Dmitry Shmidt [Thu, 15 Sep 2011 16:22:35 +0000 (09:22 -0700)]
net: wireless: Add CFG80211_ALLOW_RECONNECT option
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dima Zavin [Wed, 14 Sep 2011 22:12:45 +0000 (15:12 -0700)]
usb: gadget: android: always update the sw_connected state
If we go through connected->configured->disconnected cycle very quickly,
it is possible that we may not generate a disconnect uevent to userspace.
Connected+configured could have happened before the work item got
executed, and thus would not have updated the sw_connected state. On
the disconnect, it would have noticed that a config is no longer there
but since sw_connected was still 0, it would not have sent the
disconnect event.
Change-Id: Id71175f784e3e1cf3f828bd8b24fceea1078a06b
Signed-off-by: Dima Zavin <dima@android.com>
Dima Zavin [Wed, 14 Sep 2011 18:52:45 +0000 (11:52 -0700)]
usb: gadget: android: dump the uevents sent when changing states
Change-Id: If5011e39f400b3aca036a890b8b932a7606a7ac2
Signed-off-by: Dima Zavin <dima@android.com>
Dima Zavin [Wed, 14 Sep 2011 18:53:11 +0000 (11:53 -0700)]
usb: gadget: android: follow proper order on disconnect
We should composite_disconnect *before* updating our internal
state and sending uevent to userspace.
Also, hold cdev->lock while updating internal state.
Change-Id: If66a5a4f7d4a102a44aefc3ce4a154a5a1517dcf
Signed-off-by: Dima Zavin <dima@android.com>
Mike J. Chen [Fri, 15 Oct 2010 01:04:03 +0000 (18:04 -0700)]
input: misc: gpio; make wake irq conditional, and disable on remove paths
Add a board file option to gpio_input devices to make
calling enable_irq_wake conditional. Also disable the
wake irq when removing the device.
Change-Id: If933b9d3a751d89fa95ae3b7f739dfe70fcb23c8
Signed-off-by: Mike J. Chen <mjchen@sta.samsung.com>
Colin Cross [Tue, 16 Aug 2011 23:36:29 +0000 (16:36 -0700)]
ARM: vfp: Always save VFP state in vfp_pm_suspend
vfp_pm_suspend should save the VFP state in suspend after
any lazy context switch. If it only saves when the VFP is enabled,
the state can get lost when, on a UP system:
Thread 1 uses the VFP
Context switch occurs to thread 2, VFP is disabled but the
VFP context is not saved
Thread 2 initiates suspend
vfp_pm_suspend is called with the VFP disabled, and the unsaved
VFP context of Thread 1 in the registers
Modify vfp_pm_suspend to save the VFP context whenever
vfp_current_hw_state is not NULL.
Change-Id: I91f29722d256a3afc1cc04df8b227541434ccffb
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Barry Song <bs14@csr.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Colin Cross <ccross@android.com>
Russell King [Sat, 9 Jul 2011 16:41:33 +0000 (17:41 +0100)]
ARM: vfp: ensure that thread flushing works if preempted
Prevent a preemption event causing the initialized VFP state being
overwritten by ensuring that the VFP hardware access is disabled
prior to starting initialization. We can then do this in safety
while still allowing preemption to occur.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Sat, 9 Jul 2011 15:09:43 +0000 (16:09 +0100)]
ARM: vfp: fix a hole in VFP thread migration
Fix a hole in the VFP thread migration. Lets define two threads.
Thread 1, we'll call 'interesting_thread' which is a thread which is
running on CPU0, using VFP (so vfp_current_hw_state[0] =
&interesting_thread->vfpstate) and gets migrated off to CPU1, where
it continues execution of VFP instructions.
Thread 2, we'll call 'new_cpu0_thread' which is the thread which takes
over on CPU0. This has also been using VFP, and last used VFP on CPU0,
but doesn't use it again.
The following code will be executed twice:
cpu = thread->cpu;
/*
* On SMP, if VFP is enabled, save the old state in
* case the thread migrates to a different CPU. The
* restoring is done lazily.
*/
if ((fpexc & FPEXC_EN) && vfp_current_hw_state[cpu]) {
vfp_save_state(vfp_current_hw_state[cpu], fpexc);
vfp_current_hw_state[cpu]->hard.cpu = cpu;
}
/*
* Thread migration, just force the reloading of the
* state on the new CPU in case the VFP registers
* contain stale data.
*/
if (thread->vfpstate.hard.cpu != cpu)
vfp_current_hw_state[cpu] = NULL;
The first execution will be on CPU0 to switch away from 'interesting_thread'.
interesting_thread->cpu will be 0.
So, vfp_current_hw_state[0] points at interesting_thread->vfpstate.
The hardware state will be saved, along with the CPU number (0) that
it was executing on.
'thread' will be 'new_cpu0_thread' with new_cpu0_thread->cpu = 0.
Also, because it was executing on CPU0, new_cpu0_thread->vfpstate.hard.cpu = 0,
and so the thread migration check is not triggered.
This means that vfp_current_hw_state[0] remains pointing at interesting_thread.
The second execution will be on CPU1 to switch _to_ 'interesting_thread'.
So, 'thread' will be 'interesting_thread' and interesting_thread->cpu now
will be 1. The previous thread executing on CPU1 is not relevant to this
so we shall ignore that.
We get to the thread migration check. Here, we discover that
interesting_thread->vfpstate.hard.cpu = 0, yet interesting_thread->cpu is
now 1, indicating thread migration. We set vfp_current_hw_state[1] to
NULL.
So, at this point vfp_current_hw_state[] contains the following:
[0] = &interesting_thread->vfpstate
[1] = NULL
Our interesting thread now executes a VFP instruction, takes a fault
which loads the state into the VFP hardware. Now, through the assembly
we now have:
[0] = &interesting_thread->vfpstate
[1] = &interesting_thread->vfpstate
CPU1 stops due to ptrace (and so saves its VFP state) using the thread
switch code above), and CPU0 calls vfp_sync_hwstate().
if (vfp_current_hw_state[cpu] == &thread->vfpstate) {
vfp_save_state(&thread->vfpstate, fpexc | FPEXC_EN);
BANG, we corrupt interesting_thread's VFP state by overwriting the
more up-to-date state saved by CPU1 with the old VFP state from CPU0.
Fix this by ensuring that we have sane semantics for the various state
describing variables:
1. vfp_current_hw_state[] points to the current owner of the context
information stored in each CPUs hardware, or NULL if that state
information is invalid.
2. thread->vfpstate.hard.cpu always contains the most recent CPU number
which the state was loaded into or NR_CPUS if no CPU owns the state.
So, for a particular CPU to be a valid owner of the VFP state for a
particular thread t, two things must be true:
vfp_current_hw_state[cpu] == &t->vfpstate && t->vfpstate.hard.cpu == cpu.
and that is valid from the moment a CPU loads the saved VFP context
into the hardware. This gives clear and consistent semantics to
interpreting these variables.
This patch also fixes thread copying, ensuring that t->vfpstate.hard.cpu
is invalidated, otherwise CPU0 may believe it was the last owner. The
hole can happen thus:
- thread1 runs on CPU2 using VFP, migrates to CPU3, exits and thread_info
freed.
- New thread allocated from a previously running thread on CPU2, reusing
memory for thread1 and copying vfp.hard.cpu.
At this point, the following are true:
new_thread1->vfpstate.hard.cpu == 2
&new_thread1->vfpstate == vfp_current_hw_state[2]
Lastly, this also addresses thread flushing in a similar way to thread
copying. Hole is:
- thread runs on CPU0, using VFP, migrates to CPU1 but does not use VFP.
- thread calls execve(), so thread flush happens, leaving
vfp_current_hw_state[0] intact. This vfpstate is memset to 0 causing
thread->vfpstate.hard.cpu = 0.
- thread migrates back to CPU0 before using VFP.
At this point, the following are true:
thread->vfpstate.hard.cpu == 0
&thread->vfpstate == vfp_current_hw_state[0]
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Sat, 9 Jul 2011 13:24:36 +0000 (14:24 +0100)]
ARM: vfp: rename check_exception to vfp_hw_state_valid
Rename this branch to more accurately reflect why its taken, rather
than what the following code does. It is the only caller of this code.
This helps to clarify following changes, yet this change results in no
actual code change.
Document the VFP hardware state at the target of this branch.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Sat, 9 Jul 2011 12:44:04 +0000 (13:44 +0100)]
ARM: vfp: rename last_VFP_context to vfp_current_hw_state
Rename the slightly confusing 'last_VFP_context' variable to be more
descriptive of what it actually is. This variable stores a pointer
to the current owner's vfpstate structure for the context held in the
VFP hardware.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
JP Abgrall [Sun, 11 Sep 2011 19:13:41 +0000 (12:13 -0700)]
netfilter: xt_qtaguid: warn only once for missing proc qtaguid data
When a process doesn't have /dev/xt_qtaguid open, only warn once
instead of for every ctrl access.
Change-Id: I98a462a8731254ddc3bf6d2fefeef9823659b1f0
Signed-off-by: JP Abgrall <jpa@google.com>
Dima Zavin [Fri, 9 Sep 2011 16:25:05 +0000 (09:25 -0700)]
usb: otg_id: add suspend/resume interface
It is possible that while one driver has already suspended,
another driver calls otg_id_notify() because it has not yet been
suspended. It would then be possible for the suspended driver's
detect callback to be called. This is undesirable.
Introduce new otg_id_suspend/otg_id_resume functions that
keep a suspended count, and if a notification happens while
someone is suspended, that notification is deferred until
all the drivers are resumed. If the notification happens before
the last driver is suspended, that suspend will be aborted
and once the final driver resumes through otg_id_resume, the
notification will be delivered.
Change-Id: I32fd32bec65e366e5f97a25c15255d94773b85b3
Signed-off-by: Dima Zavin <dima@android.com>
JP Abgrall [Fri, 9 Sep 2011 08:55:24 +0000 (01:55 -0700)]
netfilter: xt_qtaguid: 1st pass at tracking tag based data resources
* Added global resource tracking based on tags.
- Can be put into passive mode via
/sys/modules/xt_qtaguid/params/tag_tracking_passive
- The number of socket tags per UID is now limited
- Adding /dev/xt_qtaguid that each process should open before starting
to tag sockets. A later change will make it a "must".
- A process should not create new tags unless it has the dev open.
A later change will make it a must.
- On qtaguid_resources release, the process' matching socket tag info
is deleted.
* Support run-time debug mask via /sys/modules parameter "debug_mask".
* split module into prettyprinting code, includes, main.
* Removed ptrdiff_t usage which didn't work in all cases.
Change-Id: I4a21d3bea55d23c1c3747253904e2a79f7d555d9
Signed-off-by: JP Abgrall <jpa@google.com>
jun.ho.lee [Fri, 9 Sep 2011 09:50:02 +0000 (18:50 +0900)]
net: wireless: change the expire time about each entry of scan results
Change-Id: I6e8d838d91bebc28f4cd09dcb8b9f1de775be13d
Signed-off-by: jun.ho.lee <jun.ho.lee@samsung.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
JP Abgrall [Sat, 3 Sep 2011 01:14:12 +0000 (18:14 -0700)]
rtc alarm: fix bad index when canceling alarms[]
It was using ANDROID_ALARM_ELAPSED_REALTIME_WAKEUP_MASK as an
index.
Change-Id: I919860cc71254453e382616bce9fd5455802cb3d
Signed-off-by: JP Abgrall <jpa@google.com>
Colin Cross [Thu, 8 Sep 2011 00:28:58 +0000 (17:28 -0700)]
mmc: core: host: only use wakelock for detect work
There is no need to take a wakelock for delayed lazy disable
work, it will be cancelled in the suspend handler and force
disabled. Only take the wakelock when the detect work is
queued, and make sure to drop the wakelock if the work is
cancelled.
Change-Id: I1e507a5f98848954ea21d45e23b6192c3132a349
Signed-off-by: Colin Cross <ccross@android.com>
Mike Lockwood [Wed, 7 Sep 2011 16:55:12 +0000 (09:55 -0700)]
USB: gadget: android: pass ctrl requests to accessory function when disabled
Signed-off-by: Mike Lockwood <lockwood@android.com>
Dmitry Shmidt [Wed, 7 Sep 2011 17:30:45 +0000 (10:30 -0700)]
net: wireless: bcmdhd: Update to version 5.90.125.78
- Add BT-Coex support to cfg80211
- Add private event logic to cfg80211 when FW hangs
- Reduce passive dwell time to 130 ms
- Fix proptx initialize fail issue
- Implement codes for WPS2.0 using cfg80211
- Clean any left virtual interfaces in primary dhd_stop context
- Skip waiting for rtnl_lock in cfg80211 callback if already taken
- Skip writing to file FW trap info
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Ming Lei [Tue, 30 Aug 2011 16:03:13 +0000 (16:03 +0000)]
usb: ehci: make HC see up-to-date qh/qtd descriptor ASAP
This patch introduces the helper of ehci_sync_mem to flush
qtd/qh into memory immediately on some ARM, so that HC can
see the up-to-date qtd/qh descriptor asap.
This patch fixs one performance bug on ARM Cortex A9 dual core
platform, which has been reported on quite a few ARM machines
(OMAP4, Tegra 2, snowball...), see details from link of
https://bugs.launchpad.net/bugs/709245.
The patch has been tested ok on OMAP4 panda A1 board, and the
performance of 'dd' over usb mass storage can be increased from
4~5MB/sec to 14~16MB/sec after applying this patch.
Change-Id: I7994c58a1001c7f46f13e09420328a3916bbfcef
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Russell King <linux@arm.linux.org.uk>
Signed-off-by: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Todd Poynor [Fri, 26 Aug 2011 02:29:45 +0000 (19:29 -0700)]
PM: Backoff suspend if repeated attempts fail
Change-Id: I32289676d95a307ea3aa5e78f6c126ca979c0fec
Signed-off-by: Todd Poynor <toddpoynor@google.com>
JP Abgrall [Wed, 31 Aug 2011 20:50:15 +0000 (13:50 -0700)]
netfilter: qtaguid: fix proc/.../stats uid filtered output
"cat /proc/net/xt_qtaguid/stats"
for a non-priviledged UID would output multiple twice its own stats.
The fix tweaks the way lines are counted.
Non-root:
idx iface acct_tag_hex uid_tag_int cnt_set ...
2 wlan0 0x0 10022 0 ...
3 wlan0 0x0 10022 1 ...
4 wlan0 0x3010000000000000 10022 0 ...
5 wlan0 0x3010000000000000 10022 1 ...
Root:
idx iface acct_tag_hex uid_tag_int cnt_set
2 wlan0 0x0 0 0 ...
3 wlan0 0x0 0 1 ...
4 wlan0 0x0 1000 0 ...
...
12 wlan0 0x0 10022 0 ...
13 wlan0 0x0 10022 1 ...
...
18 wlan0 0x3010000000000000 10022 0 ...
19 wlan0 0x3010000000000000 10022 1 ...
Change-Id: I3cae1f4fee616bc897831350374656b0c718c45b
Signed-off-by: JP Abgrall <jpa@google.com>
Dmitry Shmidt [Tue, 30 Aug 2011 23:31:45 +0000 (16:31 -0700)]
net: wireless: bcmdhd: Turn Off packet filtering for dhcp session
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Tue, 30 Aug 2011 23:29:10 +0000 (16:29 -0700)]
net: wireless: bcmdhd: Set bigger wakelock timeout for events
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Howard M. Harte [Tue, 30 Aug 2011 02:01:55 +0000 (19:01 -0700)]
net: wireless: bcmdhd: Update to 5.90.125.74
Change-Id: I427ee7a07e794b228e58fa2edbaa127481b67398
Signed-off-by: Howard M. Harte <hharte@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Fri, 26 Aug 2011 00:13:01 +0000 (17:13 -0700)]
net: wireless: bcmdhd: Skip disassoc if country is not changed in country set
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Tue, 23 Aug 2011 22:27:40 +0000 (15:27 -0700)]
net: wireless: bcmdhd: Use allocation with GFP_ATOMIC only in atomic context
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Peter Hurley [Tue, 9 Aug 2011 20:26:55 +0000 (16:26 -0400)]
Bluetooth: Fix l2cap conn failures for ssp devices
Commit
330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).
However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.
Change-Id: I6876ea5134e90d1f3d0f84e8ed40b92977b3df64
Signed-off-by: Peter Hurley <peter@xxxxxxxxxxxxxxxxxx>
Jiri Kosina [Thu, 25 Aug 2011 12:21:37 +0000 (14:21 +0200)]
HID: magicmouse: ignore 'ivalid report id' while switching modes, v2
This is basically a more generic respin of
23746a6 ("HID: magicmouse: ignore
'ivalid report id' while switching modes") which got reverted later by
c3a492.
It turns out that on some configurations, this is actually still the case
and we are not able to detect in runtime.
The device reponds with 'invalid report id' when feature report switching it
into multitouch mode is sent to it.
This has been silently ignored before
0825411ade ("HID: bt: Wait for ACK
on Sent Reports"), but since this commit, it propagates -EIO from the _raw
callback .
So let the driver ignore -EIO as response to 0xd7,0x01 report, as that's
how the device reacts in normal mode.
Sad, but following reality.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=35022
Change-Id: Ice409708bb7bd1b43bd86adde121a353f8d03835
Reported-by: Chase Douglas <chase.douglas@canonical.com>
Reported-by: Jaikumar Ganesh <jaikumarg@android.com>
Tested-by: Chase Douglas <chase.douglas@canonical.com>
Tested-by: Jaikumar Ganesh <jaikumarg@android.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
JP Abgrall [Fri, 26 Aug 2011 00:10:52 +0000 (17:10 -0700)]
netfilter: xt_qtaguid: fix dev_stats for missing NETDEV_UNREGISTER
Turns out that some devices don't call the notifier chains
with NETDEV_UNREGISTER.
So now we only track up/down as the points for tracking
active/inactive transitions and saving the get_dev_stats().
Change-Id: I948755962b4c64150b4d04f294fb4889f151e42b
Signed-off-by: JP Abgrall <jpa@google.com>
Todd Poynor [Wed, 24 Aug 2011 22:01:30 +0000 (15:01 -0700)]
fuse: Freeze client on suspend when request sent to userspace
Suspend attempts can abort when the FUSE daemon is already frozen
and a client is waiting uninterruptibly for a response, causing
freezing of tasks to fail.
Use the freeze-friendly wait API, but disregard other signals.
Change-Id: Icefb7e4bbc718ccb76bf3c04daaa5eeea7e0e63c
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Theodore Ts'o [Mon, 22 Aug 2011 23:18:07 +0000 (16:18 -0700)]
ext4: fix nomblk_io_submit option so it correctly converts uninit blocks
Bug discovered by Jan Kara:
Finally, commit
1449032be17abb69116dbc393f67ceb8bd034f92 returned back
the old IO submission code but apparently it forgot to return the old
handling of uninitialized buffers so we unconditionnaly call
block_write_full_page() without specifying end_io function. So AFAICS
we never convert unwritten extents to written in some cases. For
example when I mount the fs as: mount -t ext4 -o
nomblk_io_submit,dioread_nolock /dev/ubdb /mnt and do
int fd = open(argv[1], O_RDWR | O_CREAT | O_TRUNC, 0600);
char buf[1024];
memset(buf, 'a', sizeof(buf));
fallocate(fd, 0, 0, 16384);
write(fd, buf, sizeof(buf));
I get a file full of zeros (after remounting the filesystem so that
pagecache is dropped) instead of seeing the first KB contain 'a's.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Change-Id: I349e4e807d2f8bc3573a5e1b2393212e00ca7650
Signed-off-by: Ken Sumrall <ksumrall@android.com>
Dima Zavin [Tue, 23 Aug 2011 22:56:50 +0000 (15:56 -0700)]
ARM: add option to flush console before reboot
If the console_lock was held while the system was rebooted, the messages
in the temporary logbuffer would not have propogated to all the console
drivers.
This force releases the console lock if it failed to be acquired.
Change-Id: I193dcf7b968be17966833e50b8b8bc70d5d9fe89
Signed-off-by: Dima Zavin <dima@android.com>
Greg Goldman [Tue, 23 Aug 2011 17:28:41 +0000 (10:28 -0700)]
net: wireless: bcmdhd: Update to 5.90.125.69
Change-Id: I25a516ca4d8f5edc72a2a54e420f5e1b4fe3aa16
Signed-off-by: Howard M. Harte <hharte@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
JP Abgrall [Sat, 20 Aug 2011 03:21:06 +0000 (20:21 -0700)]
netfilter: xt_qtaguid: add some tagging/matching stats
/proc/net/xt_qtaguid/ctrl will now show:
active tagged sockets: lines of "sock=%p tag=0x%llx (uid=%u)"
sockets_tagged, : the number of sockets successfully tagged.
sockets_untagged: the number of sockets successfully untagged.
counter_set_changes: ctrl counter set change requests.
delete_cmds: ctrl delete commands completed.
iface_events: number of NETDEV_* events handled.
match_found_sk: sk found in skbuff without ct assist.
match_found_sk_in_ct: the number of times the connection tracker found
a socket for us. This happens when the skbuff didn't have info.
match_found_sk_none: the number of times no sk could be determined
successfully looked up. This indicates we don't know who the
data actually belongs to. This could be unsolicited traffic.
Change-Id: I3a65613bb24852e1eea768ab0320a6a7073ab9be
Signed-off-by: JP Abgrall <jpa@google.com>
JP Abgrall [Thu, 18 Aug 2011 22:05:47 +0000 (15:05 -0700)]
netfilter: xt_qtaguid: Fix sockfd_put() call within spinlock
sockfd_put() risks sleeping.
So when doing a delete ctrl command, defer the sockfd_put() and
kfree() to outside of the spinlock.
Change-Id: I5f8ab51d05888d885b2fbb035f61efa5b7abb88a
Signed-off-by: JP Abgrall <jpa@google.com>
Nishanth Menon [Wed, 17 Aug 2011 23:31:58 +0000 (18:31 -0500)]
panic: Add board ID to panic output
At times, it is necessary for boards to provide some additional information
as part of panic logs. Provide information on the board hardware as part
of panic logs.
It is safer to print this information at the very end in case something
bad happens as part of the information retrieval itself.
To use this, set global mach_panic_string to an appropriate string in the
board file.
Change-Id: Id12cdda87b0cd2940dd01d52db97e6162f671b4d
Signed-off-by: Nishanth Menon <nm@ti.com>
ECCO PARK [Thu, 18 Aug 2011 22:18:04 +0000 (15:18 -0700)]
net: wireless: bcmdhd: Fix Softap initialization
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
JP Abgrall [Wed, 17 Aug 2011 23:43:00 +0000 (16:43 -0700)]
netfilter: xt_qtaguid: Fix socket refcounts when tagging
* Don't hold the sockets after tagging.
sockfd_lookup() does a get() on the associated file.
There was no matching put() so a closed socket could never be
freed.
* Don't rely on struct member order for tag_node
The structs that had a struct tag_node member would work with
the *_tree_* routines only because tag_node was 1st.
* Improve debug messages
Provide info on who the caller is. Use unsigned int for uid.
* Only process NETDEV_UP events.
* Pacifier: disable netfilter matching. Leave .../stats header.
Change-Id: Iccb8ae3cca9608210c417597287a2391010dff2c
Signed-off-by: JP Abgrall <jpa@google.com>
Greg Goldman [Tue, 16 Aug 2011 17:04:19 +0000 (10:04 -0700)]
net: wireless: bcmdhd: Update to version 5.90.125.65
Fixing problem with connection A-band
Improving sync between Driver and CFG80211 status
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Howard M. Harte [Mon, 15 Aug 2011 16:06:07 +0000 (09:06 -0700)]
net: wireless: bcmdhd: Update to 5.90.125.64:
* Fix for dhd_bus_devreset in dhd_sdio return error 35 when first called.
* Add combo scan support.
* Fix PMK caching issue.
Change-Id: Iac9e8591d27ef7240418c79caf0a4ac919ef23f3
Signed-off-by: Howard M. Harte <hharte@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Greg Goldman [Thu, 11 Aug 2011 00:48:00 +0000 (17:48 -0700)]
net: wireless: bcmdhd: Fixing missing WLP2P defintion for p2p
Change-Id: I9683fe499fd6cae89468dbb048c9fd8f1b13ecce
Signed-off-by: Howard M. Harte <hharte@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jeff Brown [Sun, 24 Jul 2011 21:31:14 +0000 (14:31 -0700)]
hid-multitouch: Filter collections by application usage.
This change fixes two problems.
First, it ensures that the hid-multitouch driver does not incorrectly
map GenericDesktop usages that are intended for other applications,
such as a Mouse.
Second, it sets the appropriate input properties so that user-space
can distinguish TouchScreen devices (INPUT_PROP_DIRECT) from
TouchPad devices (INPUT_PROP_POINTER) and configure them accordingly.
Change-Id: I8c2d947929186ffe7cf04b37c76e29b9abecf8cb
Signed-off-by: jeffbrown@android.com
Jeff Brown [Sun, 24 Jul 2011 21:03:30 +0000 (14:03 -0700)]
hid-debug: Show application usage for each collection.
Change-Id: If8d3ef8647209143b5f0c171c385d37faf82de64
Signed-off-by: jeffbrown@android.com
Mike Lockwood [Tue, 2 Aug 2011 15:13:48 +0000 (11:13 -0400)]
usb: gadget: android: Only call ctrlrequest callback on enabled functions
Signed-off-by: Mike Lockwood <lockwood@android.com>
Mike Lockwood [Fri, 12 Aug 2011 21:35:42 +0000 (14:35 -0700)]
USB: gadget: android: Use "rndis%d" for RNDIS device name instead of "usb%d"
Signed-off-by: Mike Lockwood <lockwood@android.com>
JP Abgrall [Fri, 12 Aug 2011 04:33:35 +0000 (21:33 -0700)]
android: logger: bump up the logger buffer sizes
(port from common android-2.6.39
commit:
11430f16545205c614dd5bd58e4a7ee630fc0f9f)
events: (no change, 256)
main: 64 -> 256
radio: 64 -> 256
system: 64 -> 256
Change-Id: I42c0d4cc9fa89735d2f05010236070e1e4737ffc
Signed-off-by: JP Abgrall <jpa@google.com>
Peter Hurley [Fri, 5 Aug 2011 14:52:01 +0000 (10:52 -0400)]
Bluetooth: hidp: Don't release device ref if never held
When an hidp connection is added for a boot protocol input
device, don't release a device reference that was never
acquired. The device reference is acquired when the session
is linked to the session list (which hasn't happened yet when
hidp_setup_input is called).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Peter Hurley [Fri, 5 Aug 2011 14:51:50 +0000 (10:51 -0400)]
Bluetooth: hidp: Only free input device if failed register
When an hidp connection is added for a boot protocol input
device, only free the allocated device if device registration fails.
Subsequent failures should only unregister the device (the input
device api documents that unregister will also free the allocated
device).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Peter Hurley [Fri, 5 Aug 2011 14:51:34 +0000 (10:51 -0400)]
Bluetooth: hidp: Fix memory leak of cached report descriptor
Free the cached HID report descriptor on thread terminate.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Peter Hurley [Fri, 5 Aug 2011 14:51:26 +0000 (10:51 -0400)]
Bluetooth: hidp: Fix session cleanup on failed conn add
Once the session thread is running, cleanup must be
handled by the session thread only.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Peter Hurley [Fri, 5 Aug 2011 14:41:35 +0000 (10:41 -0400)]
Bluetooth: bnep: Fix deadlock in session deletion
Commit
f4d7cd4a4c introduced the usage of kthread API.
kthread_stop is a blocking function which returns only when
the thread exits. In this case, the thread can't exit because it's
waiting for the write lock, which is being held by bnep_del_connection()
which is waiting for the thread to exit -- deadlock.
Use atomic_t/wake_up_process instead to signal to the thread to exit.
Signed-off-by: Jaikumar Ganesh <jaikumar@google.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Szymon Janc [Tue, 26 Jul 2011 20:46:54 +0000 (22:46 +0200)]
Bluetooth: Don't use cmd_timer to timeout HCI reset command
No command should be send before Command Complete event for HCI
reset is received. This fix regression introduced by commit
6bd32326cda(Bluetooth: Use proper timer for hci command timout)
for chips whose reset command takes longer to complete (e.g. CSR)
resulting in next command being send before HCI reset completed.
Signed-off-by: Szymon Janc <szymon@janc.net.pl>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Colin Cross [Thu, 11 Aug 2011 01:07:59 +0000 (18:07 -0700)]
Merge commit 'v3.0.1' into android-3.0
Colin Cross [Thu, 11 Aug 2011 01:04:30 +0000 (18:04 -0700)]
Merge commit 'v3.0' into android-3.0
Todd Poynor [Mon, 8 Aug 2011 23:06:54 +0000 (16:06 -0700)]
PM: wakelocks: Display wakelocks preventing suspend by default
Use DEBUG_WAKEUP flag to show wakelocks that abort suspend, in
addition to showing wakelocks held during system resume.
DEBUG_WAKEUP is enabled by default.
Change-Id: If6fa68e8afbc482a5300ffab2964694b02b34f41
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Erik Gilling [Tue, 9 Aug 2011 21:18:21 +0000 (14:18 -0700)]
usb: otg: add proxy_wait handler to otg_id
Some otg_id handlers can detect what's connected but can't detect a change.
This allows that handler to pass off the waiting for ID change to a proxy.
Change-Id: Ib38b750c3da4bffc35e37b620ecee37c5d64d31f
Signed-off-by: Erik Gilling <konkers@android.com>
JP Abgrall [Tue, 9 Aug 2011 18:53:11 +0000 (11:53 -0700)]
netfilter: xt_qtaguid: recognize IPV6 interfaces. root is procfs privileged.
* Allow tracking interfaces that only have an ipv6 address.
Deal with ipv6 notifier chains that do NETDEV_UP without the rtnl_lock()
* Allow root all access to procfs ctrl/stats.
To disable all checks:
echo 0 > /sys/module/xt_qtaguid/parameters/ctrl_write_gid
echo 0 > /sys/module/xt_qtaguid/parameters/stats_readall_gid
* Add CDEBUG define to enable pr_debug output specific to
procfs ctrl/stats access.
Change-Id: I9a469511d92fe42734daff6ea2326701312a161b
Signed-off-by: JP Abgrall <jpa@google.com>
JP Abgrall [Tue, 9 Aug 2011 18:49:50 +0000 (11:49 -0700)]
netfilter: xt_qtaguid: add counter sets and matching control
* Added support for sets of counters.
By default set 0 is active.
Userspace can control which set is active for a given UID by
writing to .../ctrl
s <set_num> <uid>
Changing the active set is only permitted for processes in the
AID_NET_BW_ACCT group.
The active set tracking is reset when the uid tag is deleted with
the .../ctrl command
d 0 <uid>
* New output format for the proc .../stats
- Now has cnt_set in the list.
"""
idx iface acct_tag_hex uid_tag_int cnt_set rx_bytes rx_packets tx_bytes tx_packets rx_tcp_packets rx_tcp_bytes rx_udp_packets rx_udp_bytes rx_other_packets rx_other_bytes tx_tcp_packets tx_tcp_bytes tx_udp_packets tx_udp_bytes tx_other_packets tx_other_bytes
...
2 rmnet0 0x0 1000 0 27729 29 1477 27 27501 26 228 3 0 0 1249 24 228 3 0 0
2 rmnet0 0x0 1000 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3 rmnet0 0x0 10005 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3 rmnet0 0x0 10005 1 46407 57 8008 64 46407 57 0 0 0 0 8008 64 0 0 0 0
...
6 rmnet0 0x7fff000100000000 10005 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
6 rmnet0 0x7fff000100000000 10005 1 27493 24 1564 22 27493 24 0 0 0 0 1564 22 0 0 0 0
"""
* Refactored for proc stats output code.
* Silenced some of the per packet debug output.
* Reworded some of the debug messages.
* Replaced all the spin_lock_irqsave/irqrestore with *_bh():
netfilter handling is done in softirq.
Change-Id: Ibe89f9d754579fd97335617186c614b43333cfd3
Signed-off-by: JP Abgrall <jpa@google.com>
Greg Goldman [Tue, 9 Aug 2011 18:43:28 +0000 (11:43 -0700)]
net: wireless: bcmdhd: Fixing memory leak problem in wl_get_ies
Change-Id: I26462c22ba4c3aebc1e157fbf74833c65815647c
Signed-off-by: Howard M. Harte <hharte@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Iliyan Malchev [Tue, 9 Aug 2011 21:42:08 +0000 (14:42 -0700)]
ion: minor clean up
-- init rb nodes in ion_handle_create
-- in ion_handle_destroy, check that a node belongs to a tree before removing
it (safety check, does not happen right now)
-- mark as static functions used only inside ion.c
-- update comments to ion_share() with a relevant blurb from the implementation
-- other minor updates/typo fixes to comments
Signed-off-by: Iliyan Malchev <malchev@google.com>
Chen Ganir [Thu, 28 Jul 2011 12:42:09 +0000 (15:42 +0300)]
Bluetooth: Fixed wrong L2CAP Sock timer value
L2CAP connection timeout needs to be assigned as miliseconds
and not as jiffies.
Signed-off-by: Chen Ganir <chen.ganir@ti.com>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Todd Poynor [Tue, 9 Aug 2011 00:26:49 +0000 (17:26 -0700)]
PM: wakelocks: Don't report wake up wakelock if suspend aborted
If the wakelock driver aborts suspend due to an already-held
wakelock, don't report the next wakelock held as the "wake up
wakelock".
Change-Id: I582ffbb87a3c361739a77d839a0c62921cff11a6
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Lin Ma [Fri, 5 Aug 2011 19:53:04 +0000 (12:53 -0700)]
net: wireless: bcmdhd: Fix CFG80211 memory corruption
* Sends event/data packets to kernel while net_device interface
has not been created or registered yet
* Timer gets freed twice
* The primary net_device interface never gets freed
* Memory corruption in scan buffer
* Memory corruption in cfg80211 wiphy structure fix for kthred_stop crash
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Greg Kroah-Hartman [Fri, 5 Aug 2011 04:59:21 +0000 (21:59 -0700)]
Linux 3.0.1
Alasdair G Kergon [Tue, 2 Aug 2011 11:32:01 +0000 (12:32 +0100)]
dm: fix idr leak on module removal
commit
d15b774c2920d55e3d58275c97fbe3adc3afde38 upstream.
Destroy _minor_idr when unloading the core dm module. (Found by kmemleak.)
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mike Snitzer [Tue, 2 Aug 2011 11:32:00 +0000 (12:32 +0100)]
dm mpath: fix potential NULL pointer in feature arg processing
commit
286f367dad40beb3234a18c17391d03ba939a7f3 upstream.
Avoid dereferencing a NULL pointer if the number of feature arguments
supplied is fewer than indicated.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mikulas Patocka [Tue, 2 Aug 2011 11:32:00 +0000 (12:32 +0100)]
dm snapshot: flush disk cache when merging
commit
762a80d9fc9f690a3a35983f3b4619a220650808 upstream.
This patch makes dm-snapshot flush disk cache when writing metadata for
merging snapshot.
Without cache flushing the disk may reorder metadata write and other
data writes and there is a possibility of data corruption in case of
power fault.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Mikulas Patocka [Tue, 2 Aug 2011 11:32:01 +0000 (12:32 +0100)]
dm io: flush cpu cache with vmapped io
commit
bb91bc7bacb906c9f3a9b22744c53fa7564b51ba upstream.
For normal kernel pages, CPU cache is synchronized by the dma layer.
However, this is not done for pages allocated with vmalloc. If we do I/O
to/from vmallocated pages, we must synchronize CPU cache explicitly.
Prior to doing I/O on vmallocated page we must call
flush_kernel_vmap_range to flush dirty cache on the virtual address.
After finished read we must call invalidate_kernel_vmap_range to
invalidate cache on the virtual address, so that accesses to the virtual
address return newly read data and not stale data from CPU cache.
This patch fixes metadata corruption on dm-snapshots on PA-RISC and
possibly other architectures with caches indexed by virtual address.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Julia Lawall [Thu, 28 Jul 2011 12:46:05 +0000 (14:46 +0200)]
ALSA: sound/core/pcm_compat.c: adjust array index
commit
ca9380fd68514c7bc952282c1b4fc70607e9fe43 upstream.
Convert array index from the loop bound to the loop index.
A simplified version of the semantic patch that fixes this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression e1,e2,ar;
@@
for(e1 = 0; e1 < e2; e1++) { <...
ar[
- e2
+ e1
]
...> }
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Engraf [Wed, 20 Jul 2011 13:03:39 +0000 (15:03 +0200)]
watchdog: shwdt: fix usage of mod_timer
commit
bea1906620ce72b63f83735c4cc2642b25ec54ae upstream.
Fix the usage of mod_timer() and make the driver usable. mod_timer() must
be called with an absolute timeout in jiffies. The old implementation
used a relative timeout thus the hardware watchdog was never triggered.
Signed-off-by: David Engraf <david.engraf@sysgo.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Wim Van sebroeck <wim@iguana.be>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Steven Whitehouse [Tue, 26 Jul 2011 08:15:45 +0000 (09:15 +0100)]
GFS2: Fix mount hang caused by certain access pattern to sysfs files
commit
19237039919088781b4191a00bdc1284d8fea1dd upstream.
Depending upon the order of userspace/kernel during the
mount process, this can result in a hang without the
_all version of the completion.
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Gertjan van Wingerde [Wed, 6 Jul 2011 20:58:55 +0000 (22:58 +0200)]
rt2x00: Add device ID for RT539F device.
commit
71e0b38c2914018b01f3f08b43ee9e3328197699 upstream.
Reported-by: Wim Vander Schelden <wim@fixnum.org>
Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Oleg Nesterov [Sat, 30 Jul 2011 14:35:02 +0000 (16:35 +0200)]
oom: task->mm == NULL doesn't mean the memory was freed
commit
c027a474a68065391c8773f6e83ed5412657e369 upstream.
exit_mm() sets ->mm == NULL then it does mmput()->exit_mmap() which
frees the memory.
However select_bad_process() checks ->mm != NULL before TIF_MEMDIE,
so it continues to kill other tasks even if we have the oom-killed
task freeing its memory.
Change select_bad_process() to check ->mm after TIF_MEMDIE, but skip
the tasks which have already passed exit_notify() to ensure a zombie
with TIF_MEMDIE set can't block oom-killer. Alternatively we could
probably clear TIF_MEMDIE after exit_mmap().
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
John Johansen [Sat, 25 Jun 2011 15:57:07 +0000 (16:57 +0100)]
AppArmor: Fix masking of capabilities in complain mode
commit
25e75dff519bcce2cb35023105e7df51d7b9e691 upstream.
AppArmor is masking the capabilities returned by capget against the
capabilities mask in the profile. This is wrong, in complain mode the
profile has effectively all capabilities, as the profile restrictions are
not being enforced, merely tested against to determine if an access is
known by the profile.
This can result in the wrong behavior of security conscience applications
like sshd which examine their capability set, and change their behavior
accordingly. In this case because of the masked capability set being
returned sshd fails due to DAC checks, even when the profile is in complain
mode.
Kernels affected: 2.6.36 - 3.0.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
John Johansen [Tue, 28 Jun 2011 14:06:38 +0000 (15:06 +0100)]
AppArmor: Fix reference to rcu protected pointer outside of rcu_read_lock
commit
04fdc099f9c80c7775dbac388fc97e156d4d47e7 upstream.
The pointer returned from tracehook_tracer_task() is only valid inside
the rcu_read_lock. However the tracer pointer obtained is being passed
to aa_may_ptrace outside of the rcu_read_lock critical section.
Mover the aa_may_ptrace test into the rcu_read_lock critical section, to
fix this.
Kernels affected: 2.6.36 - 3.0
Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Manfred Spraul [Tue, 26 Jul 2011 00:11:47 +0000 (17:11 -0700)]
ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID
commit
d694ad62bf539dbb20a0899ac2a954555f9e4a83 upstream.
If a semaphore array is removed and in parallel a sleeping task is woken
up (signal or timeout, does not matter), then the woken up task does not
wait until wake_up_sem_queue_do() is completed. This will cause crashes,
because wake_up_sem_queue_do() will read from a stale pointer.
The fix is simple: Regardless of anything, always call get_queue_result().
This function waits until wake_up_sem_queue_do() has finished it's task.
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=27142
Reported-by: Yuriy Yevtukhov <yuriy@ucoz.com>
Reported-by: Harald Laabs <kernel@dasr.de>
Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Hendrik Brueckner [Tue, 5 Jul 2011 21:50:18 +0000 (21:50 +0000)]
hvc_console: Improve tty/console put_chars handling
commit
8c2381af0d3ef62a681dac5a141b6dabb27bf2e1 upstream.
Currently, the hvc_console_print() function drops console output if the
hvc backend's put_chars() returns 0. This patch changes this behavior
to allow a retry through returning -EAGAIN.
This change also affects the hvc_push() function. Both functions are
changed to handle -EAGAIN and to retry the put_chars() operation.
If a hvc backend returns -EAGAIN, the retry handling differs:
- hvc_console_print() spins to write the complete console output.
- hvc_push() behaves the same way as for returning 0.
Now hvc backends can indirectly control the way how console output is
handled through the hvc console layer.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Acked-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Anton Blanchard [Tue, 5 Jul 2011 21:51:36 +0000 (21:51 +0000)]
powerpc/pseries/hvconsole: Fix dropped console output
commit
51d33021425e1f905beb4208823146f2fb6517da upstream.
Return -EAGAIN when we get H_BUSY back from the hypervisor. This
makes the hvc console driver retry, avoiding dropped printks.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Ralf Baechle [Mon, 27 Jun 2011 13:26:56 +0000 (14:26 +0100)]
SERIAL: SC26xx: Fix link error.
commit
f2eb3cdf14457fccb14ae8c4d7d7cee088cd3957 upstream.
Kconfig allows enabling console support for the SC26xx driver even when
it's configured as a module resulting in a:
ERROR: "uart_console_device" [drivers/tty/serial/sc26xx.ko] undefined!
modpost error since the driver was merged in
eea63e0e8a60d00485b47fb6e75d9aa2566b989b [SC26XX: New serial driver for
SC2681 uarts] in 2.6.25. Fixed by only allowing console support to be
enabled if the driver is builtin.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-serial@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mips@linux-mips.org
Acked-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Stephen Warren [Fri, 17 Jun 2011 15:45:07 +0000 (09:45 -0600)]
tty/serial: Fix XSCALE serial ports, e.g. ce4100
commit
5568181f188ae9485a0cdbea5ea48f63d186a298 upstream.
Commit
4539c24fe4f92c09ee668ef959d3e8180df619b9 "tty/serial: Add
explicit PORT_TEGRA type" introduced separate flags describing the need
for IER bits UUE and RTOIE. Both bits are required for the XSCALE port
type. While that patch updated uart_config[] as required, the auto-probing
code wasn't updated to set the RTOIE flag when an XSCALE port type was
detected. This caused such ports to stop working. This patch rectifies
that.
Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daisuke Nishimura [Tue, 26 Jul 2011 23:08:25 +0000 (16:08 -0700)]
memcg: fix behavior of mem_cgroup_resize_limit()
commit
108b6a78463bb8c7163e4f9779f36ad8bbade334 upstream.
Commit
22a668d7c3ef ("memcg: fix behavior under memory.limit equals to
memsw.limit") introduced "memsw_is_minimum" flag, which becomes true
when mem_limit == memsw_limit. The flag is checked at the beginning of
reclaim, and "noswap" is set if the flag is true, because using swap is
meaningless in this case.
This works well in most cases, but when we try to shrink mem_limit,
which is the same as memsw_limit now, we might fail to shrink mem_limit
because swap doesn't used.
This patch fixes this behavior by:
- check MEM_CGROUP_RECLAIM_SHRINK at the begining of reclaim
- If it is set, don't set "noswap" flag even if memsw_is_minimum is true.
Signed-off-by: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Cc: Balbir Singh <bsingharora@gmail.com>
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Ying Han <yinghan@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sven Neumann [Tue, 12 Jul 2011 13:52:07 +0000 (15:52 +0200)]
cfg80211: really ignore the regulatory request
commit
a203c2aa4cefccb879c879b8e1cad1a09a679e55 upstream.
At the beginning of wiphy_update_regulatory() a check is performed
whether the request is to be ignored. Then the request is sent to
the driver nevertheless. This happens even if last_request points
to NULL, leading to a crash in the driver:
[<
bf01d864>] (lbs_set_11d_domain_info+0x28/0x1e4 [libertas]) from [<
c03b714c>] (wiphy_update_regulatory+0x4d0/0x4f4)
[<
c03b714c>] (wiphy_update_regulatory+0x4d0/0x4f4) from [<
c03b4008>] (wiphy_register+0x354/0x420)
[<
c03b4008>] (wiphy_register+0x354/0x420) from [<
bf01b17c>] (lbs_cfg_register+0x80/0x164 [libertas])
[<
bf01b17c>] (lbs_cfg_register+0x80/0x164 [libertas]) from [<
bf020e64>] (lbs_start_card+0x20/0x88 [libertas])
[<
bf020e64>] (lbs_start_card+0x20/0x88 [libertas]) from [<
bf02cbd8>] (if_sdio_probe+0x898/0x9c0 [libertas_sdio])
Fix this by returning early. Also remove the out: label as it is
not any longer needed.
Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
Cc: linux-wireless@vger.kernel.org
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Daniel Mack <daniel@zonque.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Tue, 19 Jul 2011 18:01:23 +0000 (14:01 -0400)]
EHCI: fix direction handling for interrupt data toggles
commit
e04f5f7e423018bcec84c11af2058cdce87816f3 upstream.
This patch (as1480) fixes a rather obscure bug in ehci-hcd. The
qh_update() routine needs to know the number and direction of the
endpoint corresponding to its QH argument. The number can be taken
directly from the QH data structure, but the direction isn't stored
there. The direction is taken instead from the first qTD linked to
the QH.
However, it turns out that for interrupt transfers, qh_update() gets
called before the qTDs are linked to the QH. As a result, qh_update()
computes a bogus direction value, which messes up the endpoint toggle
handling. Under the right combination of circumstances this causes
usb_reset_endpoint() not to work correctly, which causes packets to be
dropped and communications to fail.
Now, it's silly for the QH structure not to have direct access to all
the descriptor information for the corresponding endpoint. Ultimately
it may get a pointer to the usb_host_endpoint structure; for now,
adding a copy of the direction flag solves the immediate problem.
This allows the Spyder2 color-calibration system (a low-speed USB
device that sends all its interrupt data packets with the toggle set
to 0 and hance requires constant use of usb_reset_endpoint) to work
when connected through a high-speed hub. Thanks to Graeme Gill for
supplying the hardware that allowed me to track down this bug.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Graeme Gill <graeme@argyllcms.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sergei Shtylyov [Wed, 6 Jul 2011 19:19:38 +0000 (23:19 +0400)]
EHCI: only power off port if over-current is active
commit
81463c1d707186adbbe534016cd1249edeab0dac upstream.
MAX4967 USB power supply chip we use on our boards signals over-current when
power is not enabled; once it's enabled, over-current signal returns to normal.
That unfortunately caused the endless stream of "over-current change on port"
messages. The EHCI root hub code reacts on every over-current signal change
with powering off the port -- such change event is generated the moment the
port power is enabled, so once enabled the power is immediately cut off.
I think we should only cut off power when we're seeing the active over-current
signal, so I'm adding such check to that code. I also think that the fact that
we've cut off the port power should be reflected in the result of GetPortStatus
request immediately, hence I'm adding a PORTSCn register readback after write...
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Du, Alek [Thu, 7 Jul 2011 14:16:48 +0000 (15:16 +0100)]
n_gsm: fix the wrong FCS handling
commit
f086ced17191fa0c5712539d2b680eae3dc972a1 upstream.
FCS could be GSM0_SOF, so will break state machine...
[This byte isn't quoted in any way so a SOF here doesn't imply an error
occurred.]
Signed-off-by: Alek Du <alek.du@intel.com>
Signed-off-by: Alan Cox <alan@linux.intel.com>
[Trivial but best backported once its in 3.1rc I think]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Vasiliy Kulikov [Tue, 26 Jul 2011 23:08:38 +0000 (16:08 -0700)]
proc: fix a race in do_io_accounting()
commit
293eb1e7772b25a93647c798c7b89bf26c2da2e0 upstream.
If an inode's mode permits opening /proc/PID/io and the resulting file
descriptor is kept across execve() of a setuid or similar binary, the
ptrace_may_access() check tries to prevent using this fd against the
task with escalated privileges.
Unfortunately, there is a race in the check against execve(). If
execve() is processed after the ptrace check, but before the actual io
information gathering, io statistics will be gathered from the
privileged process. At least in theory this might lead to gathering
sensible information (like ssh/ftp password length) that wouldn't be
available otherwise.
Holding task->signal->cred_guard_mutex while gathering the io
information should protect against the race.
The order of locking is similar to the one inside of ptrace_attach():
first goes cred_guard_mutex, then lock_task_sighand().
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Sat, 30 Jul 2011 16:45:35 +0000 (12:45 -0400)]
NFS: Fix spurious readdir cookie loop messages
commit
0c0308066ca53fdf1423895f3a42838b67b3a5a8 upstream.
If the directory contents change, then we have to accept that the
file->f_pos value may shrink if we do a 'search-by-cookie'. In that
case, we should turn off the loop detection and let the NFS client
try to recover.
The patch also fixes a second loop detection bug by ensuring
that after turning on the ctx->duped flag, we read at least one new
cookie into ctx->dir_cookie before attempting to match with
ctx->dup_cookie.
Reported-by: Petr Vandrovec <petr@vandrovec.name>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Trond Myklebust [Mon, 25 Jul 2011 19:37:29 +0000 (15:37 -0400)]
NFSv4: Don't use the delegation->inode in nfs_mark_return_delegation()
commit
ed1e6211a0a134ff23592c6f057af982ad5dab52 upstream.
nfs_mark_return_delegation() is usually called without any locking, and
so it is not safe to dereference delegation->inode. Since the inode is
only used to discover the nfs_client anyway, it makes more sense to
have the callers pass a valid pointer to the nfs_server as a parameter.
Reported-by: Ian Kent <raven@themaw.net>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Wed, 29 Jun 2011 20:49:04 +0000 (16:49 -0400)]
svcrpc: fix list-corrupting race on nfsd shutdown
commit
ebc63e531cc6a457595dd110b07ac530eae788c3 upstream.
After commit
3262c816a3d7fb1eaabce633caa317887ed549ae "[PATCH] knfsd:
split svc_serv into pools", svc_delete_xprt (then svc_delete_socket) no
longer removed its xpt_ready (then sk_ready) field from whatever list it
was on, noting that there was no point since the whole list was about to
be destroyed anyway.
That was mostly true, but forgot that a few svc_xprt_enqueue()'s might
still be hanging around playing with the about-to-be-destroyed list, and
could get themselves into trouble writing to freed memory if we left
this xprt on the list after freeing it.
(This is actually functionally identical to a patch made first by Ben
Greear, but with more comments.)
Cc: gnb@fmeh.org
Reported-by: Ben Greear <greearb@candelatech.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Wed, 29 Jun 2011 12:23:50 +0000 (08:23 -0400)]
nfsd4: fix file leak on open_downgrade
commit
f197c27196a5e7631b89e2e92daa096fcf7c302c upstream.
Stateid's hold a read reference for a read open, a write reference for a
write open, and an additional one of each for each read+write open. The
latter wasn't getting put on a downgrade, so something like:
open RW
open R
downgrade to R
was resulting in a file leak.
Also fix an imbalance in an error path.
Regression from
7d94784293096c0a46897acdb83be5abd9278ece "nfsd4: fix
downgrade/lock logic".
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
J. Bruce Fields [Mon, 27 Jun 2011 20:57:12 +0000 (16:57 -0400)]
nfsd4: remember to put RW access on stateid destruction
commit
499f3edc23ca0431f3a0a6736b3a40944c81bf3b upstream.
Without this, for example,
open read
open read+write
close
will result in a struct file leak.
Regression from
7d94784293096c0a46897acdb83be5abd9278ece "nfsd4: fix
downgrade/lock logic".
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Casey Bodley [Sat, 23 Jul 2011 18:58:10 +0000 (14:58 -0400)]
nfsd: don't break lease on CLAIM_DELEGATE_CUR
commit
0c12eaffdf09466f36a9ffe970dda8f4aeb6efc0 upstream.
CLAIM_DELEGATE_CUR is used in response to a broken lease; allowing it
to break the lease and return EAGAIN leaves the client unable to make
progress in returning the delegation
nfs4_get_vfs_file() now takes struct nfsd4_open for access to the
claim type, and calls nfsd_open() with NFSD_MAY_NOT_BREAK_LEASE when
claim type is CLAIM_DELEGATE_CUR
Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tyler Hicks [Wed, 27 Jul 2011 00:47:08 +0000 (19:47 -0500)]
eCryptfs: Unlock keys needed by ecryptfsd
commit
b2987a5e05ec7a1af7ca42e5d5349d7a22753031 upstream.
Fixes a regression caused by
b5695d04634fa4ccca7dcbc05bb4a66522f02e0b
Kernel keyring keys containing eCryptfs authentication tokens should not
be write locked when calling out to ecryptfsd to wrap and unwrap file
encryption keys. The eCryptfs kernel code can not hold the key's write
lock because ecryptfsd needs to request the key after receiving such a
request from the kernel.
Without this fix, all file opens and creates will timeout and fail when
using the eCryptfs PKI infrastructure. This is not an issue when using
passphrase-based mount keys, which is the most widely deployed eCryptfs
configuration.
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Roberto Sassu <roberto.sassu@polito.it>
Tested-by: Roberto Sassu <roberto.sassu@polito.it>
Tested-by: Alexis Hafner1 <haf@zurich.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Thieu Le [Tue, 26 Jul 2011 23:15:10 +0000 (16:15 -0700)]
ecryptfs: Make inode bdi consistent with superblock bdi
commit
985ca0e626e195ea08a1a82b8dbeb6719747429a upstream.
Make the inode mapping bdi consistent with the superblock bdi so that
dirty pages are flushed properly.
Signed-off-by: Thieu Le <thieule@chromium.org>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jan Kara [Mon, 30 May 2011 11:29:20 +0000 (13:29 +0200)]
ext3: Fix oops in ext3_try_to_allocate_with_rsv()
commit
ad95c5e9bc8b5885f94dce720137cac8fa8da4c9 upstream.
Block allocation is called from two places: ext3_get_blocks_handle() and
ext3_xattr_block_set(). These two callers are not necessarily synchronized
because xattr code holds only xattr_sem and i_mutex, and
ext3_get_blocks_handle() may hold only truncate_mutex when called from
writepage() path. Block reservation code does not expect two concurrent
allocations to happen to the same inode and thus assertions can be triggered
or reservation structure corruption can occur.
Fix the problem by taking truncate_mutex in xattr code to serialize
allocations.
CC: Sage Weil <sage@newdream.net>
Reported-by: Fyodor Ustinov <ufm@ufm.su>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jiaying Zhang [Mon, 11 Jul 2011 00:07:25 +0000 (20:07 -0400)]
ext4: free allocated and pre-allocated blocks when check_eofblocks_fl fails
commit
575a1d4bdfa2ea9fc10733013136145b497e1be0 upstream.
Upon corrupted inode or disk failures, we may fail after we already
allocate some blocks from the inode or take some blocks from the
inode's preallocation list, but before we successfully insert the
corresponding extent to the extent tree. In this case, we should free
any allocated blocks and discard the inode's preallocated blocks
because the entries in the inode's preallocation list may be in an
inconsistent state.
Signed-off-by: Jiaying Zhang <jiayingz@google.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Maxim Patlasov [Sun, 10 Jul 2011 23:37:48 +0000 (19:37 -0400)]
ext4: fix i_blocks/quota accounting when extent insertion fails
commit
7132de744ba76930d13033061018ddd7e3e8cd91 upstream.
The current implementation of ext4_free_blocks() always calls
dquot_free_block This looks quite sensible in the most cases: blocks
to be freed are associated with inode and were accounted in quota and
i_blocks some time ago.
However, there is a case when blocks to free were not accounted by the
time calling ext4_free_blocks() yet:
1. delalloc is on, write_begin pre-allocated some space in quota
2. write-back happens, ext4 allocates some blocks in ext4_ext_map_blocks()
3. then ext4_ext_map_blocks() gets an error (e.g. ENOSPC) from
ext4_ext_insert_extent() and calls ext4_free_blocks().
In this scenario, ext4_free_blocks() calls dquot_free_block() who, in
turn, decrements i_blocks for blocks which were not accounted yet (due
to delalloc) After clean umount, e2fsck reports something like:
> Inode 21, i_blocks is 5080, should be 5128. Fix<y>?
because i_blocks was erroneously decremented as explained above.
The patch fixes the problem by passing the new flag
EXT4_FREE_BLOCKS_NO_QUOT_UPDATE to ext4_free_blocks(), to request
that the dquot_free_block() call be skipped.
Signed-off-by: Maxim Patlasov <maxim.patlasov@gmail.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dan Rosenberg [Tue, 26 Jul 2011 00:11:53 +0000 (17:11 -0700)]
xtensa: prevent arbitrary read in ptrace
commit
0d0138ebe24b94065580bd2601f8bb7eb6152f56 upstream.
Prevent an arbitrary kernel read. Check the user pointer with access_ok()
before copying data in.
[akpm@linux-foundation.org: s/EIO/EFAULT/]
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Christian Zankel <chris@zankel.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Peter Zijlstra [Tue, 26 Jul 2011 00:11:57 +0000 (17:11 -0700)]
mm/backing-dev.c: reset bdi min_ratio in bdi_unregister()
commit
ccb6108f5b0b541d3eb332c3a73e645c0f84278e upstream.
Vito said:
: The system has many usb disks coming and going day to day, with their
: respective bdi's having min_ratio set to 1 when inserted. It works for
: some time until eventually min_ratio can no longer be set, even when the
: active set of bdi's seen in /sys/class/bdi/*/min_ratio doesn't add up to
: anywhere near 100.
:
: This then leads to an unrelated starvation problem caused by write-heavy
: fuse mounts being used atop the usb disks, a problem the min_ratio setting
: at the underlying devices bdi effectively prevents.
Fix this leakage by resetting the bdi min_ratio when unregistering the
BDI.
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Reported-by: Vito Caputo <lkml@pengaru.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Benjamin Herrenschmidt [Tue, 26 Jul 2011 00:12:32 +0000 (17:12 -0700)]
mm/futex: fix futex writes on archs with SW tracking of dirty & young
commit
2efaca927f5cd7ecd0f1554b8f9b6a9a2c329c03 upstream.
I haven't reproduced it myself but the fail scenario is that on such
machines (notably ARM and some embedded powerpc), if you manage to hit
that futex path on a writable page whose dirty bit has gone from the PTE,
you'll livelock inside the kernel from what I can tell.
It will go in a loop of trying the atomic access, failing, trying gup to
"fix it up", getting succcess from gup, go back to the atomic access,
failing again because dirty wasn't fixed etc...
So I think you essentially hang in the kernel.
The scenario is probably rare'ish because affected architecture are
embedded and tend to not swap much (if at all) so we probably rarely hit
the case where dirty is missing or young is missing, but I think Shan has
a piece of SW that can reliably reproduce it using a shared writable
mapping & fork or something like that.
On archs who use SW tracking of dirty & young, a page without dirty is
effectively mapped read-only and a page without young unaccessible in the
PTE.
Additionally, some architectures might lazily flush the TLB when relaxing
write protection (by doing only a local flush), and expect a fault to
invalidate the stale entry if it's still present on another processor.
The futex code assumes that if the "in_atomic()" access -EFAULT's, it can
"fix it up" by causing get_user_pages() which would then be equivalent to
taking the fault.
However that isn't the case. get_user_pages() will not call
handle_mm_fault() in the case where the PTE seems to have the right
permissions, regardless of the dirty and young state. It will eventually
update those bits ... in the struct page, but not in the PTE.
Additionally, it will not handle the lazy TLB flushing that can be
required by some architectures in the fault case.
Basically, gup is the wrong interface for the job. The patch provides a
more appropriate one which boils down to just calling handle_mm_fault()
since what we are trying to do is simulate a real page fault.
The futex code currently attempts to write to user memory within a
pagefault disabled section, and if that fails, tries to fix it up using
get_user_pages().
This doesn't work on archs where the dirty and young bits are maintained
by software, since they will gate access permission in the TLB, and will
not be updated by gup().
In addition, there's an expectation on some archs that a spurious write
fault triggers a local TLB flush, and that is missing from the picture as
well.
I decided that adding those "features" to gup() would be too much for this
already too complex function, and instead added a new simpler
fixup_user_fault() which is essentially a wrapper around handle_mm_fault()
which the futex code can call.
[akpm@linux-foundation.org: coding-style fixes]
[akpm@linux-foundation.org: fix some nits Darren saw, fiddle comment layout]
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reported-by: Shan Hai <haishan.bai@gmail.com>
Tested-by: Shan Hai <haishan.bai@gmail.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Darren Hart <darren.hart@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
projects / firefly-linux-kernel-4.4.55.git / log