_file+0xd4/0x160
[<
ffffffff81155a26>] vfs_write+0xc6/0x190
[<
ffffffff81155d51>] sys_write+0x51/0x90
[<
ffffffff8100c012>] system_call_fastpath+0x16/0x1b
..
modprobe process stalled because has the fb_info lock (got inside
unregister_framebuffer) but waiting for the semaphore held by the
test process which is waiting to get the fb_info lock:
..
modprobe D
0000000000000000 0 230 218 0x00000000
ffff880077a4d618 0000000000000082 0000000000000001 0000000000000001
ffff880000000000 ffff880077a4dfd8 ffff880077a4dfd8 ffff8800775a2e20
00000000000135c0 ffff880077a4dfd8 ffff880077a4c000 00000000000135c0
Call Trace:
[<
ffffffff81411fe5>] schedule_timeout+0x215/0x310
[<
ffffffff81058051>] ? get_parent_ip+0x11/0x50
[<
ffffffff814130dd>] __down+0x6d/0xb0
[<
ffffffff81089f71>] down+0x41/0x50
[<
ffffffff810629ac>] acquire_console_sem+0x2c/0x50
[<
ffffffff812ca53d>] unbind_con_driver+0xad/0x2d0
[<
ffffffff8126f5f7>] fbcon_event_notify+0x457/0x890
[<
ffffffff814144ff>] ? _raw_spin_unlock_irqrestore+0x1f/0x50
[<
ffffffff81058051>] ? get_parent_ip+0x11/0x50
[<
ffffffff8141836d>] notifier_call_chain+0x4d/0x70
[<
ffffffff8108a3b8>] __blocking_notifier_call_chain+0x58/0x80
[<
ffffffff8108a3f6>] blocking_notifier_call_chain+0x16/0x20
[<
ffffffff8125dabb>] fb_notifier_call_chain+0x1b/0x20
[<
ffffffff8125e6ac>] unregister_framebuffer+0x7c/0x130
[<
ffffffff8125e8b3>] remove_conflicting_framebuffers+0x153/0x180
[<
ffffffff8125eef3>] register_framebuffer+0x93/0x2c0
[<
ffffffffa0331112>] drm_fb_helper_single_fb_probe+0x252/0x2f0 [drm_kms_helper]
[<
ffffffffa03314a3>] drm_fb_helper_initial_config+0x2f3/0x6d0 [drm_kms_helper]
[<
ffffffffa03318dd>] ? drm_fb_helper_single_add_all_connectors+0x5d/0x1c0 [drm_kms_helper]
[<
ffffffffa037b588>] intel_fbdev_init+0xa8/0x160 [i915]
[<
ffffffffa0343d74>] i915_driver_load+0x854/0x12b0 [i915]
[<
ffffffffa02f0e7e>] drm_get_pci_dev+0x19e/0x360 [drm]
[<
ffffffff8141821d>] ? sub_preempt_count+0x9d/0xd0
[<
ffffffffa0386f91>] i915_pci_probe+0x15/0x17 [i915]
[<
ffffffff8124481f>] local_pci_probe+0x5f/0xd0
[<
ffffffff81244f89>] pci_device_probe+0x119/0x120
[<
ffffffff812eccaa>] ? driver_sysfs_add+0x7a/0xb0
[<
ffffffff812ed003>] driver_probe_device+0xa3/0x290
[<
ffffffff812ed1f0>] ? __driver_attach+0x0/0xb0
[<
ffffffff812ed29b>] __driver_attach+0xab/0xb0
[<
ffffffff812ed1f0>] ? __driver_attach+0x0/0xb0
[<
ffffffff812ebd3e>] bus_for_each_dev+0x5e/0x90
[<
ffffffff812ecc2e>] driver_attach+0x1e/0x20
[<
ffffffff812ec6f2>] bus_add_driver+0xe2/0x320
[<
ffffffffa03aa000>] ? i915_init+0x0/0x96 [i915]
[<
ffffffff812ed536>] driver_register+0x76/0x140
[<
ffffffffa03aa000>] ? i915_init+0x0/0x96 [i915]
[<
ffffffff81245216>] __pci_register_driver+0x56/0xd0
[<
ffffffffa02f1264>] drm_pci_init+0xe4/0xf0 [drm]
[<
ffffffffa03aa000>] ? i915_init+0x0/0x96 [i915]
[<
ffffffffa02e84a8>] drm_init+0x58/0x70 [drm]
[<
ffffffffa03aa094>] i915_init+0x94/0x96 [i915]
[<
ffffffff81002194>] do_one_initcall+0x44/0x190
[<
ffffffff810a066b>] sys_init_module+0xcb/0x210
[<
ffffffff8100c012>] system_call_fastpath+0x16/0x1b
..
fb-test2 which reproduces above is available on kernel.org bug #26232.
To solve this issue, avoid calling lock_fb_info inside fb_set_suspend,
and move it out to where needed (callers of fb_set_suspend must call
lock_fb_info before if needed). So far, the only place which needs to
call lock_fb_info is store_fbstate, all other places which calls
fb_set_suspend are suspend/resume hooks that should not need the lock as
they should be run only when processes are already frozen in
suspend/resume.
References: https://bugzilla.kernel.org/show_bug.cgi?id=26232
Signed-off-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br>
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jean Delvare [Fri, 8 Jul 2011 09:04:38 +0000 (11:04 +0200)]
carminefb: Fix module parameters permissions
commit
c84c14224bbca6ec60d5851fcc87be0e34df2f44 upstream.
The third parameter of module_param is supposed to be an octal value.
The missing leading "0" causes the following:
$ ls -l /sys/module/carminefb/parameters/
total 0
-rw-rwxr-- 1 root root 4096 Jul 8 08:55 fb_displays
-rw-rwxr-- 1 root root 4096 Jul 8 08:55 fb_mode
-rw-rwxr-- 1 root root 4096 Jul 8 08:55 fb_mode_str
After fixing the perm parameter, we get the expected:
$ ls -l /sys/module/carminefb/parameters/
total 0
-r--r--r-- 1 root root 4096 Jul 8 08:56 fb_displays
-r--r--r-- 1 root root 4096 Jul 8 08:56 fb_mode
-r--r--r-- 1 root root 4096 Jul 8 08:56 fb_mode_str
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: Sebastian Siewior <bigeasy@linutronix.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Joerg Roedel [Tue, 11 Oct 2011 15:41:32 +0000 (17:41 +0200)]
iommu/amd: Fix wrong shift direction
commit
fcd0861db1cf4e6ed99f60a815b7b72c2ed36ea4 upstream.
The shift direction was wrong because the function takes a
page number and i is the address is the loop.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dmitry Torokhov [Wed, 7 Sep 2011 22:00:02 +0000 (15:00 -0700)]
WMI: properly cleanup devices to avoid crashes
commit
023b9565972a4a5e0f01b9aa32680af6e9b5c388 upstream.
We need to remove devices that we destroy from the list, otherwise
we'll crash if there are more than one "_WDG" methods in DSDT.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=32052
Tested-by: Ilya Tumaykin <librarian_rus@yahoo.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Acked-by: Carlos Corbacho <carlos@strangeworlds.co.uk>
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sebastian Ott [Sun, 30 Oct 2011 14:16:52 +0000 (15:16 +0100)]
ccwgroup: move attributes to attribute group
commit
dbdf1afcaaabe83dea15a3cb9b9013e73ae3b1ad upstream.
Put sysfs attributes of ccwgroup devices in an attribute group to
ensure that these attributes are actually present when userspace
is notified via uevents.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Martin Schwidefsky [Sun, 30 Oct 2011 14:16:08 +0000 (15:16 +0100)]
memory leak with RCU_TABLE_FREE
commit
e73b7fffe487c315fd1a4fa22282e3362b440a06 upstream.
The rcu page table free code uses a couple of bits in the page table
pointer passed to tlb_remove_table to discern the different page table
types. __tlb_remove_table extracts the type with an incorrect mask which
leads to memory leaks. The correct mask is ((FRAG_MASK << 4) | FRAG_MASK).
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Martin Schwidefsky [Sun, 30 Oct 2011 14:16:07 +0000 (15:16 +0100)]
user per registers vs. ptrace single stepping
commit
a45aff5285871bf7be1781d9462d3fdbb6c913f9 upstream.
git commit
5e9a2692 "[S390] ptrace cleanup" introduced a regression
for the case when both a user PER set (e.g. a storage alteration trace) and
PTRACE_SINGLESTEP are active. The new code will overrule the user PER set
with a instruction-fetch PER set over the whole address space for ptrace
single stepping. The inferior process will be stopped after each instruction
with an instruction fetch event. Any other events that may have occurred
concurrently are not reported (e.g. storage alteration event) because the
control bits for them are not set. The solution is to merge the PER control
bits of the user PER set with the PER_EVENT_IFETCH control bit for
PTRACE_SINGLESTEP.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Carsten Otte [Tue, 18 Oct 2011 10:27:12 +0000 (12:27 +0200)]
KVM: s390: check cpu_id prior to using it
commit
4d47555a80495657161a7e71ec3014ff2021e450 upstream.
We use the cpu id provided by userspace as array index here. Thus we
clearly need to check it first. Ooops.
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Susan Gao [Thu, 29 Sep 2011 10:08:18 +0000 (11:08 +0100)]
ASoC: Fix a bug in WM8962 DSP_A and DSP_B settings
commit
fbc7c62a3ff831aef24894b7982cd1adb2b7e070 upstream.
Signed-off-by: Susan Gao <sgao@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmico.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mark Brown [Fri, 23 Sep 2011 20:26:33 +0000 (21:26 +0100)]
ASoC: Remove direct register cache accesses from WM8962 driver
commit
38f3f31a0a797bdbcc0cdb12553bbecc2f9a91c4 upstream.
Also fix return values for speaker switch updates.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Axel Lin [Thu, 20 Oct 2011 04:13:24 +0000 (12:13 +0800)]
ASoC: wm8994: Use SND_SOC_DAPM_AIF_OUT for AIF3 Capture
commit
35024f4922f7b271e7529673413889aa3d51c5fc upstream.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Liam Girdwood <lrg@ti.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Axel Lin [Thu, 13 Oct 2011 09:17:06 +0000 (17:17 +0800)]
ASoC: ak4535: fixup cache register table
commit
7c04241acbdaf97f1448dcccd27ea0fcd1a57684 upstream.
ak4535_reg should be 8bit, but cache table is defined as 16bit.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kuninori Morimoto [Thu, 13 Oct 2011 09:03:54 +0000 (02:03 -0700)]
ASoC: ak4642: fixup cache register table
commit
19b115e523208a926813751aac8934cf3fc6085e upstream.
ak4642 register was 8bit, but cache table was defined as 16bit.
ak4642 doesn't work correctry without this patch.
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Axel Lin [Mon, 17 Oct 2011 12:14:56 +0000 (20:14 +0800)]
ASoC: wm8741: Fix setting interface format for DSP modes
commit
3a340104fad6ecbea5ad6792a2ea855f0507a6e0 upstream.
According to the datasheet:
Format Control (05h)
BITS[3:2]
FMT[1:0] Audio data format selection
00 = right justified mode
01 = left justified mode
10 = I2S mode
11 = DSP mode
BIT[4] LRP Polarity selec for LRCLK/DSP mode select
0 = normal LRCLK poalrity/DSP mode A
1 = inverted LRCLK poarity/DSP mode B
For SND_SOC_DAIFMT_DSP_A, we should set 0x000C instead of 0x0003.
For SND_SOC_DAIFMT_DSP_B, we should set 0x001C instead of 0x0013.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Liam Girdwood <lrg@ti.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Axel Lin [Wed, 26 Oct 2011 01:53:41 +0000 (09:53 +0800)]
ASoC: wm8940: Properly set codec->dapm.bias_level
commit
5927f94700e860ae27ff24e7f3bc9e4f7b9922eb upstream.
Reported-by: Chris Paulson-Ellis <chris@edesix.com>
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel Vetter [Wed, 28 Sep 2011 09:57:23 +0000 (11:57 +0200)]
io-mapping: ensure io_mapping_map_atomic _is_ atomic
commit
24dd85ff723f142093f44244764b9b5c152235b8 upstream.
For the !HAVE_ATOMIC_IOMAP case the stub functions did not call
pagefault_disable/_enable. The i915 driver relies on the map
actually being atomic, otherwise it can deadlock with it's own
pagefault handler in the gtt pwrite fastpath.
This is exercised by gem_mmap_gtt from the intel-gpu-toosl gem
testsuite.
v2: Chris Wilson noted the lack of an include.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=38115
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Bryan Schumaker [Fri, 7 Oct 2011 17:41:15 +0000 (13:41 -0400)]
vfs: add "device" tag to /proc/self/mountstats
commit
a877ee03ac010ded434b77f7831f43cbb1fcc60f upstream.
nfsiostat was failing to find mounted filesystems on kernels after
2.6.38 because of changes to show_vfsstat() by commit
c7f404b40a3665d9f4e9a927cc5c1ee0479ed8f9. This patch adds back the
"device" tag before the nfs server entry so scripts can parse the
mountstats file correctly.
Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Thu, 28 Jul 2011 02:21:58 +0000 (22:21 -0400)]
hppfs: missing include
commit
d6b722aa383a467a43d09ee38e866981abba08ab upstream.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Mon, 10 Oct 2011 21:34:31 +0000 (17:34 -0400)]
nfsd4: ignore WANT bits in open downgrade
commit
c30e92df30d7d5fe65262fbce5d1b7de675fe34e upstream.
We don't use WANT bits yet--and sending them can probably trigger a
BUG() further down.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Mon, 19 Sep 2011 19:07:41 +0000 (15:07 -0400)]
nfsd4: fix open downgrade, again
commit
3d02fa29dec920c597dd7b7db608a4bc71f088ce upstream.
Yet another open-management regression:
- nfs4_file_downgrade() doesn't remove the BOTH access bit on
downgrade, so the server's idea of the stateid's access gets
out of sync with the client's. If we want to keep an O_RDWR
open in this case, we should do that in the file_put_access
logic rather than here.
- We forgot to convert v4 access to an open mode here.
This logic has proven too hard to get right. In the future we may
consider:
- reexamining the lock/openowner relationship (locks probably
don't really need to take their own references here).
- adding open upgrade/downgrade support to the vfs.
- removing the atomic operations. They're redundant as long as
this is all under some other lock.
Also, maybe some kind of additional static checking would help catch
O_/NFS4_SHARE_ACCESS confusion.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Thu, 25 Aug 2011 14:48:39 +0000 (10:48 -0400)]
nfsd4: permit read opens of executable-only files
commit
a043226bc140a2c1dde162246d68a67e5043e6b2 upstream.
A client that wants to execute a file must be able to read it. Read
opens over nfs are therefore implicitly allowed for executable files
even when those files are not readable.
NFSv2/v3 get this right by using a passed-in NFSD_MAY_OWNER_OVERRIDE on
read requests, but NFSv4 has gotten this wrong ever since
dc730e173785e29b297aa605786c94adaffe2544 "nfsd4: fix owner-override on
open", when we realized that the file owner shouldn't override
permissions on non-reclaim NFSv4 opens.
So we can't use NFSD_MAY_OWNER_OVERRIDE to tell nfsd_permission to allow
reads of executable files.
So, do the same thing we do whenever we encounter another weird NFS
permission nit: define yet another NFSD_MAY_* flag.
The industry's future standardization on 128-bit processors will be
motivated primarily by the need for integers with enough bits for all
the NFSD_MAY_* flags.
Reported-by: Leonardo Borda <leonardoborda@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Wed, 10 Aug 2011 23:16:22 +0000 (19:16 -0400)]
nfsd4: fix seqid_mutating_error
commit
576163005de286bbd418fcb99cfd0971523a0c6d upstream.
The set of errors here does *not* agree with the set of errors specified
in the rfc!
While we're there, turn this macros into a function, for the usual
reasons, and move it to the one place where it's actually used.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Wed, 10 Aug 2011 23:07:33 +0000 (19:07 -0400)]
nfsd4: stop using nfserr_resource for transitory errors
commit
3e77246393c0a433247631a1f0e9ec98d3d78a1c upstream.
The server is returning nfserr_resource for both permanent errors and
for errors (like allocation failures) that might be resolved by retrying
later. Save nfserr_resource for the former and use delay/jukebox for
the latter.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Bernd Schubert [Mon, 8 Aug 2011 15:38:08 +0000 (17:38 +0200)]
nfsd4: Remove check for a 32-bit cookie in nfsd4_readdir()
commit
832023bffb4b493f230be901f681020caf3ed1f8 upstream.
Fan Yong <yong.fan@whamcloud.com> noticed setting
FMODE_32bithash wouldn't work with nfsd v4, as
nfsd4_readdir() checks for 32 bit cookies. However, according to RFC 3530
cookies have a 64 bit type and cookies are also defined as u64 in
'struct nfsd4_readdir'. So remove the test for >32-bit values.
Signed-off-by: Bernd Schubert <bernd.schubert@itwm.fraunhofer.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jeff Layton [Wed, 12 Oct 2011 14:57:42 +0000 (10:57 -0400)]
nfs: don't try to migrate pages with active requests
commit
2da956523526e440ef4f4dd174e26f5ac06fe011 upstream.
nfs_find_and_lock_request will take a reference to the nfs_page and
will then put it if the req is already locked. It's possible though
that the reference will be the last one. That put then can kick off
a whole series of reference puts:
nfs_page
nfs_open_context
dentry
inode
If the inode ends up being deleted, then the VFS will call
truncate_inode_pages. That function will try to take the page lock, but
it was already locked when migrate_page was called. The code
deadlocks.
Fix this by simply refusing the migration request if PagePrivate is
already set, indicating that the page is already associated with an
active read or write request.
We've had a customer test a backported version of this patch and
the preliminary results seem good.
Cc: Andrea Arcangeli <aarcange@redhat.com>
Reported-by: Harshula Jayasuriya <harshula@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ian Campbell [Mon, 3 Oct 2011 14:37:00 +0000 (15:37 +0100)]
genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier
commit
9bab0b7fbaceec47d32db51cd9e59c82fb071f5a upstream.
This adds a mechanism to resume selected IRQs during syscore_resume
instead of dpm_resume_noirq.
Under Xen we need to resume IRQs associated with IPIs early enough
that the resched IPI is unmasked and we can therefore schedule
ourselves out of the stop_machine where the suspend/resume takes
place.
This issue was introduced by
676dc3cf5bc3 "xen: Use IRQF_FORCE_RESUME".
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Jeremy Fitzhardinge <Jeremy.Fitzhardinge@citrix.com>
Cc: xen-devel <xen-devel@lists.xensource.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Link: http://lkml.kernel.org/r/1318713254.11016.52.camel@dagon.hellion.org.uk
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Steven Rostedt [Fri, 14 Oct 2011 14:44:25 +0000 (10:44 -0400)]
tracing: Fix returning of duplicate data after EOF in trace_pipe_raw
commit
436fc280261dcfce5af38f08b89287750dc91cd2 upstream.
The trace_pipe_raw handler holds a cached page from the time the file
is opened to the time it is closed. The cached page is used to handle
the case of the user space buffer being smaller than what was read from
the ring buffer. The left over buffer is held in the cache so that the
next read will continue where the data left off.
After EOF is returned (no more data in the buffer), the index of
the cached page is set to zero. If a user app reads the page again
after EOF, the check in the buffer will see that the cached page
is less than page size and will return the cached page again. This
will cause reading the trace_pipe_raw again after EOF to return
duplicate data, making the output look like the time went backwards
but instead data is just repeated.
The fix is to not reset the index right after all data is read
from the cache, but to reset it after all data is read and more
data exists in the ring buffer.
Reported-by: Jeremy Eder <jeder@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Masami Hiramatsu [Tue, 4 Oct 2011 10:45:04 +0000 (19:45 +0900)]
perf probe: Fix to show correct error string
commit
44a56040a0037a845d5fa218dffde464579f0cab upstream.
Fix perf probe to show correct error string when it
fails to delete an event. The write(2) returns -1
if failed, and errno stores real error number.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Ingo Molnar <mingo@elte.hu>
Link: http://lkml.kernel.org/r/20111004104504.14591.41266.stgit@fedora15
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
NeilBrown [Tue, 25 Oct 2011 23:31:04 +0000 (10:31 +1100)]
md/raid5: fix bug that could result in reads from a failed device.
commit
355840e7a7e56bb2834fd3b0da64da5465f8aeaa upstream.
This bug was introduced in
415e72d034c50520ddb7ff79e7d1792c1306f0c9
which was in 2.6.36.
There is a small window of time between when a device fails and when
it is removed from the array. During this time we might still read
from it, but we won't write to it - so it is possible that we could
read stale data.
We didn't need the test of 'Faulty' before because the test on
In_sync is sufficient. Since we started allowing reads from the early
part of non-In_sync devices we need a test on Faulty too.
This is suitable for any kernel from 2.6.36 onwards, though the patch
might need a bit of tweaking in 3.0 and earlier.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jan Beulich [Wed, 28 Sep 2011 15:44:54 +0000 (16:44 +0100)]
apic, i386/bigsmp: Fix false warnings regarding logical APIC ID mismatches
commit
838312be46f3abfbdc175f81c3e54a857994476d upstream.
These warnings (generally one per CPU) are a result of
initializing x86_cpu_to_logical_apicid while apic_default is
still in use, but the check in setup_local_APIC() being done
when apic_bigsmp was already used as an override in
default_setup_apic_routing():
Overriding APIC driver with bigsmp
Enabling APIC mode: Physflat. Using 5 I/O APICs
------------[ cut here ]------------
WARNING: at .../arch/x86/kernel/apic/apic.c:1239
...
CPU 1 irqstacks, hard=
f1c9a000 soft=
f1c9c000
Booting Node 0, Processors #1
smpboot cpu 1: start_ip = 9e000
Initializing CPU#1
------------[ cut here ]------------
WARNING: at .../arch/x86/kernel/apic/apic.c:1239
setup_local_APIC+0x137/0x46b() Hardware name: ...
CPU1 logical APIC ID: 2 != 8
...
Fix this (for the time being, i.e. until
x86_32_early_logical_apicid() will get removed again, as Tejun
says ought to be possible) by overriding the previously stored
values at the point where the APIC driver gets overridden.
v2: Move this and the pre-existing override logic into
arch/x86/kernel/apic/bigsmp_32.c.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Tejun Heo <tj@kernel.org>
Link: http://lkml.kernel.org/r/4E835D16020000780005844C@nat28.tlf.novell.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
hank [Tue, 20 Sep 2011 20:53:39 +0000 (13:53 -0700)]
time: Change jiffies_to_clock_t() argument type to unsigned long
commit
cbbc719fccdb8cbd87350a05c0d33167c9b79365 upstream.
The parameter's origin type is long. On an i386 architecture, it can
easily be larger than 0x80000000, causing this function to convert it
to a sign-extended u64 type.
Change the type to unsigned long so we get the correct result.
Signed-off-by: hank <pyu@redhat.com>
Cc: John Stultz <john.stultz@linaro.org>
[ build fix ]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Luciano Coelho [Thu, 22 Sep 2011 07:06:10 +0000 (10:06 +0300)]
wl12xx: fix forced passive scans
commit
6cd9d21a0c1e2648c07c32c66bb25795ad3208aa upstream.
We were using incorrect max and min dwell times during forced passive
scans because we were still using the active scan states to scan
(passively) the channels that were not marked as passive.
Instead of doing passive scans in active states, we now skip active
states and scan for all channels in passive states.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard Cochran [Fri, 21 Oct 2011 00:49:15 +0000 (00:49 +0000)]
net: hold sock reference while processing tx timestamps
commit
da92b194cc36b5dc1fbd85206aeeffd80bee0c39 upstream.
The pair of functions,
* skb_clone_tx_timestamp()
* skb_complete_tx_timestamp()
were designed to allow timestamping in PHY devices. The first
function, called during the MAC driver's hard_xmit method, identifies
PTP protocol packets, clones them, and gives them to the PHY device
driver. The PHY driver may hold onto the packet and deliver it at a
later time using the second function, which adds the packet to the
socket's error queue.
As pointed out by Johannes, nothing prevents the socket from
disappearing while the cloned packet is sitting in the PHY driver
awaiting a timestamp. This patch fixes the issue by taking a reference
on the socket for each such packet. In addition, the comments
regarding the usage of these function are expanded to highlight the
rule that PHY drivers must use skb_complete_tx_timestamp() to release
the packet, in order to release the socket reference, too.
These functions first appeared in v2.6.36.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Richard Cochran <richard.cochran@omicron.at>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Johannes Berg [Tue, 4 Oct 2011 16:27:10 +0000 (18:27 +0200)]
mac80211: fix offchannel TX cookie matching
commit
28a1bcdb57d50f3038a255741ecc83e391e5282e upstream.
When I introduced in-kernel off-channel TX I
introduced a bug -- the work can't be canceled
again because the code clear the skb pointer.
Fix this by keeping track separately of whether
TX status has already been reported.
Reported-by: Jouni Malinen <j@w1.fi>
Tested-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard Cochran [Fri, 21 Oct 2011 00:49:17 +0000 (00:49 +0000)]
dp83640: free packet queues on remove
commit
8b3408f8ee994973869d8ba32c5bf482bc4ddca4 upstream.
If the PHY should disappear (for example, on an USB Ethernet MAC), then
the driver would leak any undelivered time stamp packets. This commit
fixes the issue by calling the appropriate functions to free any packets
left in the transmit and receive queues.
The driver first appeared in v3.0.
Signed-off-by: Richard Cochran <richard.cochran@omicron.at>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric W. Biederman [Fri, 21 Oct 2011 06:24:20 +0000 (06:24 +0000)]
rtnetlink: Add missing manual netlink notification in dev_change_net_namespaces
commit
d2237d35748e7f448a9c2d9dc6a85ef637466e24 upstream.
Renato Westphal noticed that since commit
a2835763e130c343ace5320c20d33c281e7097b7
"rtnetlink: handle rtnl_link netlink notifications manually" was merged
we no longer send a netlink message when a networking device is moved
from one network namespace to another.
Fix this by adding the missing manual notification in dev_change_net_namespaces.
Since all network devices that are processed by dev_change_net_namspaces are
in the initialized state the complicated tests that guard the manual
rtmsg_ifinfo calls in rollback_registered and register_netdevice are
unnecessary and we can just perform a plain notification.
Tested-by: Renato Westphal <renatowestphal@gmail.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ming Lei [Fri, 7 Oct 2011 03:50:22 +0000 (11:50 +0800)]
ata_piix: make DVD Drive recognisable on systems with Intel Sandybridge chipsets(v2)
commit
5e5a4f5d5a08c9c504fe956391ac3dae2c66556d upstream.
This quirk patch fixes one kind of bug inside some Intel Sandybridge
chipsets, see reports from
https://bugzilla.kernel.org/show_bug.cgi?id=40592.
Many guys also have reported the problem before:
https://bugs.launchpad.net/bugs/737388
https://bugs.launchpad.net/bugs/794642
https://bugs.launchpad.net/bugs/782389
......
With help from Tejun, the problem is found to be caused by 32bit PIO
mode, so introduce the quirk patch to disable 32bit PIO on SATA piix
for some Sandybridge CPT chipsets.
Seth also tested the patch on all five affected chipsets
(pci device ID: 0x1c00, 0x1c01, 0x1d00, 0x1e00, 0x1e01), and found
the patch does fix the problem.
Tested-by: Heasley, Seth <seth.heasley@intel.com>
Cc: Alan Cox <alan@linux.intel.com>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Acked-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>