Linus Torvalds [Sat, 6 Feb 2010 00:16:50 +0000 (16:16 -0800)]
Fix potential crash with sys_move_pages
commit
6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0 upstream.
We incorrectly depended on the 'node_state/node_isset()' functions
testing the node range, rather than checking it explicitly. That's not
reliable, even if it might often happen to work. So do the proper
explicit test.
Reported-by: Marcus Meissner <meissner@suse.de>
Acked-and-tested-by: Brice Goglin <Brice.Goglin@inria.fr>
Acked-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-Hartman [Tue, 9 Feb 2010 12:57:19 +0000 (04:57 -0800)]
Linux 2.6.32.8
jamal [Thu, 4 Feb 2010 19:50:56 +0000 (14:50 -0500)]
NET: fix oops at bootime in sysctl code
This fixes the boot time oops on the 2.6.32-stable tree. It is needed
only in this tree due to the divergance from upstream.
From: jamal <hadi@cyberus.ca>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andreas Schwab [Sat, 30 Jan 2010 10:20:59 +0000 (10:20 +0000)]
powerpc: TIF_ABI_PENDING bit removal
commit
94f28da8409c6059135e89ac64a0839993124155 upstream.
Here are the powerpc bits to remove TIF_ABI_PENDING now that
set_personality() is called at the appropriate place in exec.
Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Felix Fietkau [Tue, 19 Jan 2010 19:51:32 +0000 (20:51 +0100)]
ath9k: fix beacon slot/buffer leak
commit
74401773f80b6d42f7a4c6994ca0cca883b03745 upstream.
When cleaning up beacon buffers and slots, ath9k currently checks if
sc->ah->opmode is set to a beacon related mode before cleaning up
buffers.
An unfortunate ordering of interface up/down commands can lead to
sc->ah->opmode being set to monitor mode, while there are AP interfaces
present on the same wiphy.
Always cleaning up beacon buffers if present fixes this issue.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Felix Fietkau [Sat, 23 Jan 2010 19:04:18 +0000 (20:04 +0100)]
ath9k: fix eeprom INI values override for 2GHz-only cards
commit
aa8bc9ef18a2c5b2b97e1f36ee9604cf15743f96 upstream.
Among other changes, this commit:
commit
06d0f0663e11cab4ec5f2c143a118d71a12fbbe9
Author: Sujith <Sujith.Manoharan@atheros.com>
Date: Thu Feb 12 10:06:45 2009 +0530
ath9k: Enable Fractional N mode
changed the hw attach code to fix up initialization values only for
dual band devices, however the commit message did not give a reason as
to why this would be useful or necessary.
According to tests by Jorge Boncompte, this breaks at least some
2GHz-only cards, so the code should be changed back to the
unconditional INI fixup.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Reported-by: Jorge Boncompte <jorge@dti2.net>
Tested-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Thadeu Lima de Souza Cascardo [Tue, 2 Feb 2010 21:44:17 +0000 (13:44 -0800)]
pktcdvd: removing device does not remove its sysfs dir
commit
ca0bf64d99f6e3f6e2fe2585e52a0ac57354beac upstream.
This is the counterpart to
cba767175becadc5c4016cceb7bfdd2c7fe722f4
("pktcdvd: remove broken dev_t export of class devices"). Device is not
registered using dev_t, so it should not be destroyed using device_destroy
which looks up the device by dev_t. This will fail and adding the device
again will fail with the "duplicate name" error. This is fixed using
device_unregister instead of device_destroy.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Peter Osterlund <petero2@telia.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard Röjfors [Tue, 2 Feb 2010 21:44:12 +0000 (13:44 -0800)]
uartlite: fix crash when using as console
commit
03eac7bb882a75e6ee5705288f7ec36ad2e7d0d5 upstream.
Move the ulite_console_setup to the .devinit section since it might be
called on probe, which is in devinit. Fixes the crash below where the
uartlite hw is probed after the .init section is freed from the kernel.
uartlite: ttyUL0 at MMIO 0xc8000100 (irq = 30) is a uartlite
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<
c176720e>] ulite_console_setup+0x6f/0xa8
*pdpt =
0000000036fb0001 *pde =
0000000000000000
Oops: 0000 [#1] PREEMPT SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1f.1/host0/uevent
Modules linked in: puffin(+) serio_raw
Pid: 151, comm: modprobe Not tainted (2.6.31.5-1.0.b1-b1 #1) POULSBO
EIP: 0060:[<
c176720e>] EFLAGS:
00010246 CPU: 0
EIP is at ulite_console_setup+0x6f/0xa8
EAX:
c16ec824 EBX:
c16ec824 ECX:
c176719f EDX:
00000000
ESI:
00000000 EDI:
c17b42c4 EBP:
f6fd1cf0 ESP:
f6fd1cd8
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process modprobe (pid: 151, ti=
f6fd0000 task=
f6fa1020 task.ti=
f6fd0000)
Stack:
c1031f51 00000000 00000000 00000246 c182237c f7742000 f6fd1d5c c11fd316
<0>
c16ec85c f77420d4 0000001e 00000000 00000000 c1633e78 4f494d4d 63783020
<0>
30303038 00303031 f6fd1d3c c10e0786 f6fd1d48 00000000 f6fd1d48 00000000
Call Trace:
[<
c1031f51>] ? register_console+0xf6/0x1fc
[<
c11fd316>] ? uart_add_one_port+0x237/0x2bb
[<
c10e0786>] ? sysfs_add_one+0x13/0xd3
[<
c10e142f>] ? sysfs_do_create_link+0xba/0xfc
[<
c146f200>] ? ulite_probe+0x198/0x1eb
[<
c12064ee>] ? platform_drv_probe+0xc/0xe
[<
c120597b>] ? driver_probe_device+0x79/0x105
[<
c1205a8e>] ? __device_attach+0x28/0x30
[<
c120511f>] ? bus_for_each_drv+0x3d/0x67
[<
c1205af9>] ? device_attach+0x44/0x58
[<
c1205a66>] ? __device_attach+0x0/0x30
[<
c1204fb8>] ? bus_probe_device+0x1f/0x34
[<
c1203e68>] ? device_add+0x385/0x4c0
[<
c148491f>] ? _write_unlock+0x8/0x1f
[<
c1206aac>] ? platform_device_add+0xd9/0x11c
[<
c120c685>] ? mfd_add_devices+0x165/0x1bc
[<
f831b378>] ? puffin_probe+0x2d0/0x390 [puffin]
[<
c11a08ef>] ? pci_match_device+0xa0/0xa7
[<
c11a07bc>] ? local_pci_probe+0xe/0x10
[<
c11a11db>] ? pci_device_probe+0x43/0x66
[<
c120597b>] ? driver_probe_device+0x79/0x105
[<
c1205a4a>] ? __driver_attach+0x43/0x5f
[<
c120535d>] ? bus_for_each_dev+0x3d/0x67
[<
c1205852>] ? driver_attach+0x14/0x16
[<
c1205a07>] ? __driver_attach+0x0/0x5f
[<
c1204dea>] ? bus_add_driver+0xf9/0x220
[<
c1205c8f>] ? driver_register+0x8b/0xeb
[<
c11a1518>] ? __pci_register_driver+0x43/0x9f
[<
c10477ef>] ? __blocking_notifier_call_chain+0x40/0x4c
[<
f831f000>] ? puffin_init+0x0/0x48 [puffin]
[<
f831f017>] ? puffin_init+0x17/0x48 [puffin]
[<
c1001139>] ? do_one_initcall+0x4c/0x131
[<
c105607b>] ? sys_init_module+0xa7/0x1b7
[<
c1002a61>] ? syscall_call+0x7/0xb
Code: 6e 74 00 00 00 92 33 00 00 18 00 0e 01 73 79 6e 63 65 2d 72 65 67 69 73 74 72 79 0c 00 49 32
00 00 14 00 09 01 61 6c 73 61 2d 69 <6e> 66 6f 00 00 00 42 37 00 00 10 00 07 01 6b 69 6c 6c 61 6c 6c
EIP: [<
c176720e>] ulite_console_setup+0x6f/0xa8 SS:ESP 0068:
f6fd1cd8
CR2:
0000000000000000
Signed-off-by: Richard Röjfors <richard.rojfors@pelagicore.com>
Acked-by: Peter Korsgaard <jacmet@sunsite.dk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Julia Lawall [Tue, 2 Feb 2010 22:31:36 +0000 (09:31 +1100)]
kernel/cred.c: use kmem_cache_free
commit
b8a1d37c5f981cdd2e83c9fd98198832324cd57a upstream.
Free memory allocated using kmem_cache_zalloc using kmem_cache_free rather
than kfree.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression x,E,c;
@@
x = \(kmem_cache_alloc\|kmem_cache_zalloc\|kmem_cache_alloc_node\)(c,...)
... when != x = E
when != &x
?-kfree(x)
+kmem_cache_free(c,x)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Cc: Steve Dickson <steved@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ben Hutchings [Tue, 26 Jan 2010 18:27:09 +0000 (18:27 +0000)]
starfire: clean up properly if firmware loading fails
commit
c928febf4bc703ea542340e5a208e0445d998839 upstream.
netdev_open() will return without cleaning up net device or hardware state
if firmware loading fails. This results in a BUG() on a second attempt to
bring the interface up, reported in
<http://bugzilla.kernel.org/show_bug.cgi?id=15091>, and probably has even
worse effects if the driver is removed afterwards.
Call netdev_close() to clean up on failure.
Addresses http://bugzilla.kernel.org/show_bug.cgi?id=15091
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Reported-by: Michael Moffatt <michael@moffatt.org.nz>
Tested-by: Michael Moffatt <michael@moffatt.org.nz>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alberto Panizzo [Tue, 2 Feb 2010 21:43:59 +0000 (13:43 -0800)]
mx3fb: some debug and initialisation fixes
commit
b3cb53721890879d7bde31f5f9eefd4edf41ab64 upstream.
Fix the kernel oops when dev_dbg is called with mx3_fbi->txd == NULL
Fix the late initialisation of mx3fb->backlight_level. If not, in the
chain of function started by init_fb_chan(), in __blank() call
sdc_set_brightness(mx3fb, mx3fb->backlight_level) that will shut down the
CONTRAST PWM output.
Signed-off-by: Alberto Panizzo <maramaopercheseimorto@gmail.com>
Acked-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Uwe Kleine-König [Tue, 2 Feb 2010 21:44:10 +0000 (13:44 -0800)]
imxfb: correct location of callbacks in suspend and resume
commit
1ec562035ba64e724652cb12b8a770b3906e9bf5 upstream.
The probe function passes a pointer to a struct fb_info to
platform_set_drvdata(), so don't interpret the return value of
platform_get_drvdata() as a pointer to struct imxfb_info.
The original imxfb_info *fbi backlight_power was NULL but in imxfb_suspend
it was 4 resulting in an oops as imxfb_suspend calls
imxfb_disable_controller(fbi) which in turn has
if (fbi->backlight_power)
fbi->backlight_power(0);
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Sascha Hauer <kernel@pengutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Zhu Yi [Tue, 26 Jan 2010 07:58:57 +0000 (15:58 +0800)]
mac80211: fix NULL pointer dereference when ftrace is enabled
commit
3092ad054406f069991ca561adc74f2d9fbb6867 upstream.
I got below kernel oops when I try to bring down the network interface if
ftrace is enabled. The root cause is drv_ampdu_action() is passed with a
NULL ssn pointer in the BA session tear down case. We need to check and
avoid dereferencing it in trace entry assignment.
BUG: unable to handle kernel NULL pointer dereference
Modules linked in: at (null)
IP: [<
f98fe02a>] ftrace_raw_event_drv_ampdu_action+0x10a/0x160 [mac80211]
*pde =
00000000
Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[...]
Call Trace:
[<
f98fdf20>] ? ftrace_raw_event_drv_ampdu_action+0x0/0x160 [mac80211]
[<
f98dac4c>] ? __ieee80211_stop_rx_ba_session+0xfc/0x220 [mac80211]
[<
f98d97fb>] ? ieee80211_sta_tear_down_BA_sessions+0x3b/0x50 [mac80211]
[<
f98dc6f6>] ? ieee80211_set_disassoc+0xe6/0x230 [mac80211]
[<
f98dc6ac>] ? ieee80211_set_disassoc+0x9c/0x230 [mac80211]
[<
f98dcbb8>] ? ieee80211_mgd_deauth+0x158/0x170 [mac80211]
[<
f98e4bdb>] ? ieee80211_deauth+0x1b/0x20 [mac80211]
[<
f8987f49>] ? __cfg80211_mlme_deauth+0xe9/0x120 [cfg80211]
[<
f898b870>] ? __cfg80211_disconnect+0x170/0x1d0 [cfg80211]
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
anfei zhou [Tue, 2 Feb 2010 21:44:02 +0000 (13:44 -0800)]
mm: flush dcache before writing into page to avoid alias
commit
931e80e4b3263db75c8e34f078d22f11bbabd3a3 upstream.
The cache alias problem will happen if the changes of user shared mapping
is not flushed before copying, then user and kernel mapping may be mapped
into two different cache line, it is impossible to guarantee the coherence
after iov_iter_copy_from_user_atomic. So the right steps should be:
flush_dcache_page(page);
kmap_atomic(page);
write to page;
kunmap_atomic(page);
flush_dcache_page(page);
More precisely, we might create two new APIs flush_dcache_user_page and
flush_dcache_kern_page to replace the two flush_dcache_page accordingly.
Here is a snippet tested on omap2430 with VIPT cache, and I think it is
not ARM-specific:
int val = 0x11111111;
fd = open("abc", O_RDWR);
addr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
*(addr+0) = 0x44444444;
tmp = *(addr+0);
*(addr+1) = 0x77777777;
write(fd, &val, sizeof(int));
close(fd);
The results are not always 0x11111111 0x77777777 at the beginning as expected. Sometimes we see 0x44444444 0x77777777.
Signed-off-by: Anfei <anfei.zhou@gmail.com>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Nick Piggin <nickpiggin@yahoo.com.au>
Cc: <linux-arch@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David S. Miller [Fri, 29 Jan 2010 05:36:21 +0000 (21:36 -0800)]
be2net: Fix memset() arg ordering.
commit
d291b9af1a1a12f59a464494900c6e0db26e2ec3 upstream.
Noticed by Ben Hutchings.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ajit Khaparde [Wed, 27 Jan 2010 21:56:44 +0000 (21:56 +0000)]
be2net: Bug fix to support newer generation of BE ASIC
commit
7b139c83c590d4965259aad8889cbb08104b2891 upstream.
Bug fix in be2net for newer generation of BladeEngine ASIC.
Signed-off-by: Ajit Khaparde <ajitk@serverengines.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Evgeniy Polyakov [Tue, 2 Feb 2010 23:58:48 +0000 (15:58 -0800)]
connector: Delete buggy notification code.
commit
f98bfbd78c37c5946cc53089da32a5f741efdeb7 upstream.
On Tue, Feb 02, 2010 at 02:57:14PM -0800, Greg KH (gregkh@suse.de) wrote:
> > There are at least two ways to fix it: using a big cannon and a small
> > one. The former way is to disable notification registration, since it is
> > not used by anyone at all. Second way is to check whether calling
> > process is root and its destination group is -1 (kind of priveledged
> > one) before command is dispatched to workqueue.
>
> Well if no one is using it, removing it makes the most sense, right?
>
> No objection from me, care to make up a patch either way for this?
Getting it is not used, let's drop support for notifications about
(un)registered events from connector.
Another option was to check credentials on receiving, but we can always
restore it without bugs if needed, but genetlink has a wider code base
and none complained, that userspace can not get notification when some
other clients were (un)registered.
Kudos for Sebastian Krahmer <krahmer@suse.de>, who found a bug in the
code.
Signed-off-by: Evgeniy Polyakov <zbr@ioremap.net>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Magnus Damm [Wed, 27 Jan 2010 07:41:19 +0000 (07:41 +0000)]
usb: r8a66597-hdc disable interrupts fix
commit
e5ff15bec96ba18698dae5de0bbf7e6a0653ca65 upstream.
This patch improves disable_controller() in the r8a66597-hdc
driver to disable all interrupts and clear status flags. It
also makes sure that disable_controller() is called during
probe(). This fixes the relatively rare case of unexpected
pending interrupts after kexec reboot.
Signed-off-by: Magnus Damm <damm@opensource.se>
Acked-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chuck Ebbert [Sat, 30 Jan 2010 19:28:19 +0000 (20:28 +0100)]
block: fix bugs in bio-integrity mempool usage
commit
9e9432c267e4047db98b9d4fba95099c6effcef9 upstream.
Fix two bugs in the bio integrity code:
use_bip_pool() always returns 0 because it checks against the wrong limit,
causing the mempool to be used only when regular allocation fails.
When the mempool is used as a fallback we don't free the data properly.
Signed-Off-By: Chuck Ebbert <cebbert@redhat.com>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Herbert Xu [Mon, 1 Feb 2010 10:48:28 +0000 (21:48 +1100)]
random: Remove unused inode variable
commit
cd1510cb5f892907fe1a662f90b41fb3a42954e0 upstream.
The previous changeset left behind an unused inode variable.
This patch removes it.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Matt Mackall [Fri, 29 Jan 2010 08:50:36 +0000 (21:50 +1300)]
random: drop weird m_time/a_time manipulation
commit
a996996dd75a9086b12d1cb4010f26e1748993f0 upstream.
No other driver does anything remotely like this that I know of except
for the tty drivers, and I can't see any reason for random/urandom to do
it. In fact, it's a (trivial, harmless) timing information leak. And
obviously, it generates power- and flash-cycle wasting I/O, especially
if combined with something like hwrngd. Also, it breaks ubifs's
expectations.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Torvalds [Tue, 2 Feb 2010 20:37:44 +0000 (12:37 -0800)]
Fix 'flush_old_exec()/setup_new_exec()' split
commit
7ab02af428c2d312c0cf8fb0b01cc1eb21131a3d upstream.
Commit
221af7f87b9 ("Split 'flush_old_exec' into two functions") split
the function at the point of no return - ie right where there were no
more error cases to check. That made sense from a technical standpoint,
but when we then also combined it with the actual personality setting
going in between flush_old_exec() and setup_new_exec(), it needs to be a
bit more careful.
In particular, we need to make sure that we really flush the old
personality bits in the 'flush' stage, rather than later in the 'setup'
stage, since otherwise we might be flushing the _new_ personality state
that we're just setting up.
So this moves the flags and personality flushing (and 'flush_thread()',
which is the arch-specific function that generally resets lazy FP state
etc) of the old process into flush_old_exec(), so that it doesn't affect
any state that execve() is setting up for the new process environment.
This was reported by Michal Simek as breaking his Microblaze qemu
environment.
Reported-and-tested-by: Michal Simek <michal.simek@petalogix.com>
Cc: Peter Anvin <hpa@zytor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dmitry Monakhov [Wed, 27 Jan 2010 19:44:36 +0000 (22:44 +0300)]
block: fix bio_add_page for non trivial merge_bvec_fn case
commit
1d6165851cd8e3f919d446cd6da35dee44e8837e upstream.
We have to properly decrease bi_size in order to merge_bvec_fn return
right result. Otherwise this result in false merge rejects for two
absolutely valid bio_vecs. This may cause significant performance
penalty for example fs_block_size == 1k and block device is raid0 with
small chunk_size = 8k. Then it is impossible to merge 7-th fs-block in
to bio which already has 6 fs-blocks.
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Nick Piggin [Mon, 1 Feb 2010 11:25:57 +0000 (22:25 +1100)]
mm: purge fragmented percpu vmap blocks
commit
02b709df817c0db174f249cc59e5f7fd01b64d92 upstream.
Improve handling of fragmented per-CPU vmaps. We previously don't free
up per-CPU maps until all its addresses have been used and freed. So
fragmented blocks could fill up vmalloc space even if they actually had
no active vmap regions within them.
Add some logic to allow all CPUs to have these blocks purged in the case
of failure to allocate a new vm area, and also put some logic to trim
such blocks of a current CPU if we hit them in the allocation path (so
as to avoid a large build up of them).
Christoph reported some vmap allocation failures when using the per CPU
vmap APIs in XFS, which cannot be reproduced after this patch and the
previous bug fix.
Cc: linux-mm@kvack.org
Tested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Nick Piggin [Mon, 1 Feb 2010 11:24:18 +0000 (22:24 +1100)]
mm: percpu-vmap fix RCU list walking
commit
de5604231ce4bc8db1bc1dcd27d8540cbedf1518 upstream.
RCU list walking of the per-cpu vmap cache was broken. It did not use
RCU primitives, and also the union of free_list and rcu_head is
obviously wrong (because free_list is indeed the list we are RCU
walking).
While we are there, remove a couple of unused fields from an earlier
iteration.
These APIs aren't actually used anywhere, because of problems with the
XFS conversion. Christoph has now verified that the problems are solved
with these patches. Also it is an exported interface, so I think it
will be good to be merged now (and Christoph wants to get the XFS
changes into their local tree).
Cc: linux-mm@kvack.org
Tested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tejun Heo [Mon, 11 Jan 2010 02:14:44 +0000 (11:14 +0900)]
libata: retry link resume if necessary
commit
5040ab67a2c6d5710ba497dc52a8f7035729d7b0 upstream.
Interestingly, when SIDPR is used in ata_piix, writes to DET in
SControl sometimes get ignored leading to detection failure. Update
sata_link_resume() such that it reads back SControl after clearing DET
and retry if it's not clear.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: fengxiangjun <fengxiangjun@neusoft.com>
Reported-by: Jim Faulkner <jfaulkne@ccs.neu.edu>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Suravee Suthikulpanit [Mon, 18 Jan 2010 17:25:36 +0000 (11:25 -0600)]
oprofile/x86: fix crash when profiling more than 28 events
commit
d8cc108f4fab42b380c6b3f3356f99e8dd5372e2 upstream.
With multiplexing enabled oprofile crashs when profiling more than 28
events. This patch fixes this.
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andi Kleen [Thu, 21 Jan 2010 22:26:27 +0000 (23:26 +0100)]
oprofile/x86: add Xeon 7500 series support
commit
e83e452b0692c9c13372540deb88a77d4ae2553d upstream.
Add Xeon 7500 series support to oprofile.
Straight forward: it's the same as Core i7, so just detect
the model number. No user space changes needed.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Glauber Costa [Mon, 1 Feb 2010 18:54:05 +0000 (16:54 -0200)]
KVM: allow userspace to adjust kvmclock offset
(cherry picked from
afbcf7ab8d1bc8c2d04792f6d9e786e0adeb328d)
When we migrate a kvm guest that uses pvclock between two hosts, we may
suffer a large skew. This is because there can be significant differences
between the monotonic clock of the hosts involved. When a new host with
a much larger monotonic time starts running the guest, the view of time
will be significantly impacted.
Situation is much worse when we do the opposite, and migrate to a host with
a smaller monotonic clock.
This proposed ioctl will allow userspace to inform us what is the monotonic
clock value in the source host, so we can keep the time skew short, and
more importantly, never goes backwards. Userspace may also need to trigger
the current data, since from the first migration onwards, it won't be
reflected by a simple call to clock_gettime() anymore.
[marcelo: future-proof abi with a flags field]
[jan: fix KVM_GET_CLOCK by clearing flags field instead of checking it]
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jarek Poplawski [Sat, 16 Jan 2010 09:04:04 +0000 (01:04 -0800)]
ax25: netrom: rose: Fix timer oopses
[ Upstream commit
d00c362f1b0ff54161e0a42b4554ac621a9ef92d ]
Wrong ax25_cb refcounting in ax25_send_frame() and by its callers can
cause timer oopses (first reported with 2.6.29.6 kernel).
Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=14905
Reported-by: Bernard Pidoux <bpidoux@free.fr>
Tested-by: Bernard Pidoux <bpidoux@free.fr>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jarek Poplawski [Sun, 10 Jan 2010 22:04:19 +0000 (22:04 +0000)]
af_packet: Don't use skb after dev_queue_xmit()
[ Upstream commit
eb70df13ee52dbc0f2c0ffd8ed34a8cd27440baf ]
tpacket_snd() can change and kfree an skb after dev_queue_xmit(),
which is illegal.
With debugging by: Stephen Hemminger <shemminger@vyatta.com>
Reported-by: Michael Breuer <mbreuer@majjas.com>
With help from: David S. Miller <davem@davemloft.net>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Tested-by: Michael Breuer<mbreuer@majjas.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jamal Hadi Salim [Sat, 26 Dec 2009 01:30:22 +0000 (17:30 -0800)]
net: restore ip source validation
[ Upstream commit
28f6aeea3f12d37bd258b2c0d5ba891bff4ec479 ]
when using policy routing and the skb mark:
there are cases where a back path validation requires us
to use a different routing table for src ip validation than
the one used for mapping ingress dst ip.
One such a case is transparent proxying where we pretend to be
the destination system and therefore the local table
is used for incoming packets but possibly a main table would
be used on outbound.
Make the default behavior to allow the above and if users
need to turn on the symmetry via sysctl src_valid_mark
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jarek Poplawski [Mon, 4 Jan 2010 08:48:41 +0000 (08:48 +0000)]
sky2: Fix oops in sky2_xmit_frame() after TX timeout
[ Upstream commit
9db2f1bec36805e57a003f7bb90e003815d96de8 ]
During TX timeout procedure dev could be awoken too early, e.g. by
sky2_complete_tx() called from sky2_down(). Then sky2_xmit_frame()
can run while buffers are freed causing an oops. This patch fixes it
by adding netif_device_present() test in sky2_tx_complete().
Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=14925
With debugging by: Mike McCormack <mikem@ring3k.org>
Reported-by: Berck E. Nash <flyboy@gmail.com>
Tested-by: Berck E. Nash <flyboy@gmail.com>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Octavian Purdila [Fri, 8 Jan 2010 08:00:09 +0000 (00:00 -0800)]
tcp: update the netstamp_needed counter when cloning sockets
[ Upstream commit
704da560c0a0120d8869187f511491a00951a1d3 ]
This fixes a netstamp_needed accounting issue when the listen socket
has SO_TIMESTAMP set:
s = socket(AF_INET, SOCK_STREAM, 0);
setsockopt(s, SOL_SOCKET, SO_TIMESTAMP, 1); -> netstamp_needed = 1
bind(s, ...);
listen(s, ...);
s2 = accept(s, ...); -> netstamp_needed = 1
close(s2); -> netstamp_needed = 0
close(s); -> netstamp_needed = -1
Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Aaro Koskinen [Mon, 1 Feb 2010 16:24:58 +0000 (18:24 +0200)]
clocksource: fix compilation if no GENERIC_TIME
commit
a362c638bdf052bf424bce7645d39b101090f6ba upstream
Commit
a9238ce3bb0fda6e760780b702c6cbd3793087d3 broke compilation on
platforms that do not implement GENERIC_TIME (e.g. iop32x):
kernel/time/clocksource.c: In function 'clocksource_register':
kernel/time/clocksource.c:556: error: implicit declaration of function 'clocksource_max_deferment'
Provide the implementation of clocksource_max_deferment() also for
such platforms.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Joerg Roedel [Fri, 22 Jan 2010 15:40:20 +0000 (16:40 +0100)]
x86/amd-iommu: Fix possible integer overflow
commit
d91afd15b041f27d34859c79afa9e172018a86f4 upstream.
The variable i in this function could be increased to over
2**32 which would result in an integer overflow when using
int. Fix it by changing i to unsigned long.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Härdeman [Thu, 28 Jan 2010 20:02:54 +0000 (21:02 +0100)]
x86: Add quirk for Intel DG45FC board to avoid low memory corruption
commit
7c099ce1575126395f186ecf58b51a60d5c3be7d upstream.
Commit
6aa542a694dc9ea4344a8a590d2628c33d1b9431 added a quirk for the
Intel DG45ID board due to low memory corruption. The Intel DG45FC
shares the same BIOS (and the same bug) as noted in:
http://bugzilla.kernel.org/show_bug.cgi?id=13736
Signed-off-by: David Härdeman <david@hardeman.nu>
LKML-Reference: <
20100128200254.GA9134@hardeman.nu>
Cc: Alexey Fisher <bug-track@fisher-privat.net>
Cc: ykzhao <yakui.zhao@intel.com>
Cc: Tony Bones <aabonesml@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Leann Ogasawara [Wed, 27 Jan 2010 23:29:18 +0000 (15:29 -0800)]
x86: Add Dell OptiPlex 760 reboot quirk
commit
35ea63d70f827a26c150993b4b940925bb02b03f upstream.
Dell OptiPlex 760 hangs on reboot unless reboot=bios is used. Add quirk
to reboot through the BIOS.
BugLink: https://bugs.launchpad.net/bugs/488319
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
LKML-Reference: <
1264634958.27335.1091.camel@emiko>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mark Brown [Mon, 4 Jan 2010 15:30:54 +0000 (15:30 +0000)]
regulator: Specify REGULATOR_CHANGE_STATUS for WM835x LED constraints
commit
a2fad9bf26a1d44a8d31a5c4528108a2b9f468ab upstream.
The WM8350 LED driver needs to be able to enable and disable the
regulators it is using. Previously the core wasn't properly enforcing
status change constraints so the driver was able to function but this
has always been intended to be required.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Fri, 28 Aug 2009 08:47:16 +0000 (10:47 +0200)]
SECURITY: selinux, fix update_rlimit_cpu parameter
commit
17740d89785aeb4143770923d67c293849414710 upstream.
Don't pass current RLIMIT_RTTIME to update_rlimit_cpu() in
selinux_bprm_committing_creds, since update_rlimit_cpu expects
RLIMIT_CPU limit.
Use proper rlim[RLIMIT_CPU].rlim_cur instead to fix that.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stefan Richter [Fri, 29 Jan 2010 20:25:46 +0000 (21:25 +0100)]
firewire: core: add_descriptor size check
Backport of commit
e300839da40e99581581c5d053a95a172651fec8 upstream.
Presently, firewire-core only checks whether descriptors that are to be
added by userspace drivers to the local node's config ROM do not exceed
a size of 256 quadlets. However, the sum of the bare minimum ROM plus
all descriptors (from firewire-core, from firewire-net, from userspace)
must not exceed 256 quadlets.
Otherwise, the bounds of a statically allocated buffer will be
overwritten. If the kernel survives that, firewire-core will
subsequently be unable to parse the local node's config ROM.
(Note, userspace drivers can add descriptors only through device files
of local nodes. These are usually only accessible by root, unlike
device files of remote nodes which may be accessible to lesser
privileged users.)
Therefore add a test which takes the actual present and required ROM
size into account for all descriptors of kernelspace and userspace
drivers.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jesse Barnes [Fri, 11 Dec 2009 19:07:17 +0000 (11:07 -0800)]
drm/i915: only enable hotplug for detected outputs
commit
b01f2c3a4a37d09a47ad73ccbb46d554d21cfeb0 upstream.
This patch changes around our hotplug enable code a bit to only enable
it for ports we actually detect and initialize. This prevents problems
with stuck or spurious interrupts on outputs that aren't actually wired
up, and is generally more correct.
Fixes FDO bug #23183.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Wey-Yi Guy [Fri, 2 Oct 2009 20:44:01 +0000 (13:44 -0700)]
iwlwifi: set default aggregation frame count limit to 31
commit
4d80d7210bb5a36a18978d1305b44375ecb857d9 upstream.
Multiple MPDUs can be aggregated, transmitted, and finally acknowledged
together using a single BA frame. Block ACK (BA) contains
bitmap size of 64*16 bits so the maximum frame count is 64.
The default value of aggregation frame count suggested by uCode is 31 to
achieve best performance.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Venkatesh Pallipadi [Fri, 29 Jan 2010 19:27:31 +0000 (11:27 -0800)]
x86: Disable HPET MSI on ATI SB700/SB800
commit
73472a46b5b28116b145fb5fc05242c1aa8e1461 upstream
HPET MSI on platforms with ATI SB700/SB800 as they seem to have some
side-effects on floppy DMA. Do not use HPET MSI on such platforms.
Original problem report from Mark Hounschell
http://lkml.indiana.edu/hypermail/linux/kernel/0912.2/01118.html
Tested-by: Mark Hounschell <markh@compro.net>
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Cc: <stable@kernel.org>
LKML-Reference: <
20100121190952.GA32523@linux-os.sc.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
David Härdeman [Fri, 29 Jan 2010 06:28:27 +0000 (22:28 -0800)]
Input: winbond-cir - remove dmesg spam
commit
93fb84b50fe03aabca8d9dea5d3ba521a07e8571 upstream.
I missed converting one dev_info call to deb_dbg before submitting the driver.
Without this change, a message will be printed to dmesg for each button press
if a RC6 remote is used.
Signed-off-by: David Härdeman <david@hardeman.nu>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
H. Peter Anvin [Fri, 29 Jan 2010 06:14:43 +0000 (22:14 -0800)]
x86: get rid of the insane TIF_ABI_PENDING bit
commit
05d43ed8a89c159ff641d472f970e3f1baa66318 upstream.
Now that the previous commit made it possible to do the personality
setting at the point of no return, we do just that for ELF binaries.
And suddenly all the reasons for that insane TIF_ABI_PENDING bit go
away, and we can just make SET_PERSONALITY() just do the obvious thing
for a 32-bit compat process.
Everything becomes much more straightforward this way.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Miller [Fri, 29 Jan 2010 05:42:02 +0000 (21:42 -0800)]
sparc: TIF_ABI_PENDING bit removal
commit
94673e968cbcce07fa78dac4b0ae05d24b5816e1 upstream.
Here are the sparc bits to remove TIF_ABI_PENDING now that
set_personality() is called at the appropriate place in exec.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Torvalds [Fri, 29 Jan 2010 06:14:42 +0000 (22:14 -0800)]
Split 'flush_old_exec' into two functions
commit
221af7f87b97431e3ee21ce4b0e77d5411cf1549 upstream.
'flush_old_exec()' is the point of no return when doing an execve(), and
it is pretty badly misnamed. It doesn't just flush the old executable
environment, it also starts up the new one.
Which is very inconvenient for things like setting up the new
personality, because we want the new personality to affect the starting
of the new environment, but at the same time we do _not_ want the new
personality to take effect if flushing the old one fails.
As a result, the x86-64 '32-bit' personality is actually done using this
insane "I'm going to change the ABI, but I haven't done it yet" bit
(TIF_ABI_PENDING), with SET_PERSONALITY() not actually setting the
personality, but just the "pending" bit, so that "flush_thread()" can do
the actual personality magic.
This patch in no way changes any of that insanity, but it does split the
'flush_old_exec()' function up into a preparatory part that can fail
(still called flush_old_exec()), and a new part that will actually set
up the new exec environment (setup_new_exec()). All callers are changed
to trivially comply with the new world order.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mike Frysinger [Wed, 6 Jan 2010 17:23:17 +0000 (17:23 +0000)]
FDPIC: Respect PT_GNU_STACK exec protection markings when creating NOMMU stack
commit
04e4f2b18c8de1389d1e00fef0f42a8099910daf upstream.
The current code will load the stack size and protection markings, but
then only use the markings in the MMU code path. The NOMMU code path
always passes PROT_EXEC to the mmap() call. While this doesn't matter
to most people whilst the code is running, it will cause a pointless
icache flush when starting every FDPIC application. Typically this
icache flush will be of a region on the order of 128KB in size, or may
be the entire icache, depending on the facilities available on the CPU.
In the case where the arch default behaviour seems to be desired
(EXSTACK_DEFAULT), we probe VM_STACK_FLAGS for VM_EXEC to determine
whether we should be setting PROT_EXEC or not.
For arches that support an MPU (Memory Protection Unit - an MMU without
the virtual mapping capability), setting PROT_EXEC or not will make an
important difference.
It should be noted that this change also affects the executability of
the brk region, since ELF-FDPIC has that share with the stack. However,
this is probably irrelevant as NOMMU programs aren't likely to use the
brk region, preferring instead allocation via mmap().
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Hugh Dickins [Fri, 29 Jan 2010 17:46:34 +0000 (17:46 +0000)]
mm: fix migratetype bug which slowed swapping
commit
a7016235a61d520e6806f38129001d935c4b6661 upstream.
After memory pressure has forced it to dip into the reserves, 2.6.32's
5f8dcc21211a3d4e3a7a5ca366b469fb88117f61 "page-allocator: split per-cpu
list into one-list-per-migrate-type" has been returning MIGRATE_RESERVE
pages to the MIGRATE_MOVABLE free_list: in some sense depleting reserves.
Fix that in the most straightforward way (which, considering the overheads
of alternative approaches, is Mel's preference): the right migratetype is
already in page_private(page), but free_pcppages_bulk() wasn't using it.
How did this bug show up? As a 20% slowdown in my tmpfs loop kbuild
swapping tests, on PowerMac G5 with SLUB allocator. Bisecting to that
commit was easy, but explaining the magnitude of the slowdown not easy.
The same effect appears, but much less markedly, with SLAB, and even
less markedly on other machines (the PowerMac divides into fewer zones
than x86, I think that may be a factor). We guess that lumpy reclaim
of short-lived high-order pages is implicated in some way, and probably
this bug has been tickling a poor decision somewhere in page reclaim.
But instrumentation hasn't told me much, I've run out of time and
imagination to determine exactly what's going on, and shouldn't hold up
the fix any longer: it's valid, and might even fix other misbehaviours.
Signed-off-by: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Mon, 25 Jan 2010 23:44:58 +0000 (18:44 -0500)]
Fix failure exit in ipathfs
commit
12e9a45609054fb83d4a8b716a5265cc1a393e10 upstream.
deactivate_locked_super() will be done by caller of fill_super, doing
it there as well is b0rken.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Sun, 24 Jan 2010 05:06:22 +0000 (00:06 -0500)]
fix affs parse_options()
commit
217686e98321a4ff4c1a6cc535e511e37c5d2dbf upstream.
Error handling in that sucker got broken back in 2003. If function
returns 0 on failure, it's not nice to add return -EINVAL into it.
Adding return 1 on other failure exits is also not a good thing (and
yes, original success exits with 1 and some of failure exits with 0
are still there; so's the original logics in callers).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Sun, 24 Jan 2010 05:04:07 +0000 (00:04 -0500)]
Fix remount races with symlink handling in affs
commit
29333920a5a46edcc9b728e2cf0134d5a9b516ee upstream.
A couple of fields in affs_sb_info is used in follow_link() and
symlink() for handling AFFS "absolute" symlinks. Need locking
against affs_remount() updates.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Mon, 25 Jan 2010 11:05:54 +0000 (06:05 -0500)]
fix leak in romfs_fill_super()
commit
7e32b7bb734047c5e3cecf2e896b9cf8fc35d1e8 upstream.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Mon, 25 Jan 2010 11:16:19 +0000 (06:16 -0500)]
fix oops in fs/9p late mount failure
commit
083c73c253c23c20359a344dfe1198ea628e6259 upstream.
if 9P ->get_sb() fails late (at root inode or root dentry
allocation), we'll hit its ->kill_sb() with NULL ->s_root
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Sun, 24 Jan 2010 05:52:22 +0000 (00:52 -0500)]
Fix failure exits in bfs_fill_super()
commit
5998649f779b7148a8a0c10c46cfa99e27d34dfe upstream.
double iput(), leaks...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Al Viro [Sun, 24 Jan 2010 04:38:27 +0000 (23:38 -0500)]
Fix a leak in affs_fill_super()
commit
afc70ed05a07bfe171f7a5b8fdc80bdb073d314f upstream.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Zhenyu Wang [Thu, 17 Dec 2009 08:12:56 +0000 (16:12 +0800)]
drm/i915: Reload hangcheck timer too for Ironlake
commit
c566ec49159b806db95a90fd8f37448376cd0ad2 upstream.
Make sure hangcheck timer won't beat us unexpectedly on Ironlake.
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jesse Brandeburg [Fri, 22 Jan 2010 22:56:16 +0000 (22:56 +0000)]
e1000/e1000e: don't use small hardware rx buffers
commit
9926146b15fd96d78a4f7c32e7a26d50639369f4 upstream.
When testing the "e1000: enhance frame fragment detection" (and e1000e)
patches we found some bugs with reducing the MTU size. The 1024 byte
descriptor used with the 1000 mtu test also (re) introduced the
(originally) reported bug, and causes us to need the e1000_clean_tx_irq
"enhance frame fragment detection" fix.
So what has occured here is that 2.6.32 is only vulnerable for mtu <
1500 due to the jumbo specific routines in both e1000 and e1000e.
So, 2.6.32 needs the 2kB buffer len fix for those smaller MTUs, but
is not vulnerable to the original issue reported. It has been pointed
out that this vulnerability needs to be patched in older kernels that
don't have the e1000 jumbo routine. Without the jumbo routines, we
need the "enhance frame fragment detection" fix the e1000, old
e1000e is only vulnerable for < 1500 mtu, and needs a similar
fix. We split the patches up to provide easy backport paths.
There is only a slight bit of extra code when this fix and the
original "enhance frame fragment detection" fixes are applied, so
please apply both, even though it is a bit of overkill.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jesse Brandeburg [Tue, 19 Jan 2010 14:15:59 +0000 (14:15 +0000)]
e1000e: enhance frame fragment detection
commit
b94b50289622e816adc9f94111cfc2679c80177c upstream.
Originally patched by Neil Horman <nhorman@tuxdriver.com>
e1000e could with a jumbo frame enabled interface, and packet split disabled,
receive a packet that would overflow a single rx buffer. While in practice
very hard to craft a packet that could abuse this, it is possible.
this is related to CVE-2009-4538
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jesse Brandeburg [Tue, 19 Jan 2010 14:15:38 +0000 (14:15 +0000)]
e1000: enhance frame fragment detection
commit
40a14deaf411592b57cb0720f0e8004293ab9865 upstream.
Originally From: Neil Horman <nhorman@tuxdriver.com>
Modified by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Hey all-
A security discussion was recently given:
http://events.ccc.de/congress/2009/Fahrplan//events/3596.en.html
And a patch that I submitted awhile back was brought up. Apparently some of
their testing revealed that they were able to force a buffer fragment in e1000
in which the trailing fragment was greater than 4 bytes. As a result the
fragment check I introduced failed to detect the fragement and a partial
invalid frame was passed up into the network stack. I've written this patch
to correct it. I'm in the process of testing it now, but it makes good
logical sense to me. Effectively it maintains a per-adapter state variable
which detects a non-EOP frame, and discards it and subsequent non-EOP frames
leading up to _and_ _including_ the next positive-EOP frame (as it is by
definition the last fragment). This should prevent any and all partial frames
from entering the network stack from e1000.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mika Westerberg [Tue, 26 Jan 2010 15:47:05 +0000 (17:47 +0200)]
UBI: fix volume creation input checking
commit
c5ce5b46af76f52dea21f467397d24c4ae6cb3ff upstream.
Do not use an unchecked variable UBI_IOCMKVOL ioctl.
Signed-off-by: Mika Westerberg <ext-mika.1.westerberg@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Zhao Yakui [Fri, 8 Jan 2010 13:29:58 +0000 (21:29 +0800)]
ACPI: Advertise to BIOS in _OSC: _OST on _PPC changes
commit
6a4e2b7503d1f630bface040cf0f5a7aac1fabdb upstream.
If the BIOS pokes the system-wide OSC bits to see if Linux
supports evaluating _OST after a _PPC change notification,
answer yes.
Also, fix an oversight where we neglected to set the OSC
bit advertising processor aggregator device support
when acpi-pad is compiled as a module.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Shaohua Li [Wed, 23 Dec 2009 09:04:11 +0000 (17:04 +0800)]
ACPI: fix OSC regression that caused aer and pciehp not to load
commit
9dc130fccb874f2959ef313d7922d306dc6d4f75 upstream.
Executing _OSC returns a buffer, which has an acpi object in it.
Don't directly returns the buffer, instead, we return the acpi object's
buffer. This fixes a regression since caller of acpi_run_osc expects
an acpi object's buffer returned.
Tested-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Shaohua Li [Thu, 29 Oct 2009 03:05:05 +0000 (11:05 +0800)]
ACPI: Add platform-wide _OSC support.
commit
3563ff964fdc36358cef0330936fdac28e65142a upstream.
Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Shaohua Li [Thu, 29 Oct 2009 03:04:28 +0000 (11:04 +0800)]
ACPI: Add a generic API for _OSC -v2
commit
70023de88c58a81a730ab4d13c51a30e537ec76e upstream.
v2->v1:
.improve debug info as suggedted by Bjorn,Kenji
.API is using uuid string as suggested by Alexey
Add an API to execute _OSC. A lot of devices can have this method, so add a
generic API.
Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stefan Haberland [Wed, 27 Jan 2010 09:12:35 +0000 (10:12 +0100)]
dasd: fix possible NULL pointer errors
commit
294001a80c9810e2fe27aaaad7df8be12a103065 upstream.
Fix possible NULL pointer in DASD messages and correct discipline
checking.
Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Felix Beck [Wed, 27 Jan 2010 09:12:39 +0000 (10:12 +0100)]
zcrypt: Do not remove coprocessor for error 8/72
commit
19b123ebacacdce5e75045bfe82122b01c821a5b upstream.
In a case where the number of the input data is bigger than the
modulus of the key, the coprocessor adapters will report an 8/72
error. This case is not caught yet, thus the adapter will be taken
offline. To prevent this, we return an -EINVAL instead.
Signed-off-by: Felix Beck <felix.beck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tejun Heo [Thu, 14 Jan 2010 07:18:09 +0000 (16:18 +0900)]
libata: retry FS IOs even if it has failed with AC_ERR_INVALID
commit
534ead709235b967b659947c55d9130873a432c4 upstream.
libata currently doesn't retry if a command fails with AC_ERR_INVALID
assuming that retrying won't get it any further even if retried.
However, a failure may be classified as invalid through hardware
glitch (incorrect reading of the error register or firmware bug) and
there isn't whole lot to gain by not retrying as actually invalid
commands will be failed immediately. Also, commands serving FS IOs
are extremely unlikely to be invalid. Retry FS IOs even if it's
marked invalid.
Transient and incorrect invalid failure was seen while debugging
firmware related issue on Samsung n130 on bko#14314.
http://bugzilla.kernel.org/show_bug.cgi?id=14314
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Johannes Stezenbach <js@sig21.net>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
H. Peter Anvin [Sun, 24 Jan 2010 02:27:47 +0000 (18:27 -0800)]
x86: Remove "x86 CPU features in debugfs" (CONFIG_X86_CPU_DEBUG)
commit
b160091802d4a76dd063facb09fcf10bf5d5d747 upstream.
CONFIG_X86_CPU_DEBUG, which provides some parsed versions of the x86
CPU configuration via debugfs, has caused boot failures on real
hardware. The value of this feature has been marginal at best, as all
this information is already available to userspace via generic
interfaces.
Causes crashes that have not been fixed + minimal utility -> remove.
See the referenced LKML thread for more information.
Reported-by: Ozan Çağlayan <ozan@pardus.org.tr>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
LKML-Reference: <alpine.LFD.2.00.
1001221755320.13231@localhost.localdomain>
Cc: Jaswinder Singh Rajput <jaswinder@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Rientjes [Wed, 20 Jan 2010 20:10:47 +0000 (12:10 -0800)]
x86: Set hotpluggable nodes in nodes_possible_map
commit
3a5fc0e40cb467e692737bc798bc99773c81e1e2 upstream.
nodes_possible_map does not currently include nodes that have SRAT
entries that are all ACPI_SRAT_MEM_HOT_PLUGGABLE since the bit is
cleared in nodes_parsed if it does not have an online address range.
Unequivocally setting the bit in nodes_parsed is insufficient since
existing code, such as acpi_get_nodes(), assumes all nodes in the map
have online address ranges. In fact, all code using nodes_parsed
assumes such nodes represent an address range of online memory.
nodes_possible_map is created by unioning nodes_parsed and
cpu_nodes_parsed; the former represents nodes with online memory and
the latter represents memoryless nodes. We now set the bit for
hotpluggable nodes in cpu_nodes_parsed so that it also gets set in
nodes_possible_map.
[ hpa: Haicheng Li points out that this makes the naming of the
variable cpu_nodes_parsed somewhat counterintuitive. However, leave
it as is in the interest of keeping the pure bug fix patch small. ]
Signed-off-by: David Rientjes <rientjes@google.com>
Tested-by: Haicheng Li <haicheng.li@linux.intel.com>
LKML-Reference: <alpine.DEB.2.00.
1001201152040.30528@chino.kir.corp.google.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Martin Schwidefsky [Wed, 27 Jan 2010 09:12:40 +0000 (10:12 +0100)]
S390: fix single stepped svcs with TRACE_IRQFLAGS=y
commit
21ec7f6dbf10492ce9a21718040677d3e68bd57d upstream.
If irq flags tracing is enabled the TRACE_IRQS_ON macros expands to
a function call which clobbers registers %r0-%r5. The macro is used
in the code path for single stepped system calls. The argument
registers %r2-%r6 need to be restored from the stack before the system
call function is called.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stefan Richter [Tue, 26 Jan 2010 20:39:07 +0000 (21:39 +0100)]
firewire: ohci: fix crashes with TSB43AB23 on 64bit systems
commit
7a481436787cbc932af6c407b317ac603969a242 upstream.
Unsurprisingly, Texas Instruments TSB43AB23 exhibits the same behaviour
as TSB43AB22/A in dual buffer IR DMA mode: If descriptors are located
at physical addresses above the 31 bit address range (2 GB), the
controller will overwrite random memory. With luck, this merely
prevents video reception. With only a little less luck, the machine
crashes.
We use the same workaround here as with TSB43AB22/A: Switch off the
dual buffer capability flag and use packet-per-buffer IR DMA instead.
Another possible workaround would be to limit the coherent DMA mask to
31 bits.
In Linux 2.6.33, this change serves effectively only as documentation
since dual buffer mode is not used for any controller anymore. But
somebody might want to re-enable it in the future to make use of
features of dual buffer DMA that are not available in packet-per-buffer
mode.
In Linux 2.6.32 and older, this update is vital for anyone with this
controller, more than 2 GB RAM, a 64 bit kernel, and FireWire video or
audio applications.
We have at least four reports:
http://bugzilla.kernel.org/show_bug.cgi?id=13808
http://marc.info/?l=linux1394-user&m=
126154279004083
https://bugzilla.redhat.com/show_bug.cgi?id=552142
http://marc.info/?l=linux1394-user&m=
126432246128386
Reported-by: Paul Johnson
Reported-by: Ronneil Camara
Reported-by: G Zornetzer
Reported-by: Mark Thompson
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chris Wilson [Wed, 27 Jan 2010 13:36:32 +0000 (13:36 +0000)]
drm/i915: Selectively enable self-reclaim
commit
4bdadb9785696439c6e2b3efe34aa76df1149c83 upstream.
Having missed the ENOMEM return via i915_gem_fault(), there are probably
other paths that I also missed. By not enabling NORETRY by default these
paths can run the shrinker and take memory from the system (but not from
our own inactive lists because our shrinker can not run whilst we hold
the struct mutex) and this may allow the system to survive a little longer
whilst our drivers consume all available memory.
References:
OOM killer unexpectedly called with kernel 2.6.32
http://bugzilla.kernel.org/show_bug.cgi?id=14933
v2: Pass gfp into page mapping.
v3: Use new read_cache_page_gfp() instead of open-coding.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Eric Anholt <eric@anholt.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus Torvalds [Wed, 27 Jan 2010 17:20:03 +0000 (09:20 -0800)]
mm: add new 'read_cache_page_gfp()' helper function
commit
0531b2aac59c2296570ac52bfc032ef2ace7d5e1 upstream.
It's a simplified 'read_cache_page()' which takes a page allocation
flag, so that different paths can control how aggressive the memory
allocations are that populate a address space.
In particular, the intel GPU object mapping code wants to be able to do
a certain amount of own internal memory management by automatically
shrinking the address space when memory starts getting tight. This
allows it to dynamically use different memory allocation policies on a
per-allocation basis, rather than depend on the (static) address space
gfp policy.
The actual new function is a one-liner, but re-organizing the helper
functions to the point where you can do this with a single line of code
is what most of the patch is all about.
Tested-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Anatolij Gustschin [Sat, 12 Dec 2009 13:52:21 +0000 (14:52 +0100)]
mptsas: Fix issue with chain pools allocation on katmai
commit
f1053a7ca9ce095d95bcc1cf41684c5e4f3e7751 upstream.
Since commit
9d2e9d66a3f032667934144cd61c396ba49f090d
mptsas driver fails to allocate memory for the MPT chain buffers
for second LSI adapter on PPC440SPe Katmai platform:
...
ioc1: LSISAS1068E B3: Capabilities={Initiator}
mptbase: ioc1: ERROR - Unable to allocate Reply, Request, Chain Buffers!
mptbase: ioc1: ERROR - didn't initialize properly! (-3)
mptsas: probe of 0002:31:00.0 failed with error -3
This commit increased MPT_FC_CAN_QUEUE value but initChainBuffers()
doesn't differentiate between SAS and FC causing increased allocation
for SAS case, too. Later pci_alloc_consistent() fails to allocate
increased chain buffer pool size for SAS case.
Provide a fix by looking at the bus type and using appropriate
MPT_SAS_CAN_QUEUE value while calculation of the number of chain
buffers.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Acked-by: Kashyap Desai <kashyap.desai@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Boaz Harrosh [Tue, 15 Dec 2009 15:25:43 +0000 (17:25 +0200)]
scsi_lib: Fix bug in completion of bidi commands
commit
63c43b0ec1765b74c734d465ba6345ef4f434df8 upstream.
Because of the terrible structuring of scsi-bidi-commands
it breaks some of the life time rules of a scsi-command.
It is now not allowed to free up the block-request before
cleanup and partial deallocation of the scsi-command. (Which
is not so for none bidi commands)
The right fix to this problem would be to make bidi command
a first citizen by allocating a scsi_sdb pointer at scsi command
just like cmd->prot_sdb. The bidi sdb should be allocated/deallocated
as part of the get/put_command (Again like the prot_sdb) and the
current decoupling of scsi_cmnd and blk-request should be kept.
For now make sure scsi_release_buffers() is called before the
call to blk_end_request_all() which might cause the suicide of
the block requests. At best the leak of bidi buffers, at worse
a crash, as there is a race between the existence of the bidi_request
and the free of the associated bidi_sdb.
The reason this was never hit before is because only OSD has the potential
of doing asynchronous bidi commands. (So does bsg but it is never used)
And OSD clients just happen to do all their bidi commands synchronously, up
until recently.
Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-Hartman [Thu, 28 Jan 2010 23:06:20 +0000 (15:06 -0800)]
Linux 2.6.32.7
Russ Anderson [Wed, 27 Jan 2010 02:37:22 +0000 (20:37 -0600)]
x86, msr/cpuid: Pass the number of minors when unregistering MSR and CPUID drivers.
commit
da482474b8396e1a099c37ffc6541b78775aedb4 upstream.
Pass the number of minors when unregistering MSR and CPUID drivers.
Reported-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Dean Nelson <dnelson@redhat.com>
LKML-Reference: <
20100127023722.GA22305@sgi.com>
Signed-off-by: Russ Anderson <rja@sgi.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-Hartman [Tue, 26 Jan 2010 23:04:02 +0000 (15:04 -0800)]
fnctl: f_modown should call write_lock_irqsave/restore
commit
b04da8bfdfbbd79544cab2fadfdc12e87eb01600 upstream.
Commit
703625118069f9f8960d356676662d3db5a9d116 exposed that f_modown()
should call write_lock_irqsave instead of just write_lock_irq so that
because a caller could have a spinlock held and it would not be good to
renable interrupts.
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Tavis Ormandy <taviso@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Wey-Yi Guy [Tue, 26 Jan 2010 20:00:43 +0000 (12:00 -0800)]
iwlwifi: Fix throughput stall issue in HT mode for 5000
commit
1152dcc28c66a74b5b3f1a3ede0aa6729bfd48e4 upstream
Similar to 6000 and 1000 series, RTS/CTS is the recommended protection
mechanism for 5000 series in HT mode based on the HW design.
Using RTS/CTS will better protect the inner exchange from interference,
especially in highly-congested environment, it also prevent uCode encounter
TX FIFO underrun and other HT mode related performance issues.
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Len Brown [Tue, 26 Jan 2010 21:15:28 +0000 (16:15 -0500)]
ACPI: enable C2 and Turbo-mode on Nehalem notebooks on A/C
upstream in 2.6.33-rc:
5d76b6f6c17572e662f5c99c2023adae92100855
Refreshed here for 2.6.32.y, applies w/ offset back to 2.6.29.y.
Linux has always ignored ACPI BIOS C2 with exit latency > 100 usec,
and the ACPI spec is clear that is correct FADT-supplied C2.
However, the ACPI spec explicitly states that _CST-supplied C-states
have no latency limits.
So move the 100usec C2 test out of the code shared
by FADT and _CST code-paths, and into the FADT-specific path.
This bug has not been visible until Nehalem, which advertises
a CPU-C2 worst case exit latency on servers of 205usec.
That (incorrect) figure is being used by BIOS writers
on mobile Nehalem systems for the AC configuration.
Thus, Linux ignores C2 leaving just C1, which is
saves less power, and also impacts performance
by preventing the use of turbo mode.
http://bugzilla.kernel.org/show_bug.cgi?id=15064
Tested-by: Alex Chiang <achiang@hp.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Pallipadi, Venkatesh [Thu, 17 Dec 2009 20:27:02 +0000 (12:27 -0800)]
x86: Reenable TSC sync check at boot, even with NONSTOP_TSC
commit
6c56ccecf05fafe100ab4ea94f6fccbf5ff00db7 upstream.
Commit
83ce4009 did the following change
If the TSC is constant and non-stop, also set it reliable.
But, there seems to be few systems that will end up with TSC warp across
sockets, depending on how the cpus come out of reset. Skipping TSC sync
test on such systems may result in time inconsistency later.
So, reenable TSC sync test even on constant and non-stop TSC systems.
Set, sched_clock_stable to 1 by default and reset it in
mark_tsc_unstable, if TSC sync fails.
This change still gives perf benefit mentioned in
83ce4009 for systems
where TSC is reliable.
Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Acked-by: Suresh Siddha <suresh.b.siddha@intel.com>
LKML-Reference: <
20091217202702.GA18015@linux-os.sc.intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David J. Wilder [Wed, 9 Dec 2009 18:03:00 +0000 (10:03 -0800)]
IPoIB: Clear ipoib_neigh.dgid in ipoib_neigh_alloc()
commit
0cd4d0fd9b0a4e10c091fc6316d1bf92885dcd9c upstream.
IPoIB can miss a change in destination GID under some conditions. The
problem is caused when ipoib_neigh->dgid contains a stale address.
The fix is to set ipoib_neigh->dgid to zero in ipoib_neigh_alloc().
This can happen when a system using bonding on its IPoIB interfaces
has switched its active interface from interface A to B and back to A.
The system that fails over will not correctly processes the 2nd
address change, as described below.
When an address has changed neighbor->ha is updated with the new
address. Each neighbor has an associated ipoib_neigh.
ipoib_neigh->dgid also holds a copy of the remote node's hardware
address. When an address changes neighbor->ha is updated by the
network layer (arp code) with the new address. IPoIB detects this
change in ipoib_start_xmit() by comparing neighbor->ha with
ipoib_neigh->dgid. The bug is that ipoib_neigh->dgid may already
contain the new address (A) thus the change from B to A is missed by
ipoib. Here is the sequence of events:
ipoib_neigh->dgid = A and neighbor->ha = A
The address is switched to B (the first switch)
neighbor->ha = B
The change is seen in ipoib_start_xmit() -- neighbor->ha !=
ipoib_neigh->dgid so ipoib_neigh is released, and a new one is
allocated.
The allocator may return the same chunk of memory that was just
released, therefore ipoib_neigh->dgid still contains A at this point.
ipoib_neigh->dgid should be updated in neigh_add_path(), but if the
following conditions are true dgid is not updated:
1) __path_find() returns a path
2) path->ah is NULL
The remote system now switches from address B to A, neighbor->ha is
updated to A.
Now we have again : ipoib_neigh->dgid = A and neighbor->ha = A
Since the addresses are the same ipoib won't process the change in
address. Fix this by zeroing out the dgid field when allocating a new
struct ipoib_neigh.
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Marcelo Tosatti [Thu, 29 Oct 2009 15:44:17 +0000 (13:44 -0200)]
KVM: only clear irq_source_id if irqchip is present
commit
e50212bb51356f0df48d6cce0aae5acf41df336d upstream.
Otherwise kvm might attempt to dereference a NULL pointer.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Fri, 25 Sep 2009 07:33:38 +0000 (09:33 +0200)]
KVM: fix lock imbalance in kvm_*_irq_source_id()
commit
0c6ddcebd8303ada6faefa6f72ac18b6230320c4 upstream.
Stanse found 2 lock imbalances in kvm_request_irq_source_id and
kvm_free_irq_source_id. They omit to unlock kvm->irq_lock on fail paths.
Fix that by adding unlock labels at the end of the functions and jump
there from the fail paths.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Wei Yongjun [Fri, 22 Jan 2010 06:21:29 +0000 (14:21 +0800)]
KVM: x86: Fix leak of free lapic date in kvm_arch_vcpu_init()
commit
443c39bc9ef7d8f648408d74c97e943f3bb3f48a upstream.
In function kvm_arch_vcpu_init(), if the memory malloc for
vcpu->arch.mce_banks is fail, it does not free the memory
of lapic date. This patch fixed it.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Wei Yongjun [Fri, 22 Jan 2010 06:18:47 +0000 (14:18 +0800)]
KVM: x86: Fix probable memory leak of vcpu->arch.mce_banks
commit
36cb93fd6b6bf7e9163a69a8bf20207aed5fea44 upstream.
vcpu->arch.mce_banks is malloc in kvm_arch_vcpu_init(), but
never free in any place, this may cause memory leak. So this
patch fixed to free it in kvm_arch_vcpu_uninit().
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sheng Yang [Tue, 5 Jan 2010 11:02:28 +0000 (19:02 +0800)]
KVM: x86: Fix host_mapping_level()
commit
82b7005f0e72d8d1a8226e4c192cbb0850d10b3f upstream.
When found a error hva, should not return PAGE_SIZE but the level...
Also clean up the coding style of the following loop.
Signed-off-by: Sheng Yang <sheng@linux.intel.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Marcelo Tosatti [Thu, 14 Jan 2010 19:41:27 +0000 (17:41 -0200)]
KVM: MMU: bail out pagewalk on kvm_read_guest error
commit
a6085fbaf65ab09bfb5ec8d902d6d21680fe1895 upstream.
Exit the guest pagetable walk loop if reading gpte failed. Otherwise its
possible to enter an endless loop processing the previous present pte.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Avi Kivity [Tue, 29 Dec 2009 10:42:16 +0000 (12:42 +0200)]
KVM: Fix race between APIC TMR and IRR
commit
a5d36f82c4f3e852b61fdf1fee13463c8aa91b90 upstream.
When we queue an interrupt to the local apic, we set the IRR before the TMR.
The vcpu can pick up the IRR and inject the interrupt before setting the TMR,
and perhaps even EOI it, causing incorrect behaviour.
The race is really insignificant since it can only occur on the first
interrupt (usually following interrupts will not change TMR), but it's better
closed than open.
Fixed by reordering setting the TMR vs IRR.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Michael S. Tsirkin [Wed, 13 Jan 2010 16:58:09 +0000 (18:58 +0200)]
KVM: only allow one gsi per fd
commit
f1d1c309f35e9b0fb961cffd70fbd04f450ec47c upstream.
Looks like repeatedly binding same fd to multiple gsi's with irqfd can
use up a ton of kernel memory for irqfd structures.
A simple fix is to allow each fd to only trigger one gsi: triggering a
storm of interrupts in guest is likely useless anyway, and we can do it
by binding a single gsi to many interrupts if we really want to.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Acked-by: Gregory Haskins <ghaskins@novell.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Christian Borntraeger [Thu, 21 Jan 2010 11:19:07 +0000 (12:19 +0100)]
KVM: S390: fix potential array overrun in intercept handling
commit
062d5e9b0d714f449b261bb522eadaaf6f00f438 upstream.
kvm_handle_sie_intercept uses a jump table to get the intercept handler
for a SIE intercept. Static code analysis revealed a potential problem:
the intercept_funcs jump table was defined to contain (0x48 >> 2) entries,
but we only checked for code > 0x48 which would cause an off-by-one
array overflow if code == 0x48.
Use the compiler and ARRAY_SIZE to automatically set the limits.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Abhijeet Kolekar [Wed, 13 Jan 2010 21:23:14 +0000 (13:23 -0800)]
cfg80211: fix channel setting for wext
commit
5f6120335c701ba07d5151206071f4d6ccaa684f upstream.
Patch fixes the bug at
http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2139
Currently we cannot set the channel using wext extension
if we have already associated and disconnected. As
cfg80211_mgd_wext_siwfreq will not switch the channel if ssid is set.
This fixes it by clearing the ssid.
Following is the sequence which it tries to fix.
modprobe iwlagn
iwconfig wlan0 essid ""
ifconfig wlan0 down
iwconfig wlan0 chan X
wext is marked as deprecate.If we use nl80211 we can easily play with
setting the channel.
Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com>
Acked-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Benoit Papillault [Fri, 15 Jan 2010 11:21:37 +0000 (12:21 +0100)]
mac80211: check that ieee80211_set_power_mgmt only handles STA interfaces.
commit
e5de30c9bf4a39db9f54c4a373470ce65881ade0 upstream.
ieee80211_set_power_mgmt is meant for STA interfaces only. Moreover,
since sdata->u.mgd.mtx is only initialized for STA interfaces, using
this code for any other type of interface (like creating a monitor
interface) will result in a oops.
Signed-off-by: Benoit Papillault <benoit.papillault@free.fr>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Guennadi Liakhovetski [Fri, 22 Jan 2010 17:00:03 +0000 (18:00 +0100)]
ASoC: fix a memory-leak in wm8903
commit
40aa7030e5213a43e9e0554fd7f95534ea310bf3 upstream.
Remember to free the temporary register-cache.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Peter Horton [Tue, 5 Jan 2010 11:14:36 +0000 (11:14 +0000)]
UBI: initialise update marker
commit
ff998793288b49a3b22d929bf8e56362320905ff upstream.
The in kernel copy of a volume's update marker is not initialised from the
volume table. This means that volumes where an update was unfinnished will
not be treated as "forbidden to use". This is basically that the update
functionality was broken.
Signed-off-by: Peter Horton <zero@colonel-panic.org>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Artem Bityutskiy [Mon, 18 Jan 2010 14:43:44 +0000 (16:43 +0200)]
UBI: fix memory leak in update path
commit
ebddd63b74dcf1cb676d14328d5852f1fee19a8a upstream.
When truncating an UBI volume, UBI should allocates a PEB-sized
buffer but does not release it, which leads to memory leaks.
This patch fixes the issue.
Reported-by: Marek Skuczynski <mareksk7@gmail.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Tested-by: Marek Skuczynski <mareksk7@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Hans de Goede [Mon, 25 Jan 2010 14:00:50 +0000 (15:00 +0100)]
hwmon: (fschmd) Fix a memleak on multiple opens of /dev/watchdog
commit
c453615f77aa51593c1c9c9031b4278797d3fd19 upstream.
When /dev/watchdog gets opened a second time we return -EBUSY, but
we already have got a kref then, so we end up leaking our data struct.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Takashi Iwai [Wed, 20 Jan 2010 07:35:06 +0000 (08:35 +0100)]
ALSA: hda - Fix HP T5735 automute
commit
dc99be47667c56046555e89e62f1ac17fa06329a upstream.
This patch fixes the aut-mute setup on HP T5735 with ALC262 codec.
Instead of wrong amp, use pin control toggling for muting the speaker now.
Tested-by: Lee Trager <lee.trager@hp.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>