firefly-linux-kernel-4.4.55.git
14 years agoKVM: Fix segment descriptor loading
Gleb Natapov [Fri, 19 Mar 2010 14:47:34 +0000 (15:47 +0100)]
KVM: Fix segment descriptor loading

commit c697518a861e6c43b92b848895f9926580ee63c3 upstream

Add proper error and permission checking. This patch also change task
switching code to load segment selectors before segment descriptors, like
SDM requires, otherwise permission checking during segment descriptor
loading will be incorrect.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: Fix popf emulation
Gleb Natapov [Fri, 19 Mar 2010 14:47:33 +0000 (15:47 +0100)]
KVM: x86 emulator: Fix popf emulation

commit d4c6a1549c056f1d817e8f6f2f97d8b44933472f upstream

POPF behaves differently depending on current CPU mode. Emulate correct
logic to prevent guest from changing flags that it can't change otherwise.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: Check IOPL level during io instruction emulation
Gleb Natapov [Fri, 19 Mar 2010 14:47:32 +0000 (15:47 +0100)]
KVM: x86 emulator: Check IOPL level during io instruction emulation

commit f850e2e603bf5a05b0aee7901857cf85715aa694 upstream

Make emulator check that vcpu is allowed to execute IN, INS, OUT,
OUTS, CLI, STI.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: fix memory access during x86 emulation
Gleb Natapov [Fri, 19 Mar 2010 14:47:31 +0000 (15:47 +0100)]
KVM: x86 emulator: fix memory access during x86 emulation

commit 1871c6020d7308afb99127bba51f04548e7ca84e upstream

Currently when x86 emulator needs to access memory, page walk is done with
broadest permission possible, so if emulated instruction was executed
by userspace process it can still access kernel memory. Fix that by
providing correct memory access to page walker during emulation.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoKVM: x86 emulator: Add Virtual-8086 mode of emulation
Gleb Natapov [Fri, 19 Mar 2010 14:47:30 +0000 (15:47 +0100)]
KVM: x86 emulator: Add Virtual-8086 mode of emulation

commit a0044755679f3e761b8b95995e5f2db2b7efd0f6 upstream

For some instructions CPU behaves differently for real-mode and
virtual 8086. Let emulator know which mode cpu is in, so it will
not poke into vcpu state directly.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agobacklight: mbp_nvidia_bl - add five more MacBook variants
Evan McClain [Wed, 10 Mar 2010 00:20:58 +0000 (19:20 -0500)]
backlight: mbp_nvidia_bl - add five more MacBook variants

commit 36bc5ee6a8d13333980fa54e97d3469d3d4cda98 upstream.

This adds the MacBook 1,1 2,1 3,1 4,1 and 4,2 to the DMI tables.

Signed-off-by: Evan McClain <evan.mcclain@gatech.edu>
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoresource: move kernel function inside __KERNEL__
Jiri Slaby [Fri, 19 Mar 2010 01:51:56 +0000 (02:51 +0100)]
resource: move kernel function inside __KERNEL__

commit 96d07d211739fd2450ac54e81d00fa40fcd4b1bd upstream
From: Jiri Slaby <jslaby@suse.cz>

resource: move kernel function inside __KERNEL__

It is an internal function. Move it inside __KERNEL__ ifdef, along
with task_struct declaration.

Then we get:
#--- /usr/include/linux/resource.h       2009-09-14 15:09:29.000000000 +0200
#+++ usr/include/linux/resource.h       2010-01-04 11:30:54.000000000 +0100
#@@ -3,8 +3,6 @@
#
##include <linux/time.h>
#
#-struct task_struct;
#-
#/*
#* Resource control/accounting header file for linux
#*/
#@@ -70,6 +68,5 @@
#*/
##include <asm/resource.h>
#
#-int getrusage(struct task_struct *p, int who, struct rusage *ru);
#
##endif
#
#***********

include/linux/Kbuild is untouched, since unifdef is run even on
headers-y nowadays.

backport to 2.6.32 by maximilian attems <max@stro.at>
Patch commented out by gregkh due to quilt complaining.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: maximilian attems <max@stro.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86, amd: Get multi-node CPU info from NodeId MSR instead of PCI config space
Andreas Herrmann [Wed, 16 Dec 2009 14:43:55 +0000 (15:43 +0100)]
x86, amd: Get multi-node CPU info from NodeId MSR instead of PCI config space

commit 9d260ebc09a0ad6b5c73e17676df42c7bc75ff64 upstream.

Use NodeId MSR to get NodeId and number of nodes per processor.

Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com>
LKML-Reference: <20091216144355.GB28798@alberich.amd.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda: Fix 0 dB offset for Lenovo Thinkpad models using AD1981
Daniel T Chen [Tue, 30 Mar 2010 17:29:28 +0000 (13:29 -0400)]
ALSA: hda: Fix 0 dB offset for Lenovo Thinkpad models using AD1981

commit b8e80cf386419453678b01bef830f53445ebb15d upstream.

BugLink: https://launchpad.net/bugs/551606
The OR's hardware distorts at PCM 100% because it does not correspond to
0 dB. Fix this in patch_ad1981() for all models using the Thinkpad
quirk.

Reported-by: Jane Silber
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: mixart: range checking proc file
Dan Carpenter [Tue, 6 Apr 2010 16:31:26 +0000 (19:31 +0300)]
ALSA: mixart: range checking proc file

commit b0cc58a25d04160d39a80e436847eaa2fbc5aa09 upstream.

The original code doesn't take into consideration that the value of
MIXART_BA0_SIZE - pos can be less than zero which would lead to a large
unsigned value for "count".

Also I moved the check that read size is a multiple of 4 bytes below
the code that adjusts "count".

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoreadahead: fix NULL filp dereference
Wu Fengguang [Tue, 6 Apr 2010 21:34:53 +0000 (14:34 -0700)]
readahead: fix NULL filp dereference

commit 70655c06bd3f25111312d63985888112aed15ac5 upstream.

btrfs relocate_file_extent_cluster() calls us with NULL filp:

  [ 4005.426805] BUG: unable to handle kernel NULL pointer dereference at 00000021
  [ 4005.426818] IP: [<c109a130>] page_cache_sync_readahead+0x18/0x3e

Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: Yan Zheng <yanzheng@21cn.com>
Reported-by: Kirill A. Shutemov <kirill@shutemov.name>
Tested-by: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoraw: fsync method is now required
Anton Blanchard [Tue, 6 Apr 2010 21:34:58 +0000 (14:34 -0700)]
raw: fsync method is now required

commit 55ab3a1ff843e3f0e24d2da44e71bffa5d853010 upstream.

Commit 148f948ba877f4d3cdef036b1ff6d9f68986706a (vfs: Introduce new
helpers for syncing after writing to O_SYNC file or IS_SYNC inode) broke
the raw driver.

We now call through generic_file_aio_write -> generic_write_sync ->
vfs_fsync_range.  vfs_fsync_range has:

        if (!fop || !fop->fsync) {
                ret = -EINVAL;
                goto out;
        }

But drivers/char/raw.c doesn't set an fsync method.

We have two options: fix it or remove the raw driver completely.  I'm
happy to do either, the fact this has been broken for so long suggests it
is rarely used.

The patch below adds an fsync method to the raw driver.  My knowledge of
the block layer is pretty sketchy so this could do with a once over.

If we instead decide to remove the raw driver, this patch might still be
useful as a backport to 2.6.33 and 2.6.32.

Signed-off-by: Anton Blanchard <anton@samba.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Jens Axboe <jens.axboe@oracle.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Tested-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoHID: fix oops in gyration_event()
Jiri Kosina [Tue, 23 Mar 2010 15:32:37 +0000 (16:32 +0100)]
HID: fix oops in gyration_event()

commit d8e4ebf8b603bdcd091540e6b5bddf0dec10d516 upstream.

Fix oops caused by dereferencing field->hidinput in cases where
the device hasn't been claimed by hid-input.

Reported-by: Andreas Demmer <mail@andreas-demmer.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agopata_ali: Fix regression with old devices
Alan Cox [Mon, 30 Nov 2009 13:23:05 +0000 (13:23 +0000)]
pata_ali: Fix regression with old devices

commit d6250a03fa736c1bff4df4601f5af2dc21f2bf9e upstream.

Making the new stuff work broke some of the old chipsets. We need to go
back to the old set up values for these it seems. Unfortunately even with
documentation this is basically a mix of cargoculting and guesswork.

Chased down to the exact line by Gianluca.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Cc: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agolis3: fix show rate for 8 bits chips
Éric Piel [Tue, 15 Dec 2009 02:01:40 +0000 (18:01 -0800)]
lis3: fix show rate for 8 bits chips

commit 4b5d95b3809bcd77599122494aa3f575cd6ab1b9 upstream.

Originally the driver was only targeted to 12bits sensors.  When support
for 8bits sensors was added, some slight difference in the registers were
overlooked.  This should fix it, both for initialization, and for
displaying the rate.

Reported-by: Kalhan Trisal <kalhan.trisal@intel.com>
Reported-by: Christoph Plattner <christoph.plattner@gmx.at>
Tested-by: Christoph Plattner <christoph.plattner@gmx.at>
Tested-by: Samu Onkalo <samu.p.onkalo@nokia.com>
Signed-off-by: Éric Piel <eric.piel@tremplin-utc.net>
Signed-off-by: Samu Onkalo <samu.p.onkalo@nokia.com>
Cc: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agotty: release_one_tty() forgets to put pids
Oleg Nesterov [Fri, 2 Apr 2010 16:05:12 +0000 (18:05 +0200)]
tty: release_one_tty() forgets to put pids

commit 6da8d866d0d39e9509ff826660f6a86a6757c966 upstream.

release_one_tty(tty) can be called when tty still has a reference
to pgrp/session. In this case we leak the pid.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-and-tested-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agogenirq: Force MSI irq handlers to run with interrupts disabled
Thomas Gleixner [Wed, 31 Mar 2010 11:30:19 +0000 (13:30 +0200)]
genirq: Force MSI irq handlers to run with interrupts disabled

commit 753649dbc49345a73a2454c770a3f2d54d11aec6 upstream.

Network folks reported that directing all MSI-X vectors of their multi
queue NICs to a single core can cause interrupt stack overflows when
enough interrupts fire at the same time.

This is caused by the fact that we run interrupt handlers by default
with interrupts enabled unless the driver reuqests the interrupt with
the IRQF_DISABLED set. The NIC handlers do not set this flag, so
simultaneous interrupts can nest unlimited and cause the stack
overflow.

The only safe counter measure is to run the interrupt handlers with
interrupts disabled. We can't switch to this mode in general right
now, but it is safe to do so for MSI interrupts.

Force IRQF_DISABLED for MSI interrupt handlers.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Linus Torvalds <torvalds@osdl.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: David Miller <davem@davemloft.net>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoWATCHDOG: iTCO_wdt: TCO Watchdog patch for additional Intel Cougar Point DeviceIDs
Seth Heasley [Thu, 25 Mar 2010 23:14:41 +0000 (16:14 -0700)]
WATCHDOG: iTCO_wdt: TCO Watchdog patch for additional Intel Cougar Point DeviceIDs

commit 4c7d849204341dea19be941a3c1eb4bdffac9cc4 upstream.

This patch adds the Intel Cougar Point PCH LPC Controller DeviceIDs for iTCO Watchdog.

Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoWATCHDOG: hpwdt - fix lower timeout limit
Thomas Mingarelli [Wed, 17 Mar 2010 15:33:31 +0000 (15:33 +0000)]
WATCHDOG: hpwdt - fix lower timeout limit

commit 8ba42bd88c6982fe224b09c33151c797b0fdf1a5 upstream.

[Novell Bug 581103] HP Watchdog driver has arbitrary (wrong) timeout limits.
Fix the lower timeout limit to a more appropriate value.

Signed-off-by: Thomas Mingarelli <Thomas.Mingarelli@hp.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: tear down all agg queues when restart/reconfig hw
Wey-Yi Guy [Wed, 3 Feb 2010 17:28:55 +0000 (09:28 -0800)]
mac80211: tear down all agg queues when restart/reconfig hw

commit 74e2bd1fa3ae9695af566ad5a7a288898787b909 upstream.

When there is a need to restart/reconfig hw, tear down all the
aggregation queues and let the mac80211 and driver get in-sync to have
the opportunity to re-establish the aggregation queues again.

Need to wait until driver re-establish all the station information before tear
down the aggregation queues, driver(at least iwlwifi driver) will reject the
stop aggregation queue request if station is not ready. But also need to make
sure the aggregation queues are tear down before waking up the queues, so
mac80211 will not sending frames with aggregation bit set.

Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: move netdev queue enabling to correct spot
Johannes Berg [Mon, 22 Mar 2010 20:42:43 +0000 (13:42 -0700)]
mac80211: move netdev queue enabling to correct spot

commit 7236fe29fd72d17074574ba312e7f1bb9d10abaa upstream.

"mac80211: fix skb buffering issue" still left a race
between enabling the hardware queues and the virtual
interface queues. In hindsight it's totally obvious
that enabling the netdev queues for a hardware queue
when the hardware queue is enabled is wrong, because
it could well possible that we can fill the hw queue
with packets we already have pending. Thus, we must
only enable the netdev queues once all the pending
packets have been processed and sent off to the device.

In testing, I haven't been able to trigger this race
condition, but it's clearly there, possibly only when
aggregation is being enabled.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosetup correct int pipe type in ar9170_usb_exec_cmd
Valentin Longchamp [Fri, 26 Mar 2010 10:44:33 +0000 (11:44 +0100)]
setup correct int pipe type in ar9170_usb_exec_cmd

commit 2d20c72c021d96f8b9230396c8e3782f204214ec upstream.

An int urb is constructed but we fill it in with a bulk pipe type.

Commit f661c6f8c67bd55e93348f160d590ff9edf08904 implemented a pipe type
check when CONFIG_USB_DEBUG is enabled. The check failed for all the ar9170
usb transfers and the driver could not configure the wifi dongle.

This went unnoticed until now because most people don't have
CONFIG_USB_DEBUG enabled.

Signed-off-by: Valentin Longchamp <valentin.longchamp@epfl.ch>
Acked-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: range checking issue
Dan Carpenter [Sun, 28 Mar 2010 11:55:00 +0000 (14:55 +0300)]
iwlwifi: range checking issue

commit 8e1a53c615e8efe0fac670f2973da64758748a8a upstream.

IWL_RATE_COUNT is 13 and IWL_RATE_COUNT_LEGACY is 12.

IWL_RATE_COUNT_LEGACY is the right one here because iwl3945_rates
doesn't support 60M and also that's how "rates" is defined in
iwlcore_init_geos() from drivers/net/wireless/iwlwifi/iwl-core.c.

        rates = kzalloc((sizeof(struct ieee80211_rate) * IWL_RATE_COUNT_LEGACY),
                        GFP_KERNEL);

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: fix nfreed--
Stanislaw Gruszka [Thu, 18 Mar 2010 14:29:33 +0000 (14:29 +0000)]
iwlwifi: fix nfreed--

During backporting of a120e912eb51e347f36c71b60a1d13af74d30e83
("iwlwifi: sanity check before counting number of tfds can be free")
we forget one hunk, what make lot of messages "free more than
tfds_in_queue" show up in dmesg.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Tested-by: Adel Gadllah <adel.gadllah@gmail.com>
(picked from https://patchwork.kernel.org/patch/86722/)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: counting number of tfds can be free for 4965
Wey-Yi Guy [Thu, 18 Mar 2010 16:05:00 +0000 (09:05 -0700)]
iwlwifi: counting number of tfds can be free for 4965

commit be6b38bcb175613f239e0b302607db346472c6b6 upstream.

Forget one hunk in 4965 during "iwlwifi: error checking for number of tfds
in queue" patch.

Reported-by: Shanyu Zhao <shanyu.zhao@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoFreezer: Fix buggy resume test for tasks frozen with cgroup freezer
Matt Helsley [Fri, 26 Mar 2010 22:51:44 +0000 (23:51 +0100)]
Freezer: Fix buggy resume test for tasks frozen with cgroup freezer

commit 5a7aadfe2fcb0f69e2acc1fbefe22a096e792fc9 upstream.

When the cgroup freezer is used to freeze tasks we do not want to thaw
those tasks during resume. Currently we test the cgroup freezer
state of the resuming tasks to see if the cgroup is FROZEN.  If so
then we don't thaw the task. However, the FREEZING state also indicates
that the task should remain frozen.

This also avoids a problem pointed out by Oren Ladaan: the freezer state
transition from FREEZING to FROZEN is updated lazily when userspace reads
or writes the freezer.state file in the cgroup filesystem. This means that
resume will thaw tasks in cgroups which should be in the FROZEN state if
there is no read/write of the freezer.state file to trigger this
transition before suspend.

NOTE: Another "simple" solution would be to always update the cgroup
freezer state during resume. However it's a bad choice for several reasons:
Updating the cgroup freezer state is somewhat expensive because it requires
walking all the tasks in the cgroup and checking if they are each frozen.
Worse, this could easily make resume run in N^2 time where N is the number
of tasks in the cgroup. Finally, updating the freezer state from this code
path requires trickier locking because of the way locks must be ordered.

Instead of updating the freezer state we rely on the fact that lazy
updates only manage the transition from FREEZING to FROZEN. We know that
a cgroup with the FREEZING state may actually be FROZEN so test for that
state too. This makes sense in the resume path even for partially-frozen
cgroups -- those that really are FREEZING but not FROZEN.

Reported-by: Oren Ladaan <orenl@cs.columbia.edu>
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agolibiscsi: Fix recovery slowdown regression
Mike Christie [Tue, 9 Mar 2010 20:14:51 +0000 (14:14 -0600)]
libiscsi: Fix recovery slowdown regression

commit 4ae0a6c15efcc37e94e3f30e3533bdec03c53126 upstream.

We could be failing/stopping a connection due to libiscsi starting
recovery/cleanup, but the xmit path or scsi eh thread path
could be dropping the connection at the same time.

As a result the session->state gets set to failed instead of in
recovery. We end up not blocking the session
and so the replacement timeout never gets started and we only end up
failing the IO when scsi_softirq_done sees that the
cmd has been running for (cmd->allowed + 1) * rq->timeout secs.

We used to fail the IO right away so users are seeing a long
delay when using dm-multipath. This problem was added in
2.6.28.

Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosh: Fix FDPIC binary loader
Andrew Stubbs [Mon, 29 Mar 2010 03:04:19 +0000 (12:04 +0900)]
sh: Fix FDPIC binary loader

commit d5ab780305bb6d60a7b5a74f18cf84eb6ad153b1 upstream.

Ensure that the aux table is properly initialized, even when optional
features are missing. Without this, the FDPIC loader did not work.

Signed-off-by: Andrew Stubbs <ams@codesourcery.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosh: Enable the mmu in start_secondary()
Matt Fleming [Sun, 28 Mar 2010 20:08:25 +0000 (20:08 +0000)]
sh: Enable the mmu in start_secondary()

commit 4bea3418c737891894b9d3d3e9f8bbd67d66fa38 upstream.

For the boot, enable_mmu() is called from setup_arch() but we don't call
setup_arch() for any of the other cpus. So turn on the non-boot cpu's
mmu inside of start_secondary().

I noticed this bug on an SMP board when trying to map I/O memory
(smsc911x registers) into the kernel address space. Since the Address
Translation bit in MMUCR wasn't set, accessing the virtual address where
the smsc911x registers were supposedly mapped actually performed a
physical address access.

Signed-off-by: Matt Fleming <matt@console-pimps.org>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: fix locking for inode cache radix tree tag updates
Christoph Hellwig [Thu, 11 Mar 2010 22:42:17 +0000 (09:42 +1100)]
xfs: fix locking for inode cache radix tree tag updates

commit f1f724e4b523d444c5a598d74505aefa3d6844d2 upstream

The radix-tree code requires it's users to serialize tag updates
against other updates to the tree.  While XFS protects tag updates
against each other it does not serialize them against updates of the
tree contents, which can lead to tag corruption.  Fix the inode
cache to always take pag_ici_lock in exclusive mode when updating
radix tree tags.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Patrick Schreurs <patrick@news-service.com>
Tested-by: Patrick Schreurs <patrick@news-service.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: Non-blocking inode locking in IO completion
Dave Chinner [Thu, 11 Mar 2010 22:42:16 +0000 (09:42 +1100)]
xfs: Non-blocking inode locking in IO completion

commit 77d7a0c2eeb285c9069e15396703d0cb9690ac50 upstream

The introduction of barriers to loop devices has created a new IO
order completion dependency that XFS does not handle. The loop
device implements barriers using fsync and so turns a log IO in the
XFS filesystem on the loop device into a data IO in the backing
filesystem. That is, the completion of log IOs in the loop
filesystem are now dependent on completion of data IO in the backing
filesystem.

This can cause deadlocks when a flush daemon issues a log force with
an inode locked because the IO completion of IO on the inode is
blocked by the inode lock. This in turn prevents further data IO
completion from occuring on all XFS filesystems on that CPU (due to
the shared nature of the completion queues). This then prevents the
log IO from completing because the log is waiting for data IO
completion as well.

The fix for this new completion order dependency issue is to make
the IO completion inode locking non-blocking. If the inode lock
can't be grabbed, simply requeue the IO completion back to the work
queue so that it can be processed later. This prevents the
completion queue from being blocked and allows data IO completion on
other inodes to proceed, hence avoiding completion order dependent
deadlocks.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: remove invalid barrier optimization from xfs_fsync
Christoph Hellwig [Thu, 11 Mar 2010 22:42:15 +0000 (09:42 +1100)]
xfs: remove invalid barrier optimization from xfs_fsync

commit e8b217e7530c6a073ac69f1c85b922d93fdf5647 upstream

Date: Tue, 2 Feb 2010 10:16:26 +1100
We always need to flush the disk write cache and can't skip it just because
the no inode attributes have changed.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: don't hold onto reserved blocks on remount, ro
Dave Chinner [Thu, 11 Mar 2010 22:42:14 +0000 (09:42 +1100)]
xfs: don't hold onto reserved blocks on remount, ro

commit cbe132a8bdcff0f9afd9060948fb50597c7400b8 upstream

If we hold onto reserved blocks when doing a remount,ro we end
up writing the blocks used count to disk that includes the reserved
blocks. Reserved blocks are not actually used, so this results in
the values in the superblock being incorrect.

Hence if we run xfs_check or xfs_repair -n while the filesystem is
mounted remount,ro we end up with an inconsistent filesystem being
reported. Also, running xfs_copy on the remount,ro filesystem will
result in an inconsistent image being generated.

To fix this, unreserve the blocks when doing the remount,ro, and
reserved them again on remount,rw. This way a remount,ro filesystem
will appear consistent on disk to all utilities.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: quota limit statvfs available blocks
Christoph Hellwig [Thu, 11 Mar 2010 22:42:13 +0000 (09:42 +1100)]
xfs: quota limit statvfs available blocks

commit 9b00f30762fe9f914eb6e03057a616ed63a4e8ca upstream

A "df" run on an NFS client of an exported XFS file system reports
the wrong information for "available" blocks.  When a block quota is
enforced, the amount reported as free is limited by the quota, but
the amount reported available is not (and should be).

Reported-by: Guk-Bong, Kwon <gbkwon@gmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: xfs_swap_extents needs to handle dynamic fork offsets
Dave Chinner [Thu, 11 Mar 2010 22:42:12 +0000 (09:42 +1100)]
xfs: xfs_swap_extents needs to handle dynamic fork offsets

commit e09f98606dcc156de1146c209d45a0d6d5f51c3f upstream

When swapping extents, we can corrupt inodes by swapping data forks
that are in incompatible formats.  This is caused by the two indoes
having different fork offsets due to the presence of an attribute
fork on an attr2 filesystem.  xfs_fsr tries to be smart about
setting the fork offset, but the trick it plays only works on attr1
(old fixed format attribute fork) filesystems.

Changing the way xfs_fsr sets up the attribute fork will prevent
this situation from ever occurring, so in the kernel code we can get
by with a preventative fix - check that the data fork in the
defragmented inode is in a format valid for the inode it is being
swapped into.  This will lead to files that will silently and
potentially repeatedly fail defragmentation, so issue a warning to
the log when this particular failure occurs to let us know that
xfs_fsr needs updating/fixing.

To help identify how to improve xfs_fsr to avoid this issue, add
trace points for the inodes being swapped so that we can determine
why the swap was rejected and to confirm that the code is making the
right decisions and modifications when swapping forks.

A further complication is even when the swap is allowed to proceed
when the fork offset is different between the two inodes then value
for the maximum number of extents the data fork can hold can be
wrong. Make sure these are also set correctly after the swap occurs.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: fix stale inode flush avoidance
Dave Chinner [Thu, 11 Mar 2010 22:42:11 +0000 (09:42 +1100)]
xfs: fix stale inode flush avoidance

commit 4b6a46882cca8349e8942e2650c33b11bc571c92 upstream

When reclaiming stale inodes, we need to guarantee that inodes are
unpinned before returning with a "clean" status. If we don't we can
reclaim inodes that are pinned, leading to use after free in the
transaction subsystem as transactions complete.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: reclaim all inodes by background tree walks
Dave Chinner [Thu, 11 Mar 2010 22:42:10 +0000 (09:42 +1100)]
xfs: reclaim all inodes by background tree walks

commit 57817c68229984818fea9e614d6f95249c3fb098 upstream

We cannot do direct inode reclaim without taking the flush lock to
ensure that we do not reclaim an inode under IO. We check the inode
is clean before doing direct reclaim, but this is not good enough
because the inode flush code marks the inode clean once it has
copied the in-core dirty state to the backing buffer.

It is the flush lock that determines whether the inode is still
under IO, even though it is marked clean, and the inode is still
required at IO completion so we can't reclaim it even though it is
clean in core. Hence the requirement that we need to take the flush
lock even on clean inodes because this guarantees that the inode
writeback IO has completed and it is safe to reclaim the inode.

With delayed write inode flushing, we could end up waiting a long
time on the flush lock even for a clean inode. The background
reclaim already handles this efficiently, so avoid all the problems
by killing the direct reclaim path altogether.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: Avoid inodes in reclaim when flushing from inode cache
Dave Chinner [Thu, 11 Mar 2010 22:42:09 +0000 (09:42 +1100)]
xfs: Avoid inodes in reclaim when flushing from inode cache

commit 018027be90a6946e8cf3f9b17b5582384f7ed117 upstream

The reclaim code will handle flushing of dirty inodes before reclaim
occurs, so avoid them when determining whether an inode is a
candidate for flushing to disk when walking the radix trees.  This
is based on a test patch from Christoph Hellwig.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: reclaim inodes under a write lock
Dave Chinner [Thu, 11 Mar 2010 22:42:08 +0000 (09:42 +1100)]
xfs: reclaim inodes under a write lock

commit c8e20be020f234c8d492927a424a7d8bbefd5b5d upstream

Make the inode tree reclaim walk exclusive to avoid races with
concurrent sync walkers and lookups. This is a version of a patch
posted by Christoph Hellwig that avoids all the code duplication.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: Ensure we force all busy extents in range to disk
Dave Chinner [Thu, 11 Mar 2010 22:42:07 +0000 (09:42 +1100)]
xfs: Ensure we force all busy extents in range to disk

commit fd45e4784164d1017521086524e3442318c67370 upstream

When we search for and find a busy extent during allocation we
force the log out to ensure the extent free transaction is on
disk before the allocation transaction. The current implementation
has a subtle bug in it--it does not handle multiple overlapping
ranges.

That is, if we free lots of little extents into a single
contiguous extent, then allocate the contiguous extent, the busy
search code stops searching at the first extent it finds that
overlaps the allocated range. It then uses the commit LSN of the
transaction to force the log out to.

Unfortunately, the other busy ranges might have more recent
commit LSNs than the first busy extent that is found, and this
results in xfs_alloc_search_busy() returning before all the
extent free transactions are on disk for the range being
allocated. This can lead to potential metadata corruption or
stale data exposure after a crash because log replay won't replay
all the extent free transactions that cover the allocation range.

Modified-by: Alex Elder <aelder@sgi.com>
(Dropped the "found" argument from the xfs_alloc_busysearch trace
event.)

Signed-off-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: Don't flush stale inodes
Dave Chinner [Thu, 11 Mar 2010 22:42:06 +0000 (09:42 +1100)]
xfs: Don't flush stale inodes

commit 44e08c45cc14e6190a424be8d450070c8e508fad upstream

Because inodes remain in cache much longer than inode buffers do
under memory pressure, we can get the situation where we have
stale, dirty inodes being reclaimed but the backing storage has
been freed.  Hence we should never, ever flush XFS_ISTALE inodes
to disk as there is no guarantee that the backing buffer is in
cache and still marked stale when the flush occurs.

Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: fix timestamp handling in xfs_setattr
Christoph Hellwig [Thu, 11 Mar 2010 22:42:05 +0000 (09:42 +1100)]
xfs: fix timestamp handling in xfs_setattr

commit d6d59bada372bcf8bd36c3bbc71c485c29dd2a4b upstream

We currently have some rather odd code in xfs_setattr for
updating the a/c/mtime timestamps:

 - first we do a non-transaction update if all three are updated
   together
 - second we implicitly update the ctime for various changes
   instead of relying on the ATTR_CTIME flag
 - third we set the timestamps to the current time instead of the
   arguments in the iattr structure in many cases.

This patch makes sure we update it in a consistent way:

 - always transactional
 - ctime is only updated if ATTR_CTIME is set or we do a size
   update, which is a special case
 - always to the times passed in from the caller instead of the
   current time

The only non-size caller of xfs_setattr that doesn't come from
the VFS is updated to set ATTR_CTIME and pass in a valid ctime
value.

Reported-by: Eric Blake <ebb9@byu.net>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: check for not fully initialized inodes in xfs_ireclaim
Christoph Hellwig [Thu, 11 Mar 2010 22:42:04 +0000 (09:42 +1100)]
xfs: check for not fully initialized inodes in xfs_ireclaim

commit b44b1126279b60597f96bbe77507b1650f88a969 upstream

Add an assert for inodes not added to the inode cache in xfs_ireclaim,
to make sure we're not going to introduce something like the
famous nfsd inode cache bug again.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: Fix error return for fallocate() on XFS
Jason Gunthorpe [Thu, 11 Mar 2010 22:42:03 +0000 (09:42 +1100)]
xfs: Fix error return for fallocate() on XFS

commit 44a743f68705c681439f264deb05f8f38e9048d3 upstream

Noticed that through glibc fallocate would return 28 rather than -1
and errno = 28 for ENOSPC. The xfs routines uses XFS_ERROR format
positive return error codes while the syscalls use negative return
codes.  Fixup the two cases in xfs_vn_fallocate syscall to convert to
negative.

Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Eric Sandeen <sandeen@sandeen.net>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: Wrapped journal record corruption on read at recovery
Andy Poling [Thu, 11 Mar 2010 22:42:02 +0000 (09:42 +1100)]
xfs: Wrapped journal record corruption on read at recovery

commit fc5bc4c85c45f0bf854404e5736aa8b65720a18d upstream

Summary of problem:

If a journal record wraps at the physical end of the journal, it has to be
read in two parts in xlog_do_recovery_pass(): a read at the physical end and a
read at the physical beginning.  If xlog_bread() has to re-align the first
read, the second read request does not take that re-alignment into account.
If the first read was re-aligned, the second read over-writes the end of the
data from the first read, effectively corrupting it.  This can happen either
when reading the record header or reading the record data.

The first sanity check in xlog_recover_process_data() is to check for a valid
clientid, so that is the error reported.

Summary of fix:

If there was a first read at the physical end, XFS_BUF_PTR() returns where the
data was requested to begin.  Conversely, because it is the result of
xlog_align(), offset indicates where the requested data for the first read
actually begins - whether or not xlog_bread() has re-aligned it.

Using offset as the base for the calculation of where to place the second read
data ensures that it will be correctly placed immediately following the data
from the first read instead of sometimes over-writing the end of it.

The attached patch has resolved the reported problem of occasional inability
to recover the journal (reporting "bad clientid").

Signed-off-by: Andy Poling <andy@realbig.com>
Reviewed-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: I/O completion handlers must use NOFS allocations
Christoph Hellwig [Thu, 11 Mar 2010 22:42:01 +0000 (09:42 +1100)]
xfs: I/O completion handlers must use NOFS allocations

commit 80641dc66a2d6dfb22af4413227a92b8ab84c7bb upstream

When completing I/O requests we must not allow the memory allocator to
recurse into the filesystem, as we might deadlock on waiting for the
I/O completion otherwise.  The only thing currently allocating normal
GFP_KERNEL memory is the allocation of the transaction structure for
the unwritten extent conversion.  Add a memflags argument to
_xfs_trans_alloc to allow controlling the allocator behaviour.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Thomas Neumann <tneumann@users.sourceforge.net>
Tested-by: Thomas Neumann <tneumann@users.sourceforge.net>
Reviewed-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: fix mmap_sem/iolock inversion in xfs_free_eofblocks
Christoph Hellwig [Thu, 11 Mar 2010 22:42:00 +0000 (09:42 +1100)]
xfs: fix mmap_sem/iolock inversion in xfs_free_eofblocks

commit c56c9631cbe88f08854a56ff9776c1f310916830 upstream

When xfs_free_eofblocks is called from ->release the VM might already
hold the mmap_sem, but in the write path we take the iolock before
taking the mmap_sem in the generic write code.

Switch xfs_free_eofblocks to only trylock the iolock if called from
->release and skip trimming the prellocated blocks in that case.
We'll still free them later on the final iput.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoxfs: simplify inode teardown
Christoph Hellwig [Thu, 11 Mar 2010 22:41:59 +0000 (09:41 +1100)]
xfs: simplify inode teardown

commit 848ce8f731aed0a2d4ab5884a4f6664af73d2dd0 upstream

Currently the reclaim code for the case where we don't reclaim the
final reclaim is overly complicated.  We know that the inode is clean
but instead of just directly reclaiming the clean inode we go through
the whole process of marking the inode reclaimable just to directly
reclaim it from the calling context.  Besides being overly complicated
this introduces a race where iget could recycle an inode between
marked reclaimable and actually being reclaimed leading to panics.

This patch gets rid of the existing reclaim path, and replaces it with
a simple call to xfs_ireclaim if the inode was clean.  While we're at
it we also use the slightly more lax xfs_inode_clean check we'd use
later to determine if we need to flush the inode here.

Finally get rid of xfs_reclaim function and place the remaining small
bits of reclaim code directly into xfs_fs_destroy_inode.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Patrick Schreurs <patrick@news-service.com>
Reported-by: Tommy van Leeuwen <tommy@news-service.com>
Tested-by: Patrick Schreurs <patrick@news-service.com>
Reviewed-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm: Return ENODEV if the inode mapping changes
Chris Wilson [Thu, 18 Mar 2010 11:56:54 +0000 (11:56 +0000)]
drm: Return ENODEV if the inode mapping changes

commit da58405860b992d2bb21ebae5d685fe3204dd3f0 upstream.

Replace a BUG_ON with an error code in the event that the inode mapping
changes between calls to drm_open. This may happen for instance if udev
is loaded subsequent to the original opening of the device:

[  644.291870] kernel BUG at drivers/gpu/drm/drm_fops.c:146!
[  644.291876] invalid opcode: 0000 [#1] SMP
[  644.291882] last sysfs file: /sys/kernel/uevent_seqnum
[  644.291888]
[  644.291895] Pid: 7276, comm: lt-cairo-test-s Not tainted 2.6.34-rc1 #2 N150/N210/N220             /N150/N210/N220
[  644.291903] EIP: 0060:[<c11c70e3>] EFLAGS: 00210283 CPU: 0
[  644.291912] EIP is at drm_open+0x4b1/0x4e2
[  644.291918] EAX: f72d8d18 EBX: f790a400 ECX: f73176b8 EDX: 00000000
[  644.291923] ESI: f790a414 EDI: f790a414 EBP: f647ae20 ESP: f647adfc
[  644.291929]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[  644.291937] Process lt-cairo-test-s (pid: 7276, ti=f647a000 task=f73f5c80 task.ti=f647a000)
[  644.291941] Stack:
[  644.291945]  00000000 f7bb7400 00000080 f6451100 f73176b8 f6479214 f6451100 f73176b8
[  644.291957] <0> c1297ce0 f647ae34 c11c6c04 f73176b8 f7949800 00000000 f647ae54 c1080ac5
[  644.291969] <0> f7949800 f6451100 00000000 f6451100 f73176b8 f6452780 f647ae70 c107d1e6
[  644.291982] Call Trace:
[  644.291991]  [<c11c6c04>] ? drm_stub_open+0x8a/0xb8
[  644.292000]  [<c1080ac5>] ? chrdev_open+0xef/0x106
[  644.292008]  [<c107d1e6>] ? __dentry_open+0xd4/0x1a6
[  644.292015]  [<c107d35b>] ? nameidata_to_filp+0x31/0x45
[  644.292022]  [<c10809d6>] ? chrdev_open+0x0/0x106
[  644.292030]  [<c10864e2>] ? do_last+0x346/0x423
[  644.292037]  [<c108789f>] ? do_filp_open+0x190/0x415
[  644.292046]  [<c1071eb5>] ? handle_mm_fault+0x214/0x710
[  644.292053]  [<c107d008>] ? do_sys_open+0x4d/0xe9
[  644.292061]  [<c1016462>] ? do_page_fault+0x211/0x23f
[  644.292068]  [<c107d0f0>] ? sys_open+0x23/0x2b
[  644.292075]  [<c1002650>] ? sysenter_do_call+0x12/0x26
[  644.292079] Code: 89 f0 89 55 dc e8 8d 96 0a 00 8b 45 e0 8b 55 dc 83 78 04 01 75 28 8b 83 18 02 00 00 85 c0 74 0f 8b 4d ec 3b 81 ac 00 00 00 74 13 <0f> 0b eb fe 8b 4d ec 8b 81 ac 00 00 00 89 83 18 02 00 00 89 f0
[  644.292143] EIP: [<c11c70e3>] drm_open+0x4b1/0x4e2 SS:ESP 0068:f647adfc
[  644.292175] ---[ end trace 2ddd476af89a60fa ]---

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/radeon/kms: fix pal tv-out support on legacy IGP chips
Alex Deucher [Wed, 10 Mar 2010 23:33:03 +0000 (18:33 -0500)]
drm/radeon/kms: fix pal tv-out support on legacy IGP chips

commit 15f7207761cfcf8f53fb6e5cacffe060478782c3 upstream.

Based on ddx patch by Andrzej Hajda.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/radeon/kms: don't print error on -ERESTARTSYS.
Dave Airlie [Fri, 19 Mar 2010 00:33:44 +0000 (10:33 +1000)]
drm/radeon/kms: don't print error on -ERESTARTSYS.

commit 97f23b3d85a4d734a8584dade3a34579931c8f8d upstream.

We can get this if the user moves the mouse when we are waiting to move
some stuff around in the validate. Don't fail.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agooom: fix the unsafe usage of badness() in proc_oom_score()
Oleg Nesterov [Thu, 1 Apr 2010 13:13:57 +0000 (15:13 +0200)]
oom: fix the unsafe usage of badness() in proc_oom_score()

commit b95c35e76b29ba812e5dabdd91592e25ec640e93 upstream.

proc_oom_score(task) has a reference to task_struct, but that is all.
If this task was already released before we take tasklist_lock

- we can't use task->group_leader, it points to nowhere

- it is not safe to call badness() even if this task is
  ->group_leader, has_intersects_mems_allowed() assumes
  it is safe to iterate over ->thread_group list.

- even worse, badness() can hit ->signal == NULL

Add the pid_alive() check to ensure __unhash_process() was not called.

Also, use "task" instead of task->group_leader. badness() should return
the same result for any sub-thread. Currently this is not true, but
this should be changed anyway.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofat: fix buffer overflow in vfat_create_shortname()
Nikolaus Schulz [Wed, 31 Mar 2010 17:21:10 +0000 (02:21 +0900)]
fat: fix buffer overflow in vfat_create_shortname()

commit 30d1872d9eb3663b4cf7bdebcbf5cd465674cced upstream.

When using the string representation of a random counter as part of the base
name, ensure that it is no longer than 4 bytes.

Since we are repeatedly decrementing the counter in a loop until we have found a
unique base name, the counter may wrap around zero; therefore, it is not enough
to mask its higher bits before entering the loop, this must be done inside the
loop.

[hirofumi@mail.parknet.co.jp: use snprintf()]
Signed-off-by: Nikolaus Schulz <microschulz@web.de>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm: remove the EDID blob stored in the EDID property when it is disconnected
Zhao Yakui [Thu, 4 Mar 2010 08:25:55 +0000 (08:25 +0000)]
drm: remove the EDID blob stored in the EDID property when it is disconnected

commit 725398322d05486109375fbb85c3404108881e17 upstream.

Now the EDID property will be updated when the corresponding EDID can be
obtained from the external display device. But after the external device
is plugged-out, the EDID property is not updated. In such case we still
get the corresponding EDID property although it is already detected as
disconnected.

https://bugs.freedesktop.org/show_bug.cgi?id=26743

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/radeon: add new RS880 pci id
Alex Deucher [Wed, 3 Mar 2010 18:39:13 +0000 (13:39 -0500)]
drm/radeon: add new RS880 pci id

commit 338e2b1d571e4873908b199c90d6a31f65137fe3 upstream.

This should go to 2.6.33 stable as well.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/edid: allow certain bogus edids to hit a fixup path rather than fail
Ben Skeggs [Wed, 17 Feb 2010 23:12:09 +0000 (09:12 +1000)]
drm/edid: allow certain bogus edids to hit a fixup path rather than fail

commit 44fef22416886a04d432043f741a6faf2c6ffefd upstream.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoLinux 2.6.32.11
Greg Kroah-Hartman [Thu, 1 Apr 2010 22:59:14 +0000 (15:59 -0700)]
Linux 2.6.32.11

14 years agoGFS2: Skip check for mandatory locks when unlocking
Sachin Prabhu [Thu, 11 Mar 2010 17:24:45 +0000 (12:24 -0500)]
GFS2: Skip check for mandatory locks when unlocking

commit 720e7749279bde0d08684b1bb4e7a2eedeec6394 upstream.

gfs2_lock() will skip locks on file which have mode set to 02666. This is a problem in cases where the mode of the file is changed after a process has obtained a lock on the file. Such a lock will be skipped and will result in a BUG in locks_remove_flock().

gfs2_lock() should skip the check for mandatory locks when unlocking a file.

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Fix sched_clock_cpu for systems with unsynchronized TSC
Dimitri Sivanich [Mon, 1 Mar 2010 17:48:15 +0000 (11:48 -0600)]
x86: Fix sched_clock_cpu for systems with unsynchronized TSC

commit 14be1f7454ea96ee614467a49cf018a1a383b189 upstream.

On UV systems, the TSC is not synchronized across blades.  The
sched_clock_cpu() function is returning values that can go
backwards  (I've seen as much as 8 seconds) when switching
between cpus.

As each cpu comes up, early_init_intel() will currently set the
sched_clock_stable flag true.  When mark_tsc_unstable() runs, it
clears the flag, but this only occurs once (the first time a cpu
comes up whose TSC is not synchronized with cpu 0).  After this,
early_init_intel() will set the flag again as the next cpu comes
up.

Only set sched_clock_stable if tsc has not been marked unstable.

Signed-off-by: Dimitri Sivanich <sivanich@sgi.com>
Acked-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
LKML-Reference: <20100301174815.GC8224@sgi.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agos3cmci: initialize default platform data no_wprotect and no_detect with 1
Lars-Peter Clausen [Fri, 5 Mar 2010 21:43:35 +0000 (13:43 -0800)]
s3cmci: initialize default platform data no_wprotect and no_detect with 1

commit c212808a1ba6bfba489006399b8152a047305acf upstream.

If no platform_data was givin to the device it's going to use it's default
platform data struct which has all fields initialized to zero.  As a
result the driver is going to try to request gpio0 both as write protect
and card detect pin.  Which of course will fail and makes the driver
unusable

Previously to the introduction of no_wprotect and no_detect the behavior
was to assume that if no platform data was given there is no write protect
or card detect pin.  This patch restores that behavior.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Cc: Ben Dooks <ben-linux@fluff.org>
Cc: <linux-mmc@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoblock: Backport of various I/O topology fixes from 2.6.33 and 2.6.34
Martin K. Petersen [Wed, 17 Mar 2010 00:30:01 +0000 (20:30 -0400)]
block: Backport of various I/O topology fixes from 2.6.33 and 2.6.34

block: Backport of various I/O topology fixes from 2.6.33 and 2.6.34

The stacking code incorrectly scaled up the data offset in some cases
causing misaligned devices to report alignment.  Rewrite the stacking
algorithm to remedy this.

(Upstream commit 9504e0864b58b4a304820dcf3755f1da80d5e72f)

The top device misalignment flag would not be set if the added bottom
device was already misaligned as opposed to causing a stacking failure.

Also massage the reporting so that an error is only returned if adding
the bottom device caused the misalignment.  I.e. don't return an error
if the top is already flagged as misaligned.

(Upstream commit fe0b393f2c0a0d23a9bc9ed7dc51a1ee511098bd)

lcm() was defined to take integer-sized arguments.  The supplied
arguments are multiplied, however, causing us to overflow given
sufficiently large input.  That in turn led to incorrect optimal I/O
size reporting in some cases.  Switch lcm() over to unsigned long
similar to gcd() and move the function from blk-settings.c to lib.

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agob43: Workaround circular locking in hw-tkip key update callback
Michael Buesch [Fri, 19 Mar 2010 15:38:33 +0000 (10:38 -0500)]
b43: Workaround circular locking in hw-tkip key update callback

commit 96869a39399269a776a94812e9fff3d38b47d838 upstream

The TKIP key update callback is called from the RX path, where the driver
mutex is already locked. This results in a circular locking bug.
Avoid this by removing the lock.

Johannes noted that there is a separate bug: The callback still breaks on SDIO
hardware, because SDIO hardware access needs to sleep, but we are not allowed
to sleep in the callback due to mac80211's RCU locking.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: kecsa@kutfo.hit.bme.hu
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosh: Fix zImage boot using fixed PMB.
Nobuhiro Iwamatsu [Sat, 20 Mar 2010 07:42:54 +0000 (16:42 +0900)]
sh: Fix zImage boot using fixed PMB.

commit 319c2cc761505ee54a9536c5d0b9c2ee3fb33866 upstream.

Signed-off-by: Nobuhiro Iwamatsu <iwamatsu.nobuhiro@renesas.com>
Signed-off-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoBluetooth: Fix kernel crash on L2CAP stress tests
Andrei Emeltchenko [Fri, 19 Mar 2010 08:26:28 +0000 (10:26 +0200)]
Bluetooth: Fix kernel crash on L2CAP stress tests

commit c2c77ec83bdad17fb688557b5b3fdc36661dd1c6 upstream.

Added very simple check that req buffer has enough space to
fit configuration parameters. Shall be enough to reject packets
with configuration size more than req buffer.

Crash trace below

[ 6069.659393] Unable to handle kernel paging request at virtual address 02000205
[ 6069.673034] Internal error: Oops: 805 [#1] PREEMPT
...
[ 6069.727172] PC is at l2cap_add_conf_opt+0x70/0xf0 [l2cap]
[ 6069.732604] LR is at l2cap_recv_frame+0x1350/0x2e78 [l2cap]
...
[ 6070.030303] Backtrace:
[ 6070.032806] [<bf1c2880>] (l2cap_add_conf_opt+0x0/0xf0 [l2cap]) from
[<bf1c6624>] (l2cap_recv_frame+0x1350/0x2e78 [l2cap])
[ 6070.043823]  r8:dc5d3100 r7:df2a91d6 r6:00000001 r5:df2a8000 r4:00000200
[ 6070.050659] [<bf1c52d4>] (l2cap_recv_frame+0x0/0x2e78 [l2cap]) from
[<bf1c8408>] (l2cap_recv_acldata+0x2bc/0x350 [l2cap])
[ 6070.061798] [<bf1c814c>] (l2cap_recv_acldata+0x0/0x350 [l2cap]) from
[<bf0037a4>] (hci_rx_task+0x244/0x478 [bluetooth])
[ 6070.072631]  r6:dc647700 r5:00000001 r4:df2ab740
[ 6070.077362] [<bf003560>] (hci_rx_task+0x0/0x478 [bluetooth]) from
[<c006b9fc>] (tasklet_action+0x78/0xd8)
[ 6070.087005] [<c006b984>] (tasklet_action+0x0/0xd8) from [<c006c160>]

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@nokia.com>
Acked-by: Gustavo F. Padovan <gustavo@padovan.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoBluetooth: Fix potential bad memory access with sysfs files
Marcel Holtmann [Mon, 15 Mar 2010 21:12:58 +0000 (14:12 -0700)]
Bluetooth: Fix potential bad memory access with sysfs files

commit 101545f6fef4a0a3ea8daf0b5b880df2c6a92a69 upstream.

When creating a high number of Bluetooth sockets (L2CAP, SCO
and RFCOMM) it is possible to scribble repeatedly on arbitrary
pages of memory. Ensure that the content of these sysfs files is
always less than one page. Even if this means truncating. The
files in question are scheduled to be moved over to debugfs in
the future anyway.

Based on initial patches from Neil Brown and Linus Torvalds

Reported-by: Neil Brown <neilb@suse.de>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoahci: use BIOS date in broken_suspend list
Tejun Heo [Tue, 16 Mar 2010 00:50:26 +0000 (09:50 +0900)]
ahci: use BIOS date in broken_suspend list

commit 9deb343189b3cf45e84dd08480f330575ffe2004 upstream.

HP is recycling both DMI_PRODUCT_NAME and DMI_BIOS_VERSION making
ahci_broken_suspend() trigger for later products which are not
affected by the original problems.  Match BIOS date instead of version
and add references to bko's so that full information can be found
easier later.

This fixes http://bugzilla.kernel.org/show_bug.cgi?id=15462

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: tigerfishdaisy@gmail.com
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoquota: Fix warning when a delayed write happens before quota is enabled
Jan Kara [Tue, 9 Feb 2010 17:20:39 +0000 (18:20 +0100)]
quota: Fix warning when a delayed write happens before quota is enabled

commit 0a5a9c725512461d19397490f3adf29931dca1f2 upstream.

If a delayed-allocation write happens before quota is enabled, the
kernel spits out a warning:
WARNING: at fs/quota/dquot.c:988 dquot_claim_space+0x77/0x112()

because the fact that user has some delayed allocation is not recorded
in quota structure.

Make dquot_initialize() update amount of reserved space for user if it sees
inode has some space reserved. Also make sure that reserved quota space does
not go negative and we warn about the filesystem bug just once.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoquota: manage reserved space when quota is not active [v2]
Dmitry Monakhov [Tue, 9 Feb 2010 16:53:36 +0000 (17:53 +0100)]
quota: manage reserved space when quota is not active [v2]

commit c469070aea5a0ada45a836937c776fd3083dae2b upstream.

Since we implemented generic reserved space management interface,
then it is possible to account reserved space even when quota
is not active (similar to i_blocks/i_bytes).

Without this patch following testcase result in massive comlain from
WARN_ON in dquot_claim_space()

TEST_CASE:
mount /dev/sdb /mnt -oquota
dd if=/dev/zero of=/mnt/test bs=1M count=1
quotaon /mnt
# fs_reserved_spave == 1Mb
# quota_reserved_space == 0, because quota was disabled
dd if=/dev/zero of=/mnt/test seek=1 bs=1M count=1
# fs_reserved_spave == 2Mb
# quota_reserved_space == 1Mb
sync  # ->dquot_claim_space() -> WARN_ON

Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoleds-gpio: fix default state handling on OF platforms
Anton Vorontsov [Thu, 11 Mar 2010 21:58:47 +0000 (13:58 -0800)]
leds-gpio: fix default state handling on OF platforms

commit 0493a4ff10959ff4c8e0d65efee25b7ffd4fa5db upstream.

The driver wrongly sets default state for LEDs that don't specify
default-state property.

Currently the driver handles default state this way:

memset(&led, 0, sizeof(led));
for_each_child_of_node(np, child) {
state = of_get_property(child, "default-state", NULL);
if (state) {
if (!strcmp(state, "keep"))
led.default_state = LEDS_GPIO_DEFSTATE_KEEP;
...
}
ret = create_gpio_led(&led, ...);
}

Which means that all LEDs that do not specify default-state will inherit
the last value of the default-state property, which is wrong.

This patch fixes the issue by moving LED's template initialization into
the loop body.

Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: Reset dynamic ps timer in Rx path.
Vivek Natarajan [Thu, 11 Mar 2010 22:54:34 +0000 (14:54 -0800)]
mac80211: Reset dynamic ps timer in Rx path.

commit e15276a4b220c54db665cf46a92bd9ceb9aeb052 upstream.

The current mac80211 implementation enables power save if there
is no Tx traffic for a specific timeout. Hence, PS is triggered
even if there is a continuous Rx only traffic(like UDP) going on.
This makes the drivers to wait on the tim bit in the next beacon
to awake which leads to redundant sleep-wake cycles.
Fix this by restarting the dynamic ps timer on receiving every
data packet.

Signed-off-by: Vivek Natarajan <vnatarajan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath9k: Enable IEEE80211_HW_REPORTS_TX_ACK_STATUS flag for ath9k
Vivek Natarajan [Thu, 11 Mar 2010 21:03:01 +0000 (13:03 -0800)]
ath9k: Enable IEEE80211_HW_REPORTS_TX_ACK_STATUS flag for ath9k

commit 05df49865be08b30e7ba91b9d3d94d7d52dd3033 upstream.

Signed-off-by: Vivek Natarajan <vnatarajan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agomac80211: Retry null data frame for power save
Vivek Natarajan [Thu, 11 Mar 2010 21:10:03 +0000 (13:10 -0800)]
mac80211: Retry null data frame for power save

commit 375177bf35efc08e1bd37bbda4cc0c8cc4db8500 upstream.

Even if the null data frame is not acked by the AP, mac80211
goes into power save. This might lead to loss of frames
from the AP.
Prevent this by restarting dynamic_ps_timer when ack is not
received for null data frames.

Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Vivek Natarajan <vnatarajan@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath9k: Enable TIM timer interrupt only when needed.
Senthil Balasubramanian [Thu, 11 Mar 2010 19:50:54 +0000 (11:50 -0800)]
ath9k: Enable TIM timer interrupt only when needed.

commit 3f7c5c10e9dc6bf90179eb9f7c06151d508fb324 upstream.

The TIM timer interrupt is enabled even before the ACK of nullqos
is received which is unnecessary.

Also clean up the CONF_PS part of config callback properly for
better readability.

Signed-off-by: Senthil Balasubramanian <senthilkumar@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Luis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda: Use ALC260_WILL quirk for another Acer model (0x1025007f)
Daniel T Chen [Sun, 13 Dec 2009 19:11:02 +0000 (14:11 -0500)]
ALSA: hda: Use ALC260_WILL quirk for another Acer model (0x1025007f)

commit 950200e2ff11daae1c5d9426703bdd494603f38b upstream.

BugLink: https://bugs.launchpad.net/bugs/418627
The original reporter states that this quirk is necessary to obtain
reasonable gain for playback.  Without it, sound is inaudible.  Tested
with playback (spkr and hp) and capture.

Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: ac97: Add IBM ThinkPad R40e to Headphone/Line Jack Sense blacklist
Daniel T Chen [Fri, 26 Mar 2010 05:38:15 +0000 (22:38 -0700)]
ALSA: ac97: Add IBM ThinkPad R40e to Headphone/Line Jack Sense blacklist

commit e1f7f02b45cf33a774d56e505ce1718af9392f5e upstream.

BugLink: https://launchpad.net/bugs/303789
This model needs both 'Headphone Jack Sense' and 'Line Jack Sense'
muted for audible audio, so just add its SSID to the blacklist and
don't enumerate the controls.

Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: ac97: Add Toshiba P500 to ac97 jack sense blacklist
Daniel Chen [Sun, 28 Mar 2010 20:32:34 +0000 (13:32 -0700)]
ALSA: ac97: Add Toshiba P500 to ac97 jack sense blacklist

commit 5cd165e7057020884e430941c24454d3df9a799d upstream.

BugLink: https://launchpad.net/bugs/481058
The OR has verified that both 'Headphone Jack Sense' and 'Line Jack Sense'
need to be muted for sound to be audible, so just add the machine's SSID
to the ac97 jack sense blacklist.

Reported-by: Richard Gagne
Tested-by: Richard Gagne
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoALSA: hda: Use LPIB for ga-ma770-ud3 board
Daniel T Chen [Sun, 28 Mar 2010 06:34:40 +0000 (02:34 -0400)]
ALSA: hda: Use LPIB for ga-ma770-ud3 board

commit 9ec8ddad59fadd8021adfea4cb716a49b0e232e9 upstream.

BugLink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575669
The OR states that position_fix=1 is necessary to work around glitching
during volume adjustments using PulseAudio.

Reported-by: Carlos Laviola <claviola@debian.org>
Tested-by: Carlos Laviola <claviola@debian.org>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agohwmon: (coretemp) Add missing newline to dev_warn() message
Dean Nelson [Mon, 29 Mar 2010 20:03:00 +0000 (22:03 +0200)]
hwmon: (coretemp) Add missing newline to dev_warn() message

commit 4d7a5644e4adfafe76c2bd8ee168e3f3b5dae3a8 upstream.

Add missing newline to dev_warn() message string. This is more of an issue
with older kernels that don't automatically add a newline if it was missing
from the end of the previous line.

Signed-off-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86, amd: Restrict usage of c1e_idle()
Andreas Herrmann [Fri, 19 Mar 2010 11:09:22 +0000 (12:09 +0100)]
x86, amd: Restrict usage of c1e_idle()

commit 035a02c1e1de31888e8b6adac0ff667971ac04db upstream.

Currently c1e_idle returns true for all CPUs greater than or equal to
family 0xf model 0x40. This covers too many CPUs.

Meanwhile a respective erratum for the underlying problem was filed
(#400). This patch adds the logic to check whether erratum #400
applies to a given CPU.
Especially for CPUs where SMI/HW triggered C1e is not supported,
c1e_idle() doesn't need to be used. We can check this by looking at
the respective OSVW bit for erratum #400.

Signed-off-by: Andreas Herrmann <andreas.herrmann3@amd.com>
LKML-Reference: <20100319110922.GA19614@alberich.amd.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agox86: Fix placement of FIX_OHCI1394_BASE
Jan Beulich [Mon, 15 Mar 2010 10:11:15 +0000 (10:11 +0000)]
x86: Fix placement of FIX_OHCI1394_BASE

commit ff30a0543e9a6cd732582063e7cae951cdb7acf2 upstream.

Ever for 32-bit with sufficiently high NR_CPUS, and starting
with commit 789d03f584484af85dbdc64935270c8e45f36ef7 also for
64-bit, the statically allocated early fixmap page tables were
not covering FIX_OHCI1394_BASE, leading to a boot time crash
when "ohci1394_dma=early" was used. Despite this entry not being
a permanently used one, it needs to be moved into the permanent
range since it has to be close to FIX_DBGP_BASE and
FIX_EARLYCON_MEM_BASE.

Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com>
Fixes-bug: http://bugzilla.kernel.org/show_bug.cgi?id=14487
Signed-off-by: Jan Beulich <jbeulich@novell.com>
LKML-Reference: <4B9E15D30200007800034D23@vpn.id2.novell.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agonetfilter: xt_recent: fix regression in rules using a zero hit_count
Patrick McHardy [Mon, 22 Mar 2010 17:25:20 +0000 (18:25 +0100)]
netfilter: xt_recent: fix regression in rules using a zero hit_count

commit ef1691504c83ba3eb636c0cfd3ed33f7a6d0b4ee upstream.

Commit 8ccb92ad (netfilter: xt_recent: fix false match) fixed supposedly
false matches in rules using a zero hit_count. As it turns out there is
nothing false about these matches and people are actually using entries
with a hit_count of zero to make rules dependant on addresses inserted
manually through /proc.

Since this slipped past the eyes of three reviewers, instead of
reverting the commit in question, this patch explicitly checks
for a hit_count of zero to make the intentions more clear.

Reported-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Tested-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agodrm/i915: Avoid NULL deref in get_pages() unwind after error.
Chris Wilson [Fri, 12 Mar 2010 19:52:55 +0000 (19:52 +0000)]
drm/i915: Avoid NULL deref in get_pages() unwind after error.

commit 1f2b10131f83f7caa67bf1273cec126b4283015d upstream.

Fixes:
  http://bugzilla.kernel.org/show_bug.cgi?id=15527
  NULL pointer dereference in i915_gem_object_save_bit_17_swizzle

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<f82b5d2b>] i915_gem_object_save_bit_17_swizzle+0x5b/0xc0 [i915]
Call Trace:
[<f82aea55>] ? i915_gem_object_put_pages+0x125/0x150 [i915]
[<f82aeb71>] ? i915_gem_object_get_pages+0xf1/0x110 [i915]
[<f82b0de8>] ? i915_gem_object_bind_to_gtt+0xb8/0x2a0 [i915]
[<c02db74d>] ? drm_mm_get_block_generic+0x4d/0x180
[<f82b11cd>] ? i915_gem_mmap_gtt_ioctl+0x16d/0x240 [i915]
[<f82ae786>] ? i915_gem_madvise_ioctl+0x86/0x120 [i915]

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reported-by: maciej.rutecki@gmail.com
Cc: stable@kernel.org
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosoftlockup: Stop spurious softlockup messages due to overflow
Colin Ian King [Fri, 19 Mar 2010 10:28:02 +0000 (10:28 +0000)]
softlockup: Stop spurious softlockup messages due to overflow

commit 8c2eb4805d422bdbf60ba00ff233c794d23c3c00 upstream.

Ensure additions on touch_ts do not overflow.  This can occur
when the top 32 bits of the TSC reach 0xffffffff causing
additions to touch_ts to overflow and this in turn generates
spurious softlockup warnings.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
LKML-Reference: <1268994482.1798.6.camel@lenovo>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agocpuset: fix the problem that cpuset_mem_spread_node() returns an offline node
Miao Xie [Tue, 23 Mar 2010 20:35:34 +0000 (13:35 -0700)]
cpuset: fix the problem that cpuset_mem_spread_node() returns an offline node

commit 5ab116c9349ef52d6fbd2e2917a53f13194b048e upstream.

cpuset_mem_spread_node() returns an offline node, and causes an oops.

This patch fixes it by initializing task->mems_allowed to
node_states[N_HIGH_MEMORY], and updating task->mems_allowed when doing
memory hotplug.

Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Acked-by: David Rientjes <rientjes@google.com>
Reported-by: Nick Piggin <npiggin@suse.de>
Tested-by: Nick Piggin <npiggin@suse.de>
Cc: Paul Menage <menage@google.com>
Cc: Li Zefan <lizf@cn.fujitsu.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoath9k: fix BUG_ON triggered by PAE frames
Felix Fietkau [Fri, 12 Mar 2010 03:02:43 +0000 (04:02 +0100)]
ath9k: fix BUG_ON triggered by PAE frames

commit 4fdec031b9169b3c17938b9c4168f099f457169c upstream.

When I initially stumbled upon sequence number problems with PAE frames
in ath9k, I submitted a patch to remove all special cases for PAE
frames and let them go through the normal transmit path.
Out of concern about crypto incompatibility issues, this change was
merged instead:

commit 6c8afef551fef87a3bf24f8a74c69a7f2f72fc82
Author: Sujith <Sujith.Manoharan@atheros.com>
Date:   Tue Feb 9 10:07:00 2010 +0530

    ath9k: Fix sequence numbers for PAE frames

After a lot of testing, I'm able to reliably trigger a driver crash on
rekeying with current versions with this change in place.
It seems that the driver does not support sending out regular MPDUs with
the same TID while an A-MPDU session is active.
This leads to duplicate entries in the TID Tx buffer, which hits the
following BUG_ON in ath_tx_addto_baw():

    index  = ATH_BA_INDEX(tid->seq_start, bf->bf_seqno);
    cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1);

    BUG_ON(tid->tx_buf[cindex] != NULL);

I believe until we actually have a reproducible case of an
incompatibility with another AP using no PAE special cases, we should
simply get rid of this mess.

This patch completely fixes my crash issues in STA mode and makes it
stay connected without throughput drops or connectivity issues even
when the AP is configured to a very short group rekey interval.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agort2860sta: Fix argument to linux_pci_unmap_single()
Ben Hutchings [Mon, 29 Mar 2010 00:09:17 +0000 (01:09 +0100)]
rt2860sta: Fix argument to linux_pci_unmap_single()

John Halton wrote in <http://bugs.debian.org/575726>:
> Whenever wpa_supplicant is deactivated (whether by killing the process or
> during a normal shutdown) I am getting a kerneloops that prevents the
> computer from completing shutdown. Here is the relevant syslog output:

The backtrace points to an incorrect call from RTMPFreeTxRxRingMemory()
into linux_pci_unmap_single().  This appears to have been fixed in Linux
2.6.33 by this change:

commit ca97b8388838ee9ea4b4bad04948f8f7f8a607a3
Author: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Date:   Tue Sep 22 20:44:07 2009 +0200

    Staging: rt28x0: updates from vendor's V2.1.0.0 drivers

For stable-2.6.32, just fix this one function call.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoPCI: cleanup error return for pcix get and set mmrbc functions
Dean Nelson [Wed, 10 Mar 2010 03:26:55 +0000 (22:26 -0500)]
PCI: cleanup error return for pcix get and set mmrbc functions

commit 7c9e2b1c4784c6e574f69dbd904b2822f2e04d6e upstream.

pcix_get_mmrbc() returns the maximum memory read byte count (mmrbc), if
successful, or an appropriate error value, if not.

Distinguishing errors from correct values and understanding the meaning of an
error can be somewhat confusing in that:

correct values: 512, 1024, 2048, 4096
errors: -EINVAL   -22
  PCIBIOS_FUNC_NOT_SUPPORTED 0x81
PCIBIOS_BAD_VENDOR_ID 0x83
PCIBIOS_DEVICE_NOT_FOUND 0x86
PCIBIOS_BAD_REGISTER_NUMBER 0x87
PCIBIOS_SET_FAILED 0x88
PCIBIOS_BUFFER_TOO_SMALL 0x89

The PCIBIOS_ errors are returned from the PCI functions generated by the
PCI_OP_READ() and PCI_OP_WRITE() macros.

In a similar manner, pcix_set_mmrbc() also returns the PCIBIOS_ error values
returned from pci_read_config_[word|dword]() and pci_write_config_word().

Following pcix_get_max_mmrbc()'s example, the following patch simply returns
-EINVAL for all PCIBIOS_ errors encountered by pcix_get_mmrbc(), and -EINVAL
or -EIO for those encountered by pcix_set_mmrbc().

This simplification was chosen in light of the fact that none of the current
callers of these functions are interested in the specific type of error
encountered. In the future, should this change, one could simply create a
function that maps each PCIBIOS_ error to a corresponding unique errno value,
which could be called by pcix_get_max_mmrbc(), pcix_get_mmrbc(), and
pcix_set_mmrbc().

Additionally, this patch eliminates some unnecessary variables.

Signed-off-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoPCI: fix access of PCI_X_CMD by pcix get and set mmrbc functions
Dean Nelson [Wed, 10 Mar 2010 03:26:48 +0000 (22:26 -0500)]
PCI: fix access of PCI_X_CMD by pcix get and set mmrbc functions

commit bdc2bda7c4dd253026cc1fce45fc939304749029 upstream.

An e1000 driver on a system with a PCI-X bus was always being returned
a value of 135 from both pcix_get_mmrbc() and pcix_set_mmrbc(). This
value reflects an error return of PCIBIOS_BAD_REGISTER_NUMBER from
pci_bus_read_config_dword(,, cap + PCI_X_CMD,).

This is because for a dword, the following portion of the PCI_OP_READ()
macro:

if (PCI_##size##_BAD) return PCIBIOS_BAD_REGISTER_NUMBER;

expands to:

if (pos & 3) return PCIBIOS_BAD_REGISTER_NUMBER;

And is always true for 'cap + PCI_X_CMD', which is 0xe4 + 2 = 0xe6. ('cap' is
the result of calling pci_find_capability(, PCI_CAP_ID_PCIX).)

The same problem exists for pci_bus_write_config_dword(,, cap + PCI_X_CMD,).
In both cases, instead of calling _dword(), _word() should be called.

Signed-off-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoPCI: fix return value from pcix_get_max_mmrbc()
Dean Nelson [Wed, 10 Mar 2010 03:26:40 +0000 (22:26 -0500)]
PCI: fix return value from pcix_get_max_mmrbc()

commit 25daeb550b69e89aff59bc6a84218a12b5203531 upstream.

For the PCI_X_STATUS register, pcix_get_max_mmrbc() is returning an incorrect
value, which is based on:

(stat & PCI_X_STATUS_MAX_READ) >> 12

Valid return values are 512, 1024, 2048, 4096, which correspond to a 'stat'
(masked and right shifted by 21) of 0, 1, 2, 3, respectively.

A right shift by 11 would generate the correct return value when 'stat' (masked
and right shifted by 21) has a value of 1 or 2. But for a value of 0 or 3 it's
not possible to generate the correct return value by only right shifting.

Fix is based on pcix_get_mmrbc()'s similar dealings with the PCI_X_CMD register.

Signed-off-by: Dean Nelson <dnelson@redhat.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofs/partition/msdos: fix unusable extended partition for > 512B sector
OGAWA Hirofumi [Tue, 23 Mar 2010 20:35:50 +0000 (13:35 -0700)]
fs/partition/msdos: fix unusable extended partition for > 512B sector

commit 8e0cc811e0f8029a7225372fb0951fab102c012f upstream.

Smaller size than a minimum blocksize can't be used, after all it's
handled like 0 size.

For extended partition itself, this makes sure to use bigger size than one
logical sector size at least.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Daniel Taylor <Daniel.Taylor@wdc.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agofs/partitions/msdos: add support for large disks
Daniel Taylor [Tue, 23 Mar 2010 20:35:50 +0000 (13:35 -0700)]
fs/partitions/msdos: add support for large disks

commit 3fbf586cf7f245392142e5407c2a56f1cff979b6 upstream.

In order to use disks larger than 2TiB on Windows XP, it is necessary to
use 4096-byte logical sectors in an MBR.

Although the kernel storage and functions called from msdos.c used
"sector_t" internally, msdos.c still used u32 variables, which results in
the ability to handle XP-compatible large disks.

This patch changes the internal variables to "sector_t".

Daniel said: "In the near future, WD will be releasing products that need
this patch".

[hirofumi@mail.parknet.co.jp: tweaks and fix]
Signed-off-by: Daniel Taylor <daniel.taylor@wdc.com>
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoif_tunnel.h: add missing ams/byteorder.h include
Paulius Zaleckas [Mon, 22 Mar 2010 04:19:02 +0000 (21:19 -0700)]
if_tunnel.h: add missing ams/byteorder.h include

commit 9bf35c8dddd56f7f247a27346f74f5adc18071f4 upstream.

When compiling userspace application which includes
if_tunnel.h and uses GRE_* defines you will get undefined
reference to __cpu_to_be16.

Fix this by adding missing #include <asm/byteorder.h>

Signed-off-by: Paulius Zaleckas <paulius.zaleckas@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agosunrpc: handle allocation errors from __rpc_lookup_create()
Dan Carpenter [Sun, 21 Mar 2010 16:10:34 +0000 (12:10 -0400)]
sunrpc: handle allocation errors from __rpc_lookup_create()

commit f1f0abe192a72e75d7c59972e30784d043fd8d73 upstream.

__rpc_lookup_create() can return ERR_PTR(-ENOMEM).

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoSUNRPC: Fix a potential memory leak in auth_gss
Trond Myklebust [Fri, 19 Mar 2010 19:36:22 +0000 (15:36 -0400)]
SUNRPC: Fix a potential memory leak in auth_gss

commit cdead7cf12896c0e50a8be2e52de52c364603095 upstream.

The function alloc_enc_pages() currently fails to release the pointer
rqstp->rq_enc_pages in the error path.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: Silence tfds_in_queue message
Adel Gadllah [Sun, 14 Mar 2010 18:16:25 +0000 (19:16 +0100)]
iwlwifi: Silence tfds_in_queue message

commit c8406ea8fa1adde8dc5400127281d497bbcdb84a upstream.

Commit a239a8b47cc0e5e6d7416a89f340beac06d5edaa introduced a
noisy message, that fills up the log very fast.

The error seems not to be fatal (the connection is stable and
performance is ok), so make it IWL_DEBUG_TX rather than IWL_ERR.

Signed-off-by: Adel Gadllah <adel.gadllah@gmail.com>
Acked-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoiwlwifi: use dma_alloc_coherent
Stanislaw Gruszka [Fri, 19 Mar 2010 10:10:41 +0000 (11:10 +0100)]
iwlwifi: use dma_alloc_coherent

commit f36d04abe684f9e2b07c6ebe9f77ae20eb5c1e84 upstream.

Change pci_alloc_consistent() to dma_alloc_coherent() so we can use
GFP_KERNEL flag.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agoedac, mce: Filter out invalid values
Borislav Petkov [Tue, 9 Mar 2010 19:38:48 +0000 (20:38 +0100)]
edac, mce: Filter out invalid values

commit 5b89d2f9ace1970324facc68ca9b8fae19ce8096 upstream.

Print the CPU associated with the error only when the field is valid.

Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agojme: Protect vlgrp structure by pause RX actions.
Guo-Fu Tseng [Wed, 17 Mar 2010 00:09:30 +0000 (00:09 +0000)]
jme: Protect vlgrp structure by pause RX actions.

commit bf5e5360fd1df1ae429ebbd81838d7d0879797d1 upstream.

Temporary stop the RX IRQ, and disable (sync) tasklet or napi.
And restore it after finished the vlgrp pointer assignment.

Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agojme: Fix VLAN memory leak
Guo-Fu Tseng [Wed, 17 Mar 2010 00:09:29 +0000 (00:09 +0000)]
jme: Fix VLAN memory leak

commit 17da69b8bfbe441a33a873ad5dd7d3d85800bf2b upstream.

Fix memory leak while receiving 8021q tagged packet which is not
registered by user.

Signed-off-by: Guo-Fu Tseng <cooldavid@cooldavid.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
14 years agowl1251: fix potential crash
Grazvydas Ignotas [Thu, 11 Mar 2010 15:45:26 +0000 (17:45 +0200)]
wl1251: fix potential crash

commit 3f60ebc9d6291863652d564bacc430629271e6a9 upstream.

In case debugfs does not init for some reason (or is disabled
on older kernels) driver does not allocate stats.fw_stats
structure, but tries to clear it later and trips on a NULL
pointer:

Unable to handle kernel NULL pointer dereference at virtual address
00000000
PC is at __memzero+0x24/0x80
Backtrace:
[<bf0ddb88>] (wl1251_debugfs_reset+0x0/0x30 [wl1251])
[<bf0d6a2c>] (wl1251_op_stop+0x0/0x12c [wl1251])
[<bf0bc228>] (ieee80211_stop_device+0x0/0x74 [mac80211])
[<bf0b0d10>] (ieee80211_stop+0x0/0x4ac [mac80211])
[<c02deeac>] (dev_close+0x0/0xb4)
[<c02deac0>] (dev_change_flags+0x0/0x184)
[<c031f478>] (devinet_ioctl+0x0/0x704)
[<c0320720>] (inet_ioctl+0x0/0x100)

Add a NULL pointer check to fix this.

Signed-off-by: Grazvydas Ignotas <notasas@gmail.com>
Acked-by: Kalle Valo <kalle.valo@iki.fi>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>