Valentine Sinitsyn [Fri, 1 Oct 2010 16:24:08 +0000 (22:24 +0600)]
ALSA: hda - Added fixup for Lenovo Y550P
commit
d41185882b828896ccecac319c9f65f708baaf0d upstream.
Signed-off-by: Valentine Sinitsyn <valentine.sinitsyn@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Henningsson [Thu, 9 Sep 2010 06:51:44 +0000 (08:51 +0200)]
ALSA: HDA: Add fixup pins for Ideapad Y550
commit
6cb3b707f95954ac18f19b4b3919af235738371a upstream.
By adding the subwoofer as a speaker pin, it is treated correctly when auto-muting.
BugLink: https://launchpad.net/bugs/611803
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel T Chen [Mon, 1 Nov 2010 05:14:51 +0000 (01:14 -0400)]
ALSA: ac97: Apply quirk for Dell Latitude D610 binding Master and Headphone controls
commit
0613a59456980161d0cd468bae6c63d772743102 upstream.
BugLink: https://launchpad.net/bugs/669279
The original reporter states: "The Master mixer does not change the
volume from the headphone output (which is affected by the headphone
mixer). Instead it only seems to control the on-board speaker volume.
This confuses PulseAudio greatly as the Master channel is merged into
the volume mix."
Fix this symptom by applying the hp_only quirk for the reporter's SSID.
The fix is applicable to all stable kernels.
Reported-and-tested-by: Ben Gamari <bgamari@gmail.com>
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kailang Yang [Mon, 22 Nov 2010 09:59:36 +0000 (10:59 +0100)]
ALSA: hda - Fixed ALC887-VD initial error
commit
01e0f1378c47947b825eac05c98697ab1be1c86f upstream.
ALC887-VD is like ALC888-VD. It can not be initialized as ALC882.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clemens Ladisch [Mon, 25 Oct 2010 09:42:20 +0000 (11:42 +0200)]
firewire: ohci: fix race in AR split packet handling
commit
a1f805e5e73a8fe166b71c6592d3837df0cd5e2e upstream.
When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten. However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later. If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.
To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet. Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.
This should eliminate the remaining firewire-net problems.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clemens Ladisch [Mon, 25 Oct 2010 09:41:53 +0000 (11:41 +0200)]
firewire: ohci: fix buffer overflow in AR split packet handling
commit
85f7ffd5d2b320f73912b15fe8cef34bae297daf upstream.
When the controller had to split a received asynchronous packet into two
buffers, the driver tries to reassemble it by copying both parts into
the first page. However, if size + rest > PAGE_SIZE, i.e., if the yet
unhandled packets before the split packet, the split packet itself, and
any received packets after the split packet are together larger than one
page, then the memory after the first page would get overwritten.
To fix this, do not try to copy the data of all unhandled packets at
once, but copy the possibly needed data every time when handling
a packet.
This gets rid of most of the infamous crashes and data corruptions when
using firewire-net.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Axel Lin [Wed, 24 Nov 2010 02:21:54 +0000 (10:21 +0800)]
ASoC: wm8961 - clear WM8961_MCLKDIV bit for freq <=
16500000
commit
2f7dceeda4708f470fd927adb3861bd8ebbe2310 upstream.
MCLKDIV bit of Register 04h Clocking1:
0 : Divide by 1
1 : Divide by 2
Thus in the case of freq <=
16500000, we should clear MCLKDIV bit.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Axel Lin [Wed, 24 Nov 2010 02:20:33 +0000 (10:20 +0800)]
ASoC: wm8961 - clear WM8961_DACSLOPE bit for normal mode
commit
08b1a38465cab8c2224a5202c7a3b5e5f5630894 upstream.
DACSLOPE bit of Register 06h ADC and DAC Control 2:
0: Normal mode
1: Sloping stop-band mode
Thus in the case of normal mode, we should clear DACSLOPE bit.
Signed-off-by: Axel Lin <axel.lin@gmail.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mark Brown [Fri, 29 Oct 2010 22:41:17 +0000 (15:41 -0700)]
ASoC: Remove volatility from WM8900 POWER1 register
commit
6d212d8e86fb4221bd91b9266b7567ee2b83bd01 upstream.
Not all bits can be read back from POWER1 so avoid corruption when using
a read/modify/write cycle by marking it non-volatile - the only thing we
read back from it is the chip revision which has diagnostic value only.
We can re-add later but that's a more invasive change than is suitable
for a bugfix.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Avi Kivity [Thu, 11 Nov 2010 10:37:26 +0000 (12:37 +0200)]
KVM: VMX: Fix host userspace gsbase corruption
commit
c8770e7ba63bb5dd8fe5f9d251275a8fa717fb78 upstream.
We now use load_gs_index() to load gs safely; unfortunately this also
changes MSR_KERNEL_GS_BASE, which we managed separately. This resulted
in confusion and breakage running 32-bit host userspace on a 64-bit kernel.
Fix by
- saving guest MSR_KERNEL_GS_BASE before we we reload the host's gs
- doing the host save/load unconditionally, instead of only when in guest
long mode
Things can be cleaned up further, but this is the minmal fix for now.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Avi Kivity [Tue, 19 Oct 2010 16:48:35 +0000 (18:48 +0200)]
KVM: Correct ordering of ldt reload wrt fs/gs reload
commit
0a77fe4c188e25917799f2356d4aa5e6d80c39a2 upstream.
If fs or gs refer to the ldt, they must be reloaded after the ldt. Reorder
the code to that effect.
Userspace code that uses the ldt with kvm is nonexistent, so this doesn't fix
a user-visible bug.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasiliy Kulikov [Sat, 30 Oct 2010 18:54:47 +0000 (22:54 +0400)]
KVM: x86: fix information leak to userland
commit
97e69aa62f8b5d338d6cff49be09e37cc1262838 upstream.
Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and
kvm_clock_data are copied to userland with some padding and reserved
fields unitialized. It leads to leaking of contents of kernel stack
memory. We have to initialize them to zero.
In patch v1 Jan Kiszka suggested to fill reserved fields with zeros
instead of memset'ting the whole struct. It makes sense as these
fields are explicitly marked as padding. No more fields need zeroing.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Michael S. Tsirkin [Mon, 25 Oct 2010 01:21:24 +0000 (03:21 +0200)]
KVM: Write protect memory after slot swap
commit
edde99ce05290e50ce0b3495d209e54e6349ab47 upstream.
I have observed the following bug trigger:
1. userspace calls GET_DIRTY_LOG
2. kvm_mmu_slot_remove_write_access is called and makes a page ro
3. page fault happens and makes the page writeable
fault is logged in the bitmap appropriately
4. kvm_vm_ioctl_get_dirty_log swaps slot pointers
a lot of time passes
5. guest writes into the page
6. userspace calls GET_DIRTY_LOG
At point (5), bitmap is clean and page is writeable,
thus, guest modification of memory is not logged
and GET_DIRTY_LOG returns an empty bitmap.
The rule is that all pages are either dirty in the current bitmap,
or write-protected, which is violated here.
It seems that just moving kvm_mmu_slot_remove_write_access down
to after the slot pointer swap should fix this bug.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jeff Layton [Thu, 28 Oct 2010 14:10:37 +0000 (10:10 -0400)]
nfs: handle lock context allocation failures in nfs_create_request
commit
015f0212d51d85bd281a831639a769b4a1a3307a upstream.
nfs_get_lock_context can return NULL on an allocation failure.
Regression introduced by commit
f11ac8db.
Reported-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andrew Morton [Fri, 1 Oct 2010 21:13:41 +0000 (18:13 -0300)]
drivers/media/video/cx23885/cx23885-core.c: fix cx23885_dev_checkrevision()
commit
abe1def46d84aa27d3f84d729204b162e8c64d76 upstream.
It was missing the `break'.
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=18672
Reported-by: Igor <i2g2r2@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
James M McLaren [Sun, 3 Oct 2010 22:09:18 +0000 (19:09 -0300)]
hdpvr: Add missing URB_NO_TRANSFER_DMA_MAP flag
commit
4f5c933abb34532dc962185c999509b97a97fa1b upstream.
Necessary on arm.
Signed-off-by: Janne Grunau <j@jannau.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jean-François Moine [Thu, 21 Oct 2010 07:05:15 +0000 (04:05 -0300)]
gspca - sonixj: Fix a regression of sensors hv7131r and mi0360
commit
0303a90a744662e934877a5d637a43197229274b upstream.
The bug was introduced by commit
23a98274cc348880ecb6803307c254448084953a
applying values of sensor sp80708 to sensors hv7131r and mi0360.
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jean-François Moine [Sat, 16 Oct 2010 16:54:05 +0000 (13:54 -0300)]
gspca - main: Fix a regression with the PS3 Eye webcam
commit
f43402fa55bf5e7e190c176343015122f694857c upstream.
When audio is present, some alternate settings were skipped.
This prevented some webcams to work, especially when bulk transfer was used.
This patch permits to use the last or only alternate setting.
Reported-by: Antonio Ospite <ospite@studenti.unina.it>
Tested-by: Antonio Ospite <ospite@studenti.unina.it>
Signed-off-by: Jean-François Moine <moinejf@free.fr>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Philipp Merkel [Fri, 1 Oct 2010 13:38:59 +0000 (15:38 +0200)]
HID: Fix for problems with eGalax/DWAV multi-touch-screen
commit
f51661105c3c8a0afcd69f995a4f4a10e53da153 upstream.
This patch fixes three problems with the eGalax/DWAV multi-touch
screen found in the Eee PC T101MT:
1) While there is a dedicated multitouch driver for the screen
(hid-egalax.c), the MULTI_INPUT quirk is also applied, preventing
the hid-egalax driver from working. This patch removes the quirk
so the hid-egalax driver can handle the device correctly.
2) The x and y coordinates sent by the screen in multi-touch mode are
shifted by three bits from the events sent in single-touch mode, thus
the coordinates are out of range, leading to the pointer being stuck
in the bottom-right corner if no additional calibration is applied
(e.g. in the X evdev driver). This patch shifts the coordinates back.
This does not decrease accuracy as the last three bits of the "wrong"
coordinates are always 0.
3) Only multi-touch pressure events are sent, single touch emulation is
missing pressure information. This patch adds single-touch
ABS_PRESSURE events.
Signed-off-by: Philipp Merkel <mail@philmerk.de>
Acked-by: Stéphane Chatty <chatty@enac.fr>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ming Lei [Mon, 1 Nov 2010 14:11:54 +0000 (07:11 -0700)]
usbnet: fix usb_autopm_get_interface failure(v1)
commit
b0786b430c982dffbb44d8030e6b6088671ce745 upstream.
Since usbnet already took usb runtime pm, we have to
enable runtime pm for usb interface of usbnet, otherwise
usb_autopm_get_interface may return failure and cause
'ifconfig usb0 up' failed if USB_SUSPEND(RUNTIME_PM) is
enabled.
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Joe Perches <joe@perches.com>
Cc: Oliver Neukum <oliver@neukum.org>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Mon, 29 Nov 2010 09:16:54 +0000 (10:16 +0100)]
TTY: open/hangup race fixup
commit
acfa747baf73922021a047f2d87a2d866f5dbab5 upstream.
Like in the "TTY: don't allow reopen when ldisc is changing" patch,
this one fixes a TTY WARNING as described in the option 1) there:
1) __tty_hangup from tty_ldisc_hangup to tty_ldisc_enable. During this
section tty_lock is held. However tty_lock is temporarily dropped in
the middle of the function by tty_ldisc_hangup.
The fix is to introduce a new flag which we set during the unlocked
window and check it in tty_reopen too. The flag is TTY_HUPPING and is
cleared after TTY_HUPPED is set.
While at it, remove duplicate TTY_HUPPED set_bit. The one after
calling ops->hangup seems to be more correct. But anyway, we hold
tty_lock, so there should be no difference.
Also document the function it does that kind of crap.
Nicely reproducible with two forked children:
static void do_work(const char *tty)
{
if (signal(SIGHUP, SIG_IGN) == SIG_ERR) exit(1);
setsid();
while (1) {
int fd = open(tty, O_RDWR|O_NOCTTY);
if (fd < 0) continue;
if (ioctl(fd, TIOCSCTTY)) continue;
if (vhangup()) continue;
close(fd);
}
exit(0);
}
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-by: <Valdis.Kletnieks@vt.edu>
Reported-by: Kyle McMartin <kyle@mcmartin.ca>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Mon, 29 Nov 2010 09:16:53 +0000 (10:16 +0100)]
TTY: don't allow reopen when ldisc is changing
commit
e2efafbf139d2bfdfe96f2901f03189fecd172e4 upstream.
There are many WARNINGs like the following reported nowadays:
WARNING: at drivers/tty/tty_io.c:1331 tty_open+0x2a2/0x49a()
Hardware name: Latitude E6500
Modules linked in:
Pid: 1207, comm: plymouthd Not tainted 2.6.37-rc3-mmotm1123 #3
Call Trace:
[<
ffffffff8103b189>] warn_slowpath_common+0x80/0x98
[<
ffffffff8103b1b6>] warn_slowpath_null+0x15/0x17
[<
ffffffff8128a3ab>] tty_open+0x2a2/0x49a
[<
ffffffff810fd53f>] chrdev_open+0x11d/0x146
...
This means tty_reopen is called without TTY_LDISC set. For further
considerations, note tty_lock is held in tty_open. TTY_LDISC is cleared in:
1) __tty_hangup from tty_ldisc_hangup to tty_ldisc_enable. During this
section tty_lock is held. However tty_lock is temporarily dropped in
the middle of the function by tty_ldisc_hangup.
2) tty_release via tty_ldisc_release till the end of tty existence. If
tty->count <= 1, tty_lock is taken, TTY_CLOSING bit set and then
tty_ldisc_release called. tty_reopen checks TTY_CLOSING before checking
TTY_LDISC.
3) tty_set_ldisc from tty_ldisc_halt to tty_ldisc_enable. We:
* take tty_lock, set TTY_LDISC_CHANGING, put tty_lock
* call tty_ldisc_halt (clear TTY_LDISC), tty_lock is _not_ held
* do some other work
* take tty_lock, call tty_ldisc_enable (set TTY_LDISC), put
tty_lock
I cannot see how 2) can be a problem, as there I see no race. OTOH, 1)
and 3) can happen without problems. This patch the case 3) by checking
TTY_LDISC_CHANGING along with TTY_CLOSING in tty_reopen. 1) will be
fixed in the following patch.
Nicely reproducible with two processes:
while (1) {
fd = open("/dev/ttyS1", O_RDWR);
if (fd < 0) {
warn("open");
continue;
}
close(fd);
}
--------
while (1) {
fd = open("/dev/ttyS1", O_RDWR);
ld1 = 0; ld2 = 2;
while (1) {
ioctl(fd, TIOCSETD, &ld1);
ioctl(fd, TIOCSETD, &ld2);
}
close(fd);
}
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-by: <Valdis.Kletnieks@vt.edu>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Wed, 24 Nov 2010 23:27:54 +0000 (00:27 +0100)]
TTY: ldisc, fix open flag handling
commit
7f90cfc505d613f4faf096e0d84ffe99208057d9 upstream.
When a concrete ldisc open fails in tty_ldisc_open, we forget to clear
TTY_LDISC_OPEN. This causes a false warning on the next ldisc open:
WARNING: at drivers/char/tty_ldisc.c:445 tty_ldisc_open+0x26/0x38()
Hardware name: System Product Name
Modules linked in: ...
Pid: 5251, comm: a.out Tainted: G W 2.6.32-5-686 #1
Call Trace:
[<
c1030321>] ? warn_slowpath_common+0x5e/0x8a
[<
c1030357>] ? warn_slowpath_null+0xa/0xc
[<
c119311c>] ? tty_ldisc_open+0x26/0x38
[<
c11936c5>] ? tty_set_ldisc+0x218/0x304
...
So clear the bit when failing...
Introduced in
c65c9bc3efa (tty: rewrite the ldisc locking) back in
2.6.31-rc1.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Reported-by: Sergey Lapin <slapin@ossfans.org>
Tested-by: Sergey Lapin <slapin@ossfans.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Philippe Rétornaz [Wed, 27 Oct 2010 15:13:21 +0000 (17:13 +0200)]
tty_ldisc: Fix BUG() on hangup
commit
1c95ba1e1de7edffc0c4e275e147f1a9eb1f81ae upstream.
A kernel BUG when bluetooth rfcomm connection drop while the associated
serial port is open is sometime triggered.
It seems that the line discipline can disappear between the
tty_ldisc_put and tty_ldisc_get. This patch fall back to the N_TTY line
discipline if the previous discipline is not available anymore.
Signed-off-by: Philippe Retornaz <philippe.retornaz@epfl.ch>
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Sun, 31 Oct 2010 22:17:51 +0000 (23:17 +0100)]
TTY: restore tty_ldisc_wait_idle
commit
100eeae2c5ce23b4db93ff320ee330ef1d740151 upstream.
It was removed in
65b770468e98 (tty-ldisc: turn ldisc user count into
a proper refcount), but we need to wait for last user to quit the
ldisc before we close it in tty_set_ldisc.
Otherwise weird things start to happen. There might be processes
waiting in tty_read->n_tty_read on tty->read_wait for input to appear
and at that moment, a change of ldisc is fatal. n_tty_close is called,
it frees read_buf and the waiting process is still in the middle of
reading and goes nuts after it is woken.
Previously we prevented close to happen when others are in ldisc ops
by tty_ldisc_wait_idle in tty_set_ldisc. But the commit above removed
that. So revoke the change and test whether there is 1 user (=we), and
allow the close then.
We can do that without ldisc/tty locks, because nobody else can open
the device due to TTY_LDISC_CHANGING bit set, so we in fact wait for
everybody to leave.
I don't understand why tty_ldisc_lock would be needed either when the
counter is an atomic variable, so this is a lockless
tty_ldisc_wait_idle.
On the other hand, if we fail to wait (timeout or signal), we have to
reenable the halted ldiscs, so we take ldisc lock and reuse the setup
path at the end of tty_set_ldisc.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Sebastian Andrzej Siewior <bigeasy@breakpoint.cc>
LKML-Reference: <
20101031104136.GA511@Chamillionaire.breakpoint.cc>
LKML-Reference: <
1287669539-22644-1-git-send-email-jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Olsa [Mon, 8 Nov 2010 18:01:47 +0000 (19:01 +0100)]
tty: prevent DOS in the flush_to_ldisc
commit
e045fec48970df84647a47930fcf7a22ff7229c0 upstream.
There's a small window inside the flush_to_ldisc function,
where the tty is unlocked and calling ldisc's receive_buf
function. If in this window new buffer is added to the tty,
the processing might never leave the flush_to_ldisc function.
This scenario will hog the cpu, causing other tty processing
starving, and making it impossible to interface the computer
via tty.
I was able to exploit this via pty interface by sending only
control characters to the master input, causing the flush_to_ldisc
to be scheduled, but never actually generate any output.
To reproduce, please run multiple instances of following code.
- SNIP
#define _XOPEN_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main(int argc, char **argv)
{
int i, slave, master = getpt();
char buf[8192];
sprintf(buf, "%s", ptsname(master));
grantpt(master);
unlockpt(master);
slave = open(buf, O_RDWR);
if (slave < 0) {
perror("open slave failed");
return 1;
}
for(i = 0; i < sizeof(buf); i++)
buf[i] = rand() % 32;
while(1) {
write(master, buf, sizeof(buf));
}
return 0;
}
- SNIP
The attached patch (based on -next tree) fixes this by checking on the
tty buffer tail. Once it's reached, the current work is rescheduled
and another could run.
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel T Chen [Sat, 27 Nov 2010 18:58:04 +0000 (13:58 -0500)]
ALSA: hda: Use BIOS auto-parsing instead of existing model quirk for MEDION MD2
commit
ac70eb1305d5a81efd1e32327d7e79be15a63a5a upstream.
BugLink: https://launchpad.net/bugs/682199
A 2.6.35 (Ubuntu Maverick) user, burningphantom1, reported a regression
in audio: playback was inaudible through both speakers and headphones.
In commit
272a527c04 of sound-2.6.git, a new model was added with this
machine's PCI SSID. Fortunately, it is now sufficient to use the auto
model for BIOS auto-parsing instead of the existing quirk.
Playback, capture, and jack sense were verified working for both
2.6.35 and the alsa-driver snapshot from 2010-11-27 when model=auto is
used.
Reported-and-tested-by: burningphantom1
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Justin Maggard [Wed, 24 Nov 2010 05:36:17 +0000 (16:36 +1100)]
md: fix return value of rdev_size_change()
commit
c26a44ed1e552aaa1d4ceb71842002d235fe98d7 upstream.
When trying to grow an array by enlarging component devices,
rdev_size_store() expects the return value of rdev_size_change() to be
in sectors, but the actual value is returned in KBs.
This functionality was broken by commit
dd8ac336c13fd8afdb082ebacb1cddd5cf727889
so this patch is suitable for any kernel since 2.6.30.
Signed-off-by: Justin Maggard <jmaggard10@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
NeilBrown [Wed, 24 Nov 2010 05:39:46 +0000 (16:39 +1100)]
md/raid1: really fix recovery looping when single good device fails.
commit
8f9e0ee38f75d4740daa9e42c8af628d33d19a02 upstream.
Commit
4044ba58dd15cb01797c4fd034f39ef4a75f7cc3 supposedly fixed a
problem where if a raid1 with just one good device gets a read-error
during recovery, the recovery would abort and immediately restart in
an infinite loop.
However it depended on raid1_remove_disk removing the spare device
from the array. But that does not happen in this case. So add a test
so that in the 'recovery_disabled' case, the device will be removed.
This suitable for any kernel since 2.6.29 which is when
recovery_disabled was introduced.
Reported-by: Sebastian Färber <faerber@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
NeilBrown [Thu, 28 Oct 2010 06:30:20 +0000 (17:30 +1100)]
md: Fix regression with raid1 arrays without persistent metadata.
commit
d97a41dc9c44f5829b7af7aa69fda10fd82b6b4e upstream.
A RAID1 which has no persistent metadata, whether internal or
external, will hang on the first write.
This is caused by commit
070dc6dd7103b6b3f7e4d46e754354a5c15f366e
In that case, MD_CHANGE_PENDING never gets cleared.
So during md_update_sb, is neither persistent or external,
clear MD_CHANGE_PENDING.
This is suitable for 2.6.36-stable.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Roberto Sassu [Tue, 5 Oct 2010 16:53:45 +0000 (18:53 +0200)]
ecryptfs: call vfs_setxattr() in ecryptfs_setxattr()
commit
48b512e6857139393cdfce26348c362b87537018 upstream.
Ecryptfs is a stackable filesystem which relies on lower filesystems the
ability of setting/getting extended attributes.
If there is a security module enabled on the system it updates the
'security' field of inodes according to the owned extended attribute set
with the function vfs_setxattr(). When this function is performed on a
ecryptfs filesystem the 'security' field is not updated for the lower
filesystem since the call security_inode_post_setxattr() is missing for
the lower inode.
Further, the call security_inode_setxattr() is missing for the lower inode,
leading to policy violations in the security module because specific
checks for this hook are not performed (i. e. filesystem
'associate' permission on SELinux is not checked for the lower filesystem).
This patch replaces the call of the setxattr() method of the lower inode
in the function ecryptfs_setxattr() with vfs_setxattr().
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Cc: Dustin Kirkland <kirkland@canonical.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tyler Hicks [Thu, 23 Sep 2010 07:35:04 +0000 (02:35 -0500)]
eCryptfs: Clear LOOKUP_OPEN flag when creating lower file
commit
2e21b3f124eceb6ab5a07c8a061adce14ac94e14 upstream.
eCryptfs was passing the LOOKUP_OPEN flag through to the lower file
system, even though ecryptfs_create() doesn't support the flag. A valid
filp for the lower filesystem could be returned in the nameidata if the
lower file system's create() function supported LOOKUP_OPEN, possibly
resulting in unencrypted writes to the lower file.
However, this is only a potential problem in filesystems (FUSE, NFS,
CIFS, CEPH, 9p) that eCryptfs isn't known to support today.
https://bugs.launchpad.net/ecryptfs/+bug/641703
Reported-by: Kevin Buhr
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tejun Heo [Fri, 19 Nov 2010 14:29:19 +0000 (15:29 +0100)]
sata_via: apply magic FIFO fix to vt6420 too
commit
b1353e4f40f6179ab26a3bb1b2e1fe29ffe534f5 upstream.
vt6420 has the same FIFO overflow problem as vt6421 when combined with
certain devices. This patch applies the magic fix to vt6420 too.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Martin Qvist <q@maq.dk>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Cc: Joseph Chan <JosephChan@via.com.tw>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Florian Tobias Schandinat [Wed, 22 Sep 2010 02:33:52 +0000 (02:33 +0000)]
viafb: use proper register for colour when doing fill ops
commit
efd4f6398dc92b5bf392670df862f42a19f34cf2 upstream.
The colour was written to a wrong register for fillrect operations.
This sometimes caused empty console space (for example after 'clear')
to have a different colour than desired. Fix this by writing to the
correct register.
Many thanks to Daniel Drake and Jon Nettleton for pointing out this
issue and pointing me in the right direction for the fix.
Fixes http://dev.laptop.org/ticket/9323
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Cc: Joseph Chan <JosephChan@via.com.tw>
Cc: Daniel Drake <dsd@laptop.org>
Cc: Jon Nettleton <jon.nettleton@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Graham Gower [Wed, 27 Oct 2010 22:33:00 +0000 (15:33 -0700)]
drivers/char/vt_ioctl.c: fix VT_OPENQRY error value
commit
1e0ad2881d50becaeea70ec696a80afeadf944d2 upstream.
When all VT's are in use, VT_OPENQRY casts -1 to unsigned char before
returning it to userspace as an int. VT255 is not the next available
console.
Signed-off-by: Graham Gower <graham.gower@gmail.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ben Hutchings [Fri, 22 Oct 2010 04:38:26 +0000 (04:38 +0000)]
net: NETIF_F_HW_CSUM does not imply FCoE CRC offload
commit
66c68bcc489fadd4f5e8839e966e3a366e50d1d5 upstream.
NETIF_F_HW_CSUM indicates the ability to update an TCP/IP-style 16-bit
checksum with the checksum of an arbitrary part of the packet data,
whereas the FCoE CRC is something entirely different.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasiliy Kulikov [Sat, 30 Oct 2010 14:22:49 +0000 (18:22 +0400)]
ipc: shm: fix information leak to userland
commit
3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 upstream.
The shmid_ds structure is copied to userland with shm_unused{,2,3}
fields unitialized. It leads to leaking of contents of kernel stack
memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dan Rosenberg [Wed, 27 Oct 2010 22:34:17 +0000 (15:34 -0700)]
ipc: initialize structure memory to zero for compat functions
commit
03145beb455cf5c20a761e8451e30b8a74ba58d9 upstream.
This takes care of leaking uninitialized kernel stack memory to
userspace from non-zeroed fields in structs in compat ipc functions.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jeremy Fitzhardinge [Mon, 29 Nov 2010 22:16:53 +0000 (14:16 -0800)]
xen: don't bother to stop other cpus on shutdown/reboot
commit
31e323cca9d5c8afd372976c35a5d46192f540d1 upstream.
Xen will shoot all the VCPUs when we do a shutdown hypercall, so there's
no need to do it manually.
In any case it will fail because all the IPI irqs have been pulled
down by this point, so the cross-CPU calls will simply hang forever.
Until change
76fac077db6b34e2c6383a7b4f3f4f7b7d06d8ce the function calls
were not synchronously waited for, so this wasn't apparent. However after
that change the calls became synchronous leading to a hang on shutdown
on multi-VCPU guests.
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Cc: Alok Kataria <akataria@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ian Campbell [Fri, 8 Oct 2010 15:59:12 +0000 (16:59 +0100)]
xen: ensure that all event channels start off bound to VCPU 0
commit
b0097adeec27e30223c989561ab0f7aa60d1fe93 upstream.
All event channels startbound to VCPU 0 so ensure that cpu_evtchn_mask
is initialised to reflect this. Otherwise there is a race after registering an
event channel but before the affinity is explicitly set where the event channel
can be delivered. If this happens then the event channel remains pending in the
L1 (evtchn_pending) array but is cleared in L2 (evtchn_pending_sel), this means
the event channel cannot be reraised until another event channel happens to
trigger the same L2 entry on that VCPU.
sizeof(cpu_evtchn_mask(0))==sizeof(unsigned long*) which is not correct, and
causes only the first 32 or 64 event channels (depending on architecture) to be
initially bound to VCPU0. Use sizeof(struct cpu_evtchn_s) instead.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Robin@sgi.com [Wed, 24 Nov 2010 20:56:59 +0000 (12:56 -0800)]
sgi-xpc: XPC fails to discover partitions with all nasids above 128
commit
c22c7aeff69796f46ae0fcec141538e28f50b24e upstream.
UV hardware defines 256 memory protection regions versus the baseline 64
with increasing size for the SN2 ia64. This was overlooked when XPC was
modified to accomodate both UV and SN2.
Without this patch, a user could reconfigure their existing system and
suddenly disable cross-partition communications with no indication of what
has gone wrong. It also prevents larger configurations from using
cross-partition communication.
Signed-off-by: Robin Holt <holt@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Michael Hennerich [Tue, 26 Oct 2010 21:21:16 +0000 (14:21 -0700)]
drivers/misc/ad525x_dpot.c: fix typo in spi write16 and write24 transfer counts
commit
1f9fa5216eacf4fdf9d3e4ab57feb8b642f0e78b upstream.
This is a bug fix. Some SPI connected devices using 16/24 bit accesses,
previously failed, now work.
This typo slipped in after testing, during some restructuring.
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Cc: Chris Verges <chrisv@cyberswitching.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel Klaffenbach [Sat, 20 Nov 2010 03:25:21 +0000 (21:25 -0600)]
ssb: b43-pci-bridge: Add new vendor for BCM4318
commit
1d8638d4038eb8709edc80e37a0bbb77253d86e9 upstream.
Add new vendor for Broadcom 4318.
Signed-off-by: Daniel Klaffenbach <danielklaffenbach@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Guennadi Liakhovetski [Tue, 23 Nov 2010 16:10:24 +0000 (17:10 +0100)]
wireless: b43: fix error path in SDIO
commit
e476a5a41ad67d0e2b4a652820c49a3923eb936b upstream.
Fix unbalanced call to sdio_release_host() on the error path.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Larry Finger [Thu, 28 Oct 2010 15:43:26 +0000 (10:43 -0500)]
b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd
commit
9f2a0fac625bcef9c579bcf0b0c904ab1a56e7c4 upstream.
On module removal, the sdio version of b43 generates the following warning:
[ 851.560519] ------------[ cut here ]------------
[ 851.560531] WARNING: at drivers/mmc/core/core.c:237 mmc_wait_for_cmd+0x88/0x90()
[ 851.560534] Hardware name: 20552PG
[ 851.560536] Modules linked in: b43(-) ssb mmc_block binfmt_misc rfcomm sco bnep ppdev l2cap ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp kvm_intel kvm arc4 iwlagn snd_hda_codec_conexant snd_hda_intel snd_hda_codec iwlcore snd_hwdep snd_pcm thinkpad_acpi mac80211 snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq r852 joydev snd_timer sm_common pcmcia nand snd_seq_device cfg80211 sdhci_pci btusb psmouse tpm_tis yenta_socket nand_ids lp snd pcmcia_rsrc nand_ecc bluetooth sdhci tpm pcmcia_core parport mtd snd_page_alloc serio_raw tpm_bios soundcore nvram led_class sha256_generic aes_i586 aes_generic dm_crypt i915 drm_kms_helper drm ahci intel_agp i2c_algo_bit intel_gtt e1000e libahci video agpgart output
[ 851.560620] Pid: 2504, comm: rmmod Not tainted 2.6.36-titan0+ #1
[ 851.560622] Call Trace:
[ 851.560631] [<
c014a102>] warn_slowpath_common+0x72/0xa0
[ 851.560636] [<
c04d94c8>] ? mmc_wait_for_cmd+0x88/0x90
[ 851.560641] [<
c04d94c8>] ? mmc_wait_for_cmd+0x88/0x90
[ 851.560645] [<
c014a152>] warn_slowpath_null+0x22/0x30
[ 851.560649] [<
c04d94c8>] mmc_wait_for_cmd+0x88/0x90
[ 851.560655] [<
c0401585>] ? device_release+0x25/0x80
[ 851.560660] [<
c04df210>] mmc_io_rw_direct_host+0xa0/0x150
[ 851.560665] [<
c04df370>] mmc_io_rw_direct+0x30/0x40
[ 851.560669] [<
c04e06e7>] sdio_disable_func+0x37/0xa0
[ 851.560683] [<
f8dfcb80>] b43_sdio_remove+0x30/0x50 [b43]
[ 851.560687] [<
c04df8cc>] sdio_bus_remove+0x1c/0x60
[ 851.560692] [<
c016d39f>] ? blocking_notifier_call_chain+0x1f/0x30
[ 851.560697] [<
c0404991>] __device_release_driver+0x51/0xb0
[ 851.560701] [<
c0404a7f>] driver_detach+0x8f/0xa0
[ 851.560705] [<
c0403c83>] bus_remove_driver+0x63/0xa0
[ 851.560709] [<
c0405039>] driver_unregister+0x49/0x80
[ 851.560713] [<
c0405039>] ? driver_unregister+0x49/0x80
[ 851.560718] [<
c04dfad7>] sdio_unregister_driver+0x17/0x20
[ 851.560727] [<
f8dfcb42>] b43_sdio_exit+0x12/0x20 [b43]
[ 851.560734] [<
f8dfe76f>] b43_exit+0x17/0x3c [b43]
[ 851.560740] [<
c017fb8d>] sys_delete_module+0x13d/0x200
[ 851.560747] [<
c01fd7d2>] ? do_munmap+0x212/0x300
[ 851.560752] [<
c010311f>] sysenter_do_call+0x12/0x28
[ 851.560757] ---[ end trace
31e14488072d2f7d ]---
[ 851.560759] ------------[ cut here ]------------
The warning is caused by b43 not claiming the device before calling
sdio_disable_func().
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Arnd Hannemann <arnd@arndnet.de>
Tested-by: Arnd Hannemann <arnd@arndnet.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chris Wilson [Thu, 14 Oct 2010 15:30:41 +0000 (16:30 +0100)]
agp/intel: Also add B43.1 to list of supported devices
commit
3dde04b0152634d42994b34b86bbf3c70fbc6b19 upstream.
This was a missing piece from
41a5142 that dropped recognition of the
AGP module for the second B43 variant.
Reported-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dean Nelson [Tue, 26 Oct 2010 21:22:08 +0000 (14:22 -0700)]
mm/hugetlb.c: add missing spin_lock() to hugetlb_cow()
commit
44e2aa937e698ea95dd86b2a4fabd734ef2c76db upstream.
Add missing spin_lock() of the page_table_lock before an error return in
hugetlb_cow(). Callers of hugtelb_cow() expect it to be held upon return.
Signed-off-by: Dean Nelson <dnelson@redhat.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KAMEZAWA Hiroyuki [Tue, 26 Oct 2010 21:22:08 +0000 (14:22 -0700)]
mm: fix is_mem_section_removable() page_order BUG_ON check
commit
572438f9b52236bd8938b1647cc15e027d27ef55 upstream.
page_order() is called by memory hotplug's user interface to check the
section is removable or not. (is_mem_section_removable())
It calls page_order() withoug holding zone->lock.
So, even if the caller does
if (PageBuddy(page))
ret = page_order(page) ...
The caller may hit BUG_ON().
For fixing this, there are 2 choices.
1. add zone->lock.
2. remove BUG_ON().
is_mem_section_removable() is used for some "advice" and doesn't need to
be 100% accurate. This is_removable() can be called via user program..
We don't want to take this important lock for long by user's request. So,
this patch removes BUG_ON().
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Acked-by: Wu Fengguang <fengguang.wu@intel.com>
Acked-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Mel Gorman <mel@csn.ul.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mel Gorman [Tue, 26 Oct 2010 21:21:11 +0000 (14:21 -0700)]
mm, page-allocator: do not check the state of a non-existant buddy during free
commit
b7f50cfa3630b6e079929ffccfd442d65064ee1f upstream.
There is a bug in commit
6dda9d55 ("page allocator: reduce fragmentation
in buddy allocator by adding buddies that are merging to the tail of the
free lists") that means a buddy at order MAX_ORDER is checked for merging.
A page of this order never exists so at times, an effectively random
piece of memory is being checked.
Alan Curry has reported that this is causing memory corruption in
userspace data on a PPC32 platform (http://lkml.org/lkml/2010/10/9/32).
It is not clear why this is happening. It could be a cache coherency
problem where pages mapped in both user and kernel space are getting
different cache lines due to the bad read from kernel space
(http://lkml.org/lkml/2010/10/13/179). It could also be that there are
some special registers being io-remapped at the end of the memmap array
and that a read has special meaning on them. Compiler bugs have been
ruled out because the assembly before and after the patch looks relatively
harmless.
This patch fixes the problem by ensuring we are not reading a possibly
invalid location of memory. It's not clear why the read causes corruption
but one way or the other it is a buggy read.
Signed-off-by: Mel Gorman <mel@csn.ul.ie>
Cc: Corrado Zoccolo <czoccolo@gmail.com>
Reported-by: Alan Curry <pacman@kosh.dhis.org>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
KAMEZAWA Hiroyuki [Tue, 26 Oct 2010 21:21:10 +0000 (14:21 -0700)]
mm: fix return value of scan_lru_pages in memory unplug
commit
f8f72ad5396987e05a42cf7eff826fb2a15ff148 upstream.
scan_lru_pages returns pfn. So, it's type should be "unsigned long"
not "int".
Note: I guess this has been work until now because memory hotplug tester's
machine has not very big memory....
physical address < 32bit << PAGE_SHIFT.
Reported-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Santosh Shilimkar [Wed, 27 Oct 2010 15:17:15 +0000 (11:17 -0400)]
oprofile: Fix the hang while taking the cpu offline
commit
4ac3dbec800d93485a5c84e37af676278eea657c upstream.
The kernel build with CONFIG_OPROFILE and CPU_HOTPLUG enabled.
The oprofile is initialised using system timer in absence of hardware
counters supports. Oprofile isn't started from userland.
In this setup while doing a CPU offline the kernel hangs in infinite
for loop inside lock_hrtimer_base() function
This happens because as part of oprofile_cpu_notify(, it tries to
stop an hrtimer which was never started. These per-cpu hrtimers
are started when the oprfile is started.
echo 1 > /dev/oprofile/enable
This problem also existwhen the cpu is booted with maxcpus parameter
set. When bringing the remaining cpus online the timers are started
even if oprofile is not yet enabled.
This patch fix this issue by adding a state variable so that
these hrtimer start/stop is only attempted when oprofile is
started
For stable kernels v2.6.35.y and v2.6.36.y.
Reported-by: Jan Sebastien <s-jan@ti.com>
Tested-by: sricharan <r.sricharan@ti.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@ti.com>
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jean Delvare [Thu, 28 Oct 2010 18:31:50 +0000 (20:31 +0200)]
hwmon: (lm85) Fix ADT7468 frequency table
commit
fa7a5797e57d2ed71f9a6fb44f0ae42c2d7b74b7 upstream.
The ADT7468 uses the same frequency table as the ADT7463.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Darrick J. Wong <djwong@us.ibm.com>
Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Wed, 27 Oct 2010 17:33:43 +0000 (19:33 +0200)]
numa: fix slab_node(MPOL_BIND)
commit
800416f799e0723635ac2d720ad4449917a1481c upstream.
When a node contains only HighMem memory, slab_node(MPOL_BIND)
dereferences a NULL pointer.
[ This code seems to go back all the way to commit
19770b32609b: "mm:
filter based on a nodemask as well as a gfp_mask". Which was back in
April 2008, and it got merged into 2.6.26. - Linus ]
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Christoph Lameter <cl@linux.com>
Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard Weinberger [Tue, 26 Oct 2010 21:21:13 +0000 (14:21 -0700)]
um: fix global timer issue when using CONFIG_NO_HZ
commit
482db6df1746c4fa7d64a2441d4cb2610249c679 upstream.
This fixes a issue which was introduced by
fe2cc53e ("uml: track and make
up lost ticks").
timeval_to_ns() returns long long and not int. Due to that UML's timer
did not work properlt and caused timer freezes.
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Pekka Enberg <penberg@kernel.org>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard Weinberger [Tue, 26 Oct 2010 21:21:16 +0000 (14:21 -0700)]
um: remove PAGE_SIZE alignment in linker script causing kernel segfault.
commit
6915e04f8847bea16d0890f559694ad8eedd026c upstream.
The linker script cleanup that I did in commit
5d150a97f93 ("um: Clean up
linker script using standard macros.") (2.6.32) accidentally introduced an
ALIGN(PAGE_SIZE) when converting to use INIT_TEXT_SECTION; Richard
Weinberger reported that this causes the kernel to segfault with
CONFIG_STATIC_LINK=y.
I'm not certain why this extra alignment is a problem, but it seems likely
it is because previously
__init_begin = _stext = _text = _sinittext
and with the extra ALIGN(PAGE_SIZE), _sinittext becomes different from the
rest. So there is likely a bug here where something is assuming that
_sinittext is the same as one of those other symbols. But reverting the
accidental change fixes the regression, so it seems worth committing that
now.
Signed-off-by: Tim Abbott <tabbott@ksplice.com>
Reported-by: Richard Weinberger <richard@nod.at>
Cc: Jeff Dike <jdike@addtoit.com>
Tested by: Antoine Martin <antoine@nagafix.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Eric Dumazet [Tue, 26 Oct 2010 21:21:17 +0000 (14:21 -0700)]
ipmi: proper spinlock initialization
commit
de5e2ddf9bb3ce7b643223b9b0718062254f302f upstream.
Unloading ipmi module can trigger following error. (if
CONFIG_DEBUG_SPINLOCK=y)
[ 9633.779590] BUG: spinlock bad magic on CPU#1, rmmod/7170
[ 9633.779606] lock:
f41f5414, .magic:
00000000, .owner:
<none>/-1, .owner_cpu: 0
[ 9633.779626] Pid: 7170, comm: rmmod Not tainted
2.6.36-rc7-11474-gb71eb1e-dirty #328
[ 9633.779644] Call Trace:
[ 9633.779657] [<
c13921cc>] ? printk+0x18/0x1c
[ 9633.779672] [<
c11a1f33>] spin_bug+0xa3/0xf0
[ 9633.779685] [<
c11a1ffd>] do_raw_spin_lock+0x7d/0x160
[ 9633.779702] [<
c1131537>] ? release_sysfs_dirent+0x47/0xb0
[ 9633.779718] [<
c1131b78>] ? sysfs_addrm_finish+0xa8/0xd0
[ 9633.779734] [<
c1394bac>] _raw_spin_lock_irqsave+0xc/0x20
[ 9633.779752] [<
f99d93da>] cleanup_one_si+0x6a/0x200 [ipmi_si]
[ 9633.779768] [<
c11305b2>] ? sysfs_hash_and_remove+0x72/0x80
[ 9633.779786] [<
f99dcf26>] ipmi_pnp_remove+0xd/0xf [ipmi_si]
[ 9633.779802] [<
c11f622b>] pnp_device_remove+0x1b/0x40
Fix this by initializing spinlocks in a smi_info_alloc() helper function,
right after memory allocation and clearing.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: David Miller <davem@davemloft.net>
Cc: Yinghai Lu <yinghai@kernel.org>
Acked-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard Weinberger [Tue, 26 Oct 2010 21:21:18 +0000 (14:21 -0700)]
hostfs: fix UML crash: remove f_spare from hostfs
commit
1b627d5771312c92404b66f0a0b16f66036dd2e1 upstream.
365b1818 ("add f_flags to struct statfs(64)") resized f_spare within
struct statfs which caused a UML crash. There is no need to copy f_spare.
Signed-off-by: Richard Weinberger <richard@nod.at>
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Tested-by: Toralf Förster <toralf.foerster@gmx.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Masanori ITOH [Tue, 26 Oct 2010 21:21:20 +0000 (14:21 -0700)]
percpu: fix list_head init bug in __percpu_counter_init()
commit
8474b591faf3bb0a1e08a60d21d6baac498f15e4 upstream.
WARNING: at lib/list_debug.c:26 __list_add+0x3f/0x81()
Hardware name: Express5800/B120a [N8400-085]
list_add corruption. next->prev should be prev (
ffffffff81a7ea00), but was
dead000000200200. (next=
ffff88080b872d58).
Modules linked in: aoe ipt_MASQUERADE iptable_nat nf_nat autofs4 sunrpc bridge 8021q garp stp llc ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_round_robin dm_multipath kvm_intel kvm uinput lpfc scsi_transport_fc igb ioatdma scsi_tgt i2c_i801 i2c_core dca iTCO_wdt iTCO_vendor_support pcspkr shpchp megaraid_sas [last unloaded: aoe]
Pid: 54, comm: events/3 Tainted: G W 2.6.34-vanilla1 #1
Call Trace:
[<
ffffffff8104bd77>] warn_slowpath_common+0x7c/0x94
[<
ffffffff8104bde6>] warn_slowpath_fmt+0x41/0x43
[<
ffffffff8120fd2e>] __list_add+0x3f/0x81
[<
ffffffff81212a12>] __percpu_counter_init+0x59/0x6b
[<
ffffffff810d8499>] bdi_init+0x118/0x17e
[<
ffffffff811f2c50>] blk_alloc_queue_node+0x79/0x143
[<
ffffffff811f2d2b>] blk_alloc_queue+0x11/0x13
[<
ffffffffa02a931d>] aoeblk_gdalloc+0x8e/0x1c9 [aoe]
[<
ffffffffa02aa655>] aoecmd_sleepwork+0x25/0xa8 [aoe]
[<
ffffffff8106186c>] worker_thread+0x1a9/0x237
[<
ffffffffa02aa630>] ? aoecmd_sleepwork+0x0/0xa8 [aoe]
[<
ffffffff81065827>] ? autoremove_wake_function+0x0/0x39
[<
ffffffff810616c3>] ? worker_thread+0x0/0x237
[<
ffffffff810653ad>] kthread+0x7f/0x87
[<
ffffffff8100aa24>] kernel_thread_helper+0x4/0x10
[<
ffffffff8106532e>] ? kthread+0x0/0x87
[<
ffffffff8100aa20>] ? kernel_thread_helper+0x0/0x10
It's because there is no initialization code for a list_head contained in
the struct backing_dev_info under CONFIG_HOTPLUG_CPU, and the bug comes up
when block device drivers calling blk_alloc_queue() are used. In case of
me, I got them by using aoe.
Signed-off-by: Masanori Itoh <itoumsn@nttdata.co.jp>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Richard A. Smith [Sat, 25 Sep 2010 18:19:26 +0000 (19:19 +0100)]
olpc_battery: Fix endian neutral breakage for s16 values
commit
7cfbb29466633e6ecdc14f76a693c8478c2b22af upstream.
When the driver was updated to be endian neutral (
8e9c7716c)
the signed part of the s16 values was lost. This is because be16_to_cpu()
returns an unsigned value. This patch casts the values back to a s16
number prior to the the implicit cast up to an int.
Signed-off-by: Richard A. Smith <richard@laptop.org>
Signed-off-by: Daniel Drake <dsd@laptop.org>
Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiri Slaby [Tue, 26 Oct 2010 21:22:11 +0000 (14:22 -0700)]
hpet: unmap unused I/O space
commit
a56d5318716d120e040294bb258901ba89fb9c90 upstream.
When the initialization code in hpet finds a memory resource and does not
find an IRQ, it does not unmap the memory resource previously mapped.
There are buggy BIOSes which report resources exactly like this and what
is worse the memory region bases point to normal RAM. This normally would
not matter since the space is not touched. But when PAT is turned on,
ioremap causes the page to be uncached and sets this bit in page->flags.
Then when the page is about to be used by the allocator, it is reported
as:
BUG: Bad page state in process md5sum pfn:3ed00
page:
ffffea0000dbd800 count:0 mapcount:0 mapping:(null) index:0x0
page flags: 0x20000001000000(uncached)
Pid: 7956, comm: md5sum Not tainted 2.6.34-12-desktop #1
Call Trace:
[<
ffffffff810df851>] bad_page+0xb1/0x100
[<
ffffffff810dfa45>] prep_new_page+0x1a5/0x1c0
[<
ffffffff810dfe01>] get_page_from_freelist+0x3a1/0x640
[<
ffffffff810e01af>] __alloc_pages_nodemask+0x10f/0x6b0
...
In this particular case:
1) HPET returns
3ed00000 as memory region base, but it is not in
reserved ranges reported by the BIOS (excerpt):
BIOS-e820:
0000000000100000 -
00000000af6cf000 (usable)
BIOS-e820:
00000000af6cf000 -
00000000afdcf000 (reserved)
2) there is no IRQ resource reported by HPET method. On the other
hand, the Intel HPET specs (1.0a) says (3.2.5.1):
_CRS (
// Report 1K of memory consumed by this Timer Block
memory range consumed
// Optional: only used if BIOS allocates Interrupts [1]
IRQs consumed
)
[1] For case where Timer Block is configured to consume IRQ0/IRQ8 AND
Legacy 8254/Legacy RTC hardware still exists, the device objects
associated with 8254 & RTC devices should not report IRQ0/IRQ8 as
"consumed resources".
So in theory we should check whether if it is the case and use those
interrupts instead.
Anyway the address reported by the BIOS here is bogus, so non-presence
of IRQ doesn't mean the "optional" part in point 2).
Since I got no reply previously, fix this by simply unmapping the space
when IRQ is not found and memory region was mapped previously. It would
be probably more safe to walk the resources again and unmap appropriately
depending on type. But as we now use only ioremap for both 2 memory
resource types, it is not necessarily needed right now.
Addresses https://bugzilla.novell.com/show_bug.cgi?id=629908
Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Clemens Ladisch [Tue, 26 Oct 2010 21:22:13 +0000 (14:22 -0700)]
hpet: fix unwanted interrupt due to stale irq status bit
commit
96e9694df446d1154ec2f4fdba8908588b9cba38 upstream.
Jaswinder Singh Rajput wrote:
> By executing Documentation/timers/hpet_example.c
>
> for polling, I requested for 3 iterations but it seems iteration work
> for only 2 as first expired time is always very small.
>
> # ./hpet_example poll /dev/hpet 10 3
> -hpet: executing poll
> hpet_poll: info.hi_flags 0x0
> hpet_poll: expired time = 0x13
> hpet_poll: revents = 0x1
> hpet_poll: data 0x1
> hpet_poll: expired time = 0x1868c
> hpet_poll: revents = 0x1
> hpet_poll: data 0x1
> hpet_poll: expired time = 0x18645
> hpet_poll: revents = 0x1
> hpet_poll: data 0x1
Clearing the HPET interrupt enable bit disables interrupt generation
but does not disable the timer, so the interrupt status bit will still
be set when the timer elapses. If another interrupt arrives before
the timer has been correctly programmed (due to some other device on
the same interrupt line, or CONFIG_DEBUG_SHIRQ), this results in an
extra unwanted interrupt event because the status bit is likely to be
set from comparator matches that happened before the device was opened.
Therefore, we have to ensure that the interrupt status bit is and
stays cleared until we actually program the timer.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-by: Jaswinder Singh Rajput <jaswinderlinux@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: john stultz <johnstul@us.ibm.com>
Cc: Bob Picco <bpicco@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andrew Morton [Tue, 26 Oct 2010 21:21:19 +0000 (14:21 -0700)]
kfifo: disable __kfifo_must_check_helper()
commit
52c5171214ff3327961d0ce0db7e8d2ce55004fd upstream.
This helper is wrong: it coerces signed values into unsigned ones, so code
such as
if (kfifo_alloc(...) < 0) {
error
}
will fail to detect the error.
So let's disable __kfifo_must_check_helper() for 2.6.36.
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Stefani Seibold <stefani@seibold.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-Hartman [Tue, 16 Nov 2010 19:23:33 +0000 (11:23 -0800)]
Staging: line6: fix up some sysfs attribute permissions
commit
2018845b6a169f75341f8e68ad1089cb6697cf24 and
2018845b6a169f75341f8e68ad1089cb6697cf24 upstream merged together as it
had to be backported by hand.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Markus Grabner <grabner@icg.tugraz.at>
Cc: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel T Chen [Sun, 21 Nov 2010 19:01:14 +0000 (14:01 -0500)]
ALSA: hda: Use hp-laptop quirk to enable headphones automute for Asus A52J
commit
673f7a8984c3a9e2cb1108ce221da1ebbd9e5d09 upstream.
BugLink: https://launchpad.net/bugs/677652
The original reporter states that, in 2.6.35, headphones do not appear
to work, nor does inserting them mute the A52J's onboard speakers. Upon
inspecting the codec dump, it appears that the newly committed hp-laptop
quirk will suffice to enable this basic functionality. Testing was done
with an alsa-driver build from 2010-11-21.
Reported-and-tested-by: Joan Creus
Signed-off-by: Daniel T Chen <crimsun@ubuntu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-Hartman [Thu, 18 Nov 2010 19:21:04 +0000 (11:21 -0800)]
Staging: asus_oled: fix up my fixup for some sysfs attribute permissions
commit
515b4987ccd097cdf5416530b05fdf9e01afe95a upstream.
They should be writable by root, not readable.
Doh, stupid me with the wrong flags.
Reported-by: Jonathan Cameron <jic23@cam.ac.uk>
Cc: Jakub Schmidtke <sjakub@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-Hartman [Tue, 16 Nov 2010 19:17:01 +0000 (11:17 -0800)]
Staging: asus_oled: fix up some sysfs attribute permissions
commit
590b0b9754bd8928926bae7194b6da7ead9bda3b upstream.
They should not be writable by any user
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jakub Schmidtke <sjakub@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Larry Finger [Thu, 28 Oct 2010 13:47:13 +0000 (08:47 -0500)]
staging: rt2870: Add new USB ID for Belkin
F6D4050 v1
commit
705059a670f3af2b37695e82de0ee58e75e656ed upstream.
Add new USB ID for FT2870 for Belkin
F6D4050 v1
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported- and Tested-by: James Long <crogonint@yahoo.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Frederic Weisbecker [Thu, 2 Dec 2010 22:31:16 +0000 (14:31 -0800)]
reiserfs: don't acquire lock recursively in reiserfs_acl_chmod
commit
238af8751f64a75f8b638193353b1c31ea32e738 upstream.
reiserfs_acl_chmod() can be called by reiserfs_set_attr() and then take
the reiserfs lock a second time. Thereafter it may call journal_begin()
that definitely requires the lock not to be nested in order to release
it before taking the journal mutex because the reiserfs lock depends on
the journal mutex already.
So, aviod nesting the lock in reiserfs_acl_chmod().
Reported-by: Pawel Zawora <pzawora@gmail.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Tested-by: Pawel Zawora <pzawora@gmail.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Frederic Weisbecker [Wed, 24 Nov 2010 20:57:15 +0000 (12:57 -0800)]
reiserfs: fix inode mutex - reiserfs lock misordering
commit
da905873effecd1c0166e578bc4b5006f041b18b upstream.
reiserfs_unpack() locks the inode mutex with reiserfs_mutex_lock_safe()
to protect against reiserfs lock dependency. However this protection
requires to have the reiserfs lock to be locked.
This is the case if reiserfs_unpack() is called by reiserfs_ioctl but
not from reiserfs_quota_on() when it tries to unpack tails of quota
files.
Fix the ordering of the two locks in reiserfs_unpack() to fix this
issue.
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Reported-by: Markus Gapp <markus.gapp@gmx.net>
Reported-by: Jan Kara <jack@suse.cz>
Cc: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Howells [Thu, 7 Oct 2010 13:08:52 +0000 (14:08 +0100)]
SH: Add missing consts to sys_execve() declaration
commit
d8b5fc01683c66060edc202d6bb5635365822181 upstream.
Add missing consts to the sys_execve() declaration which result in the
following error:
arch/sh/kernel/process_32.c:303: error: conflicting types for 'sys_execve'
/warthog/nfs/linux-2.6-fscache/arch/sh/include/asm/syscalls_32.h:24: error: previous declaration of 'sys_execve' was here
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ken Kawasaki [Fri, 29 Oct 2010 12:17:51 +0000 (12:17 +0000)]
pcnet_cs: add new_id
commit
62391f97babb7fe0c769830b6f0e0bd184bd0704 upstream.
pcnet_cs:
add new_id: "corega Ether CF-TD" 10Base-T PCMCIA card.
Signed-off-by: Ken Kawasaki <ken_kawasaki@spring.nifty.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Chris Wilson [Thu, 12 Aug 2010 08:35:00 +0000 (09:35 +0100)]
drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing.
commit
0ddc1289f3ffd779779ddd3922f26ae7d0a21604 upstream.
Just makes sure that writes are not being aliased by the CPU cache and
do make it out to main memory.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=24977
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jesse Barnes [Thu, 7 Oct 2010 23:01:25 +0000 (16:01 -0700)]
drm/i915: diasable clock gating for the panel power sequencer
commit
382b09362711d7d03272230a33767015a277926e upstream.
Needed on Ibex Peak and Cougar Point or the panel won't always come on.
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Keith Packard [Thu, 7 Oct 2010 08:20:12 +0000 (09:20 +0100)]
drm/i915: Free hardware status page on unload when physically mapped
commit
c2873e9633fe908dccd36dbb1d370e9c59a1ca62 upstream.
A physically mapped hardware status page is allocated at driver load
time but was never freed. Call the existing code to free this page at
driver unload time on hardware which uses this kind.
Signed-off-by: Keith Packard <keithp@keithp.com>
[ickle: call before tearing down registers on KMS-only path, as pointed
out by Dave Airlie]
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Yuanhan Liu [Fri, 8 Oct 2010 09:18:01 +0000 (10:18 +0100)]
drm/i915/crt: Make sure the hotplug interrupt is enabled
commit
1510a97182b4ddb5fe3c4e8d05240f7cd6fd13e7 upstream.
After disabling the hotplug interrupts for VGA detection on Ironlake, be
sure to re-enable them again afterwards.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=30378
Signed-off-by: Yuanhan Liu <yuanhan.liu@intel.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Wed, 27 Oct 2010 05:02:35 +0000 (01:02 -0400)]
drm/radeon/kms: fix handling of tex lookup disable in cs checker on r2xx
commit
43b93fbffc2c080dba2e84df6fce8d7e6c0a2581 upstream.
There are cases when multiple texture units have to be enabled,
but not actually used to sample. This patch checks to see if
the lookup_disable bit is set and if so, skips the texture check.
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=25544
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Wed, 6 Oct 2010 04:13:04 +0000 (00:13 -0400)]
drm/radeon/kms: make sure blit addr masks are 64 bit
commit
2126d0a4a205e2d6b763434f892524cd60f74228 upstream.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Yuanhan Liu [Fri, 8 Oct 2010 09:21:06 +0000 (10:21 +0100)]
drm/i915: Update hotplug interrupts register definitions for Sandybridge
commit
2d7b8366ae4a9ec2183c30e432a4a9a495c82bcd upstream.
On Sandybridge, the bit definition for hotplug on SDE has changed, so
update the code to new definition.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=30378
Signed-off-by: Yuanhan Liu <yuanhan.liu@intel.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Tue, 19 Oct 2010 03:54:56 +0000 (23:54 -0400)]
drm/radeon/kms: properly compute group_size on 6xx/7xx
commit
881fe6c1d06bf49f4ab7aef212cdaf66bd059614 upstream.
Needed for tiled surfaces.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Mon, 25 Oct 2010 23:44:00 +0000 (19:44 -0400)]
drm/radeon/kms: MC vram map needs to be >= pci aperture size
commit
b7d8cce5b558e0c0aa6898c9865356481598b46d upstream.
The vram map in the radeon memory controller needs to be
>= the pci aperture size. Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=28402
The problematic cards in the above bug have 64 MB of vram,
but the pci aperture is 128 MB and the MC vram map was only
64 MB. This can lead to hangs.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Mon, 4 Oct 2010 21:59:08 +0000 (17:59 -0400)]
NFS: Don't SIGBUS if nfs_vm_page_mkwrite races with a cache invalidation
commit
bc4866b6e0b44f8ea0df22a16e5927714beb4983 upstream.
In the case where we lock the page, and then find out that the page has
been thrown out of the page cache, we should just return VM_FAULT_NOPAGE.
This is what block_page_mkwrite() does in these situations.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Mon, 4 Oct 2010 21:59:08 +0000 (17:59 -0400)]
NFSv4: Fix open recovery
commit
b0ed9dbc24f1fd912b2dd08b995153cafc1d5b1c upstream.
NFSv4 open recovery is currently broken: since we do not clear the
state->flags states before attempting recovery, we end up with the
'can_open_cached()' function triggering. This again leads to no OPEN call
being put on the wire.
Reported-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Mon, 4 Oct 2010 21:59:08 +0000 (17:59 -0400)]
NFSv4: Don't call nfs4_state_mark_reclaim_reboot() from error handlers
commit
ae1007d37e00144b72906a4bdc47d517ae91bcc1 upstream.
In the case of a server reboot, the state recovery thread starts by calling
nfs4_state_end_reclaim_reboot() in order to avoid edge conditions when
the server reboots while the client is in the middle of recovery.
However, if the client has already marked the nfs4_state as requiring
reboot recovery, then the above behaviour will cause the recovery thread to
treat the open as if it was part of such an edge condition: the open will
be recovered as if it was part of a lease expiration (and all the locks
will be lost).
Fix is to remove the call to nfs4_state_mark_reclaim_reboot from
nfs4_async_handle_error(), and nfs4_handle_exception(). Instead we leave it
to the recovery thread to do this for us.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Mon, 4 Oct 2010 21:59:08 +0000 (17:59 -0400)]
NFSv4: Don't call nfs4_reclaim_complete() on receiving NFS4ERR_STALE_CLIENTID
commit
6eaa61496fb3b93cceface7a296415fc4c030bce upstream.
If the server sends us an NFS4ERR_STALE_CLIENTID while the state management
thread is busy reclaiming state, we do want to treat all state that wasn't
reclaimed before the STALE_CLIENTID as if a network partition occurred (see
the edge conditions described in RFC3530 and RFC5661).
What we do not want to do is to send an nfs4_reclaim_complete(), since we
haven't yet even started reclaiming state after the server rebooted.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Arnaud Patard [Thu, 21 Oct 2010 10:59:57 +0000 (03:59 -0700)]
phy/marvell: fix
88e1121 support
commit
be8c648051048bc66fbca590d00f3e8543ec32af upstream.
Commit
c477d0447db08068a497e7beb892b2b2a7bff64b added support for RGMII
rx/tx delays except that it ends up clearing rx/tx delays bit for modes
differents that RGMII*ID. Due to this, ethernet is not working anymore
on my guruplug server +. This patch is fixing that.
Signed-off-by: Arnaud Patard <arnaud.patard@rtp-net.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Thomas Backlund [Thu, 21 Oct 2010 10:19:10 +0000 (13:19 +0300)]
microblaze: Fix build with make 3.82
commit
b843e4ec01991a386a9e0e9030703524446e03da upstream.
When running make headers_install_all on x86_64 and make 3.82 I hit this:
arch/microblaze/Makefile:80: *** mixed implicit and normal rules. Stop.
make: *** [headers_install_all] Error 2
So split the rules to satisfy make 3.82.
Signed-off-by: Thomas Backlund <tmb@mandriva.org>
Signed-off-by: Michal Simek <monstr@monstr.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Sun, 24 Oct 2010 21:17:31 +0000 (17:17 -0400)]
SUNRPC: After calling xprt_release(), we must restart from call_reserve
commit
118df3d17f11733b294ea2cd988d56ee376ef9fd upstream.
Rob Leslie reports seeing the following Oops after his Kerberos session
expired.
BUG: unable to handle kernel NULL pointer dereference at
00000058
IP: [<
e186ed94>] rpcauth_refreshcred+0x11/0x12c [sunrpc]
*pde =
00000000
Oops: 0000 [#1]
last sysfs file: /sys/devices/platform/pc87360.26144/temp3_input
Modules linked in: autofs4 authenc esp4 xfrm4_mode_transport ipt_LOG ipt_REJECT xt_limit xt_state ipt_REDIRECT xt_owner xt_HL xt_hl xt_tcpudp xt_mark cls_u32 cls_tcindex sch_sfq sch_htb sch_dsmark geodewdt deflate ctr twofish_generic twofish_i586 twofish_common camellia serpent blowfish cast5 cbc xcbc rmd160 sha512_generic sha1_generic hmac crypto_null af_key rpcsec_gss_krb5 nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc ip_gre sit tunnel4 dummy ext3 jbd nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables x_tables pc8736x_gpio nsc_gpio pc87360 hwmon_vid loop aes_i586 aes_generic sha256_generic dm_crypt cs5535_gpio serio_raw cs5535_mfgpt hifn_795x des_generic geode_rng rng_core led_class ext4 mbcache jbd2 crc16 dm_mirror dm_region_hash dm_log dm_snapshot dm_mod sd_mod crc_t10dif ide_pci_generic cs5536 amd74xx ide_core pata_cs5536 ata_generic libata usb_storage via_rhine mii scsi_mod btrfs zlib_deflate crc32c libcrc32c [last unloaded: scsi_wait_scan]
Pid: 12875, comm: sudo Not tainted 2.6.36-net5501 #1 /
EIP: 0060:[<
e186ed94>] EFLAGS:
00010292 CPU: 0
EIP is at rpcauth_refreshcred+0x11/0x12c [sunrpc]
EAX:
00000000 EBX:
defb13a0 ECX:
00000006 EDX:
e18683b8
ESI:
defb13a0 EDI:
00000000 EBP:
00000000 ESP:
de571d58
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process sudo (pid: 12875, ti=
de570000 task=
decd1430 task.ti=
de570000)
Stack:
e186e008 00000000 defb13a0 0000000d deda6000 e1868f22 e196f12b defb13a0
<0>
defb13d8 00000000 00000000 e186e0aa 00000000 defb13a0 de571dac 00000000
<0>
e186956c de571e34 debea5c0 de571dc8 e186967a 00000000 debea5c0 de571e34
Call Trace:
[<
e186e008>] ? rpc_wake_up_next+0x114/0x11b [sunrpc]
[<
e1868f22>] ? call_decode+0x24a/0x5af [sunrpc]
[<
e196f12b>] ? nfs4_xdr_dec_access+0x0/0xa2 [nfs]
[<
e186e0aa>] ? __rpc_execute+0x62/0x17b [sunrpc]
[<
e186956c>] ? rpc_run_task+0x91/0x97 [sunrpc]
[<
e186967a>] ? rpc_call_sync+0x40/0x5b [sunrpc]
[<
e1969ca2>] ? nfs4_proc_access+0x10a/0x176 [nfs]
[<
e19572fa>] ? nfs_do_access+0x2b1/0x2c0 [nfs]
[<
e186ed61>] ? rpcauth_lookupcred+0x62/0x84 [sunrpc]
[<
e19573b6>] ? nfs_permission+0xad/0x13b [nfs]
[<
c0177824>] ? exec_permission+0x15/0x4b
[<
c0177fbd>] ? link_path_walk+0x4f/0x456
[<
c017867d>] ? path_walk+0x4c/0xa8
[<
c0179678>] ? do_path_lookup+0x1f/0x68
[<
c017a3fb>] ? user_path_at+0x37/0x5f
[<
c016359c>] ? handle_mm_fault+0x229/0x55b
[<
c0170a2d>] ? sys_faccessat+0x93/0x146
[<
c0170aef>] ? sys_access+0xf/0x13
[<
c02cf615>] ? syscall_call+0x7/0xb
Code: 0f 94 c2 84 d2 74 09 8b 44 24 0c e8 6a e9 8b de 83 c4 14 89 d8 5b 5e 5f 5d c3 55 57 56 53 83 ec 1c fc 89 c6 8b 40 10 89 44 24 04 <8b> 58 58 85 db 0f 85 d4 00 00 00 0f b7 46 70 8b 56 20 89 c5 83
EIP: [<
e186ed94>] rpcauth_refreshcred+0x11/0x12c [sunrpc] SS:ESP 0068:
de571d58
CR2:
0000000000000058
This appears to be caused by the function rpc_verify_header() first
calling xprt_release(), then doing a call_refresh. If we release the
transport slot, we should _always_ jump back to call_reserve before
calling anything else.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Michael Neuling [Wed, 17 Nov 2010 16:32:59 +0000 (16:32 +0000)]
powerpc: Fix call to subpage_protection()
commit
1c2c25c78740b2796c7c06640784cb6732fa4907 upstream.
In:
powerpc/mm: Fix pgtable cache cleanup with CONFIG_PPC_SUBPAGE_PROT
commit
d28513bc7f675d28b479db666d572e078ecf182d
Author: David Gibson <david@gibson.dropbear.id.au>
subpage_protection() was changed to to take an mm rather a pgdir but it
didn't change calling site in hashpage_preload(). The change wasn't
noticed at compile time since hashpage_preload() used a void* as the
parameter to subpage_protection().
This is obviously wrong and can trigger the following crash when
CONFIG_SLAB, CONFIG_DEBUG_SLAB, CONFIG_PPC_64K_PAGES
CONFIG_PPC_SUBPAGE_PROT are enabled.
Freeing unused kernel memory: 704k freed
Unable to handle kernel paging request for data at address 0x6b6b6b6b6b6c49b7
Faulting instruction address: 0xc0000000000410f4
cpu 0x2: Vector: 300 (Data Access) at [
c00000004233f590]
pc:
c0000000000410f4: .hash_preload+0x258/0x338
lr:
c000000000041054: .hash_preload+0x1b8/0x338
sp:
c00000004233f810
msr:
8000000000009032
dar:
6b6b6b6b6b6c49b7
dsisr:
40000000
current = 0xc00000007e2c0070
paca = 0xc000000007fe0500
pid = 1, comm = init
enter ? for help
[
c00000004233f810]
c000000000041020 .hash_preload+0x184/0x338 (unreliable)
[
c00000004233f8f0]
c00000000003ed98 .update_mmu_cache+0xb0/0xd0
[
c00000004233f990]
c000000000157754 .__do_fault+0x48c/0x5dc
[
c00000004233faa0]
c000000000158fd0 .handle_mm_fault+0x508/0xa8c
[
c00000004233fb90]
c0000000006acdd4 .do_page_fault+0x428/0x6ac
[
c00000004233fe30]
c000000000005260 handle_page_fault+0x20/0x74
Reported-by: Jim Keniston <jkenisto@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Henningsson [Mon, 25 Oct 2010 21:52:04 +0000 (23:52 +0200)]
ALSA: HDA: Enable internal mic on Dell E6410 and Dell E6510
[Not upstream as .37 fixes this differently in a much more complete way
that is not able to be backported easily.]
(Ported on top of 2.6.36)
BugLink: http://launchpad.net/bugs/628961
BugLink: http://launchpad.net/bugs/605047
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>
Acked-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jaroslav Kysela [Fri, 8 Oct 2010 08:48:50 +0000 (10:48 +0200)]
ALSA: OSS mixer emulation - fix locking
commit
838c364ff05c143fd1810e8ad1469935d6c23a7a upstream.
Fix mutex release and cleanup some locking code.
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Takashi Iwai [Thu, 21 Oct 2010 07:03:25 +0000 (09:03 +0200)]
ALSA: hda - Add some workarounds for Creative IBG
commit
14d34f166c57e77e3d7f9bc8b43d349186d922c1 upstream.
Creative HD-audio controller chips require some workarounds:
- Additional delay before RIRB response
- Set the initial RIRB counter to 0xc0
The latter seems to be done in general in Windows driver, so we may
use this value later for all types if it's confirmed to work better.
Reported-by: Wai Yew CHAY <wychay@ctl.creative.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Takashi Iwai [Thu, 21 Oct 2010 06:55:13 +0000 (08:55 +0200)]
ALSA: hda - Fix wrong SPDIF NID assignment for CA0110
commit
24b55c69b66eb2a122842820ec14ab215fc8572f upstream.
The dig_out_nid field must take a digital-converter widget, but the current
ca0110 parser passed the pin wrongly instead.
Reported-by: Wai Yew CHAY <wychay@ctl.creative.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Takashi Iwai [Fri, 22 Oct 2010 15:15:47 +0000 (17:15 +0200)]
ALSA: hda - Add workarounds for CT-IBG controllers
commit
62b7e5e09bcb854ff05e6ee1aa161f8283dc36ee upstream.
Creative IBG controllers require the playback stream-tags to be started
from 1, instead of capture+1. Otherwise the stream stalls.
Reported-by: Wai Yew CHAY <wychay@ctl.creative.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Takashi Iwai [Mon, 25 Oct 2010 08:37:11 +0000 (10:37 +0200)]
ALSA: hda - Disable sticky PCM stream assignment for AD codecs
commit
0e7adbe263f89ea2ef15b5af5e80a812b2a85025 upstream.
The sticky PCM stream assignment introduced in 2.6.36 kernel seems
causing problems on AD codecs. At some time later, the streaming no
longer works by unknown reason. A simple workaround is to disable
sticky-assignment for these codecs.
Tested-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alex Deucher [Wed, 17 Nov 2010 22:56:49 +0000 (17:56 -0500)]
drm/radeon/kms: register an i2c adapter name for the dp aux bus
commit
a5193fe50e7f21c26d22c17c8196420fac1a3ca7 upstream.
This causes the connector to not be added since i2c init fails
for the adapter. Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=31688
Noticed by Ari Savolainen.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: Ari Savolainen <ari.m.savolainen@gmail.com>
Cc: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Florian Tobias Schandinat [Fri, 17 Sep 2010 01:16:25 +0000 (01:16 +0000)]
viafb: fix i2c_transfer error handling
commit
85c5702ac046b14713f776d59768252d8ed8018f upstream.
i2c_transfer returns negative errno on error and number of messages
processed on success. Just returning this value would give a poor
interface as it is not obvious that you must compare with 2 after reading
1 or n bytes and with 1 after writing 1 byte to determine if it was
successful. To avoid this error prone interface convert the error code
of a successful read/write to zero and all other non-negative values to
an negative error code.
This fixes a regression introduced by
via: Rationalize vt1636 detection
which resulted in no longer detecting a VT1636 chip and therefore has
broken the output in configurations which contain this chip.
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Acked-by: Jonathan Corbet <corbet@lwn.net>
Cc: Joseph Chan <JosephChan@via.com.tw>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Nobuhiro Iwamatsu [Sun, 24 Oct 2010 16:16:57 +0000 (18:16 +0200)]
i2c-pca-platform: Change device name of request_irq
commit
323584436db0cb05286425d4dfd9516fce88487f upstream.
i2c->adap.name shouldn't be used in request_irq.
Instead the driver name "i2c-pca-platform" should be used.
Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tilman Schmidt [Thu, 30 Sep 2010 13:34:30 +0000 (13:34 +0000)]
isdn/gigaset: bas_gigaset locking fix
commit
b33ffa5cbf52ee751bb8068218ebb3c742c5a515 upstream.
Unlock cs->lock before calling error_hangup() which is marked
"cs->lock must not be held".
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tilman Schmidt [Thu, 30 Sep 2010 13:34:51 +0000 (13:34 +0000)]
isdn/gigaset: correct bas_gigaset rx buffer handling
commit
f3d531b99fb30945b4a64d6e2e86e1e62605aca5 upstream.
In transparent data reception, avoid a NULL pointer dereference
in case an skbuff cannot be allocated, remove an inappropriate
call to the HDLC flush routine, and correct the accounting of
received bytes for continued buffers.
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tilman Schmidt [Thu, 30 Sep 2010 13:34:40 +0000 (13:34 +0000)]
isdn/gigaset: fix bas_gigaset AT read error handling
commit
c8701a08d6a4efeae45d84d0aa87172f23b14e3c upstream.
Rework the handling of USB errors in AT response reads
to fix a possible infinite retry loop and a memory leak,
and silence a few overly verbose kernel messages.
Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>